Details
-
Bug
-
Status: Closed
-
Normal
-
Resolution: Duplicate
-
None
-
None
-
None
-
Platform Core
-
Platform Core KANBAN
-
Needs Assessment
-
No Action
Description
Puppet Version: 5.3.x
Ruby Version: 2.4.3
Ruby 2.4.3 contains a backported fix to webrick. See https://github.com/ruby/ruby/commit/2e728d51e70ed3756ad760c687a08b8487b0112f
and https://github.com/ruby/ruby/compare/v2_4_2...v2_4_3#diff-5396c7bc1e5154a82bf825e6bf470f80 which breaks puppet master (webrick).
When an agent connects, the SSL handshake succeeds, but the connection fails as soon as the agent sends data. The puppet webrick log shows:
[2018-01-12 13:46:06] ERROR OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=unknown state: unexpected record
|
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/webrick.rb:32:in `accept'
|
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/webrick.rb:32:in `block (2 levels) in listen'
|
While the agent reports:
Warning: Unable to fetch my node definition, but the agent run will continue:
|
Warning: SSL_read: decryption failed or bad record mac
|
If you revert ruby's /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/webrick.rb back to v2.4.2, then it works ok.
Attachments
Issue Links
- duplicates
-
PUP-8297 Puppet webrick no longer functions in Ruby 2.3.6/2.4.3 and up
-
- Closed
-