Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-1306

Missing crl.pem causes puppet-server crash on startup

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • Normal
    • Resolution: Fixed
    • None
    • None
    • Certificate Authority
    • None

    Description

      When migrating to a new PE infrastructure, we want to preserve existing CA so that we don't have to re-issue agent certificates. We thought it'd be possible to just move the ca subdirectory over from the old 3.x infrastructure, but the upgrader hit a timeout talking to the puppetserver. Investigating the logs showed it failed trying to load /etc/puppetlabs/puppet/ssl/crl.pem. This condition probably shouldn't be fatal as it caused the installation to fail completely.

      2016-05-02 21:32:29,638 ERROR [main] [p.t.internal] Error during service start!!!
      		 
      java.lang.IllegalArgumentException: Non-readable path specified for ssl-crl-path option: /etc/puppetlabs/puppet/ssl/crl.pem
      		 
              at puppetlabs.trapperkeeper.services.webserver.jetty9_config$eval21656$get_ssl_crl_path_BANG___21657$fn__21658.invoke(jetty9_config.clj:329) ~[na:na]
      		 
              at puppetlabs.trapperkeeper.services.webserver.jetty9_config$eval21656$get_ssl_crl_path_BANG___21657.invoke(jetty9_config.clj:322) ~[na:na]
      		 
              at puppetlabs.trapperkeeper.services.webserver.jetty9_config$eval21795$maybe_get_https_connector__21796$fn__21797.invoke(jetty9_config.clj:403) ~[na:na]
      		 
              at puppetlabs.trapperkeeper.services.webserver.jetty9_config$eval21795$maybe_get_https_connector__21796.invoke(jetty9_config.clj:390) ~[na:na]
      		 
              at puppetlabs.trapperkeeper.services.webserver.jetty9_config$eval21836$maybe_add_https_connector__21837$fn__21838.invoke(jetty9_config.clj:417) ~[na:na]
      		 
              at puppetlabs.trapperkeeper.services.webserver.jetty9_config$eval21836$maybe_add_https_connector__21837.invoke(jetty9_config.clj:413) ~[na:na]
      		 
              at puppetlabs.trapperkeeper.services.webserver.jetty9_config$eval21857$process_config__21858$fn__21859.invoke(jetty9_config.clj:437) ~[na:na]
      		 
              at puppetlabs.trapperkeeper.services.webserver.jetty9_config$eval21857$process_config__21858.invoke(jetty9_config.clj:433) ~[na:na]
      		 
              at puppetlabs.trapperkeeper.services.webserver.jetty9_core$eval22327$create_webserver__22328$fn__22329.invoke(jetty9_core.clj:593) ~[na:na]
      		 
              at puppetlabs.trapperkeeper.services.webserver.jetty9_core$eval22327$create_webserver__22328.invoke(jetty9_core.clj:550) ~[na:na]
      		 
              at puppetlabs.trapperkeeper.services.webserver.jetty9_core$eval22351$start_webserver_BANG___22352$fn__22353.invoke(jetty9_core.clj:625) ~[na:na]
      		 
              at puppetlabs.trapperkeeper.services.webserver.jetty9_core$eval22351$start_webserver_BANG___22352.invoke(jetty9_core.clj:620) ~[na:na]
      		 
              at puppetlabs.trapperkeeper.services.webserver.jetty9_core$start_server_multiple$iter__22558__22562$fn__22563.invoke(jetty9_core.clj:846) ~[na:na]
      		 
              at clojure.lang.LazySeq.sval(LazySeq.java:40) ~[puppet-server-release.jar:na]
      		 
              at clojure.lang.LazySeq.seq(LazySeq.java:49) ~[puppet-server-release.jar:na]
      		 
              at clojure.lang.RT.seq(RT.java:484) ~[puppet-server-release.jar:na]
      		 
              at clojure.core$seq.invoke(core.clj:133) ~[puppet-server-release.jar:na]
      		 
              at clojure.core.protocols$seq_reduce.invoke(protocols.clj:30) ~[puppet-server-release.jar:na]
      		 
              at clojure.core.protocols$fn__6078.invoke(protocols.clj:54) ~[puppet-server-release.jar:na]
      		 
              at clojure.core.protocols$fn__6031$G__6026__6044.invoke(protocols.clj:13) ~[puppet-server-release.jar:na]
      		 
              at clojure.core$reduce.invoke(core.clj:6289) ~[puppet-server-release.jar:na]
      		 
              at clojure.core$into.invoke(core.clj:6341) ~[puppet-server-release.jar:na]
      		 
              at puppetlabs.trapperkeeper.services.webserver.jetty9_core$start_server_multiple.invoke(jetty9_core.clj:847) ~[na:na]
      		 
              at puppetlabs.trapperkeeper.services.webserver.jetty9_core$eval22669$start_BANG___22670$fn__22671.invoke(jetty9_core.clj:918) ~[na:na]
      		 
              at puppetlabs.trapperkeeper.services.webserver.jetty9_core$eval22669$start_BANG___22670.invoke(jetty9_core.clj:912) ~[na:na]
      		 
              at puppetlabs.trapperkeeper.services.webserver.jetty9_service$reify__22998$service_fnk__4363__auto___positional$reify__23005.start(jetty9_service.clj:43) ~[na:na]
      		 
              at puppetlabs.trapperkeeper.services$eval4199$fn__4213$G__4189__4216.invoke(services.clj:8) ~[na:na]
      		 
              at puppetlabs.trapperkeeper.services$eval4199$fn__4213$G__4188__4220.invoke(services.clj:8) ~[na:na]
      		 
              at puppetlabs.trapperkeeper.internal$run_lifecycle_fn_BANG_.invoke(internal.clj:152) ~[na:na]
      		 
              at puppetlabs.trapperkeeper.internal$run_lifecycle_fns.invoke(internal.clj:180) ~[na:na]

      Attachments

        Issue Links

          relates to

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. SERVER-1317 HTTP CA Tests

          • Normal - Regular issue, some loss of functionality under specific circumstances.
          • Closed

          Activity

            People

              Unassigned Unassigned
              eric.sorenson Eric Sorenson
              Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support