-
Type:
Bug
-
Status: Closed
-
Priority:
Normal
-
Resolution: Duplicate
-
Affects Version/s: None
-
Fix Version/s: PUP 5.3.4
-
Component/s: None
-
Labels:None
-
Template:
-
Sub-team:
-
Team:Platform Core
-
Sprint:Platform Core KANBAN
-
Method Found:Needs Assessment
-
QA Risk Assessment:No Action
Puppet Version: 5.3.x
Ruby Version: 2.4.3
Ruby 2.4.3 contains a backported fix to webrick. See https://github.com/ruby/ruby/commit/2e728d51e70ed3756ad760c687a08b8487b0112f
and https://github.com/ruby/ruby/compare/v2_4_2...v2_4_3#diff-5396c7bc1e5154a82bf825e6bf470f80 which breaks puppet master (webrick).
When an agent connects, the SSL handshake succeeds, but the connection fails as soon as the agent sends data. The puppet webrick log shows:
[2018-01-12 13:46:06] ERROR OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=unknown state: unexpected record
|
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/webrick.rb:32:in `accept'
|
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/webrick.rb:32:in `block (2 levels) in listen'
|
While the agent reports:
Warning: Unable to fetch my node definition, but the agent run will continue:
|
Warning: SSL_read: decryption failed or bad record mac
|
If you revert ruby's /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/webrick.rb back to v2.4.2, then it works ok.
- duplicates
-
PUP-8297 Puppet webrick no longer functions in Ruby 2.3.6/2.4.3 and up
-
- Closed
-