Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-1641

Puppet Server shouldn't rely on the system ca bundle

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Normal
    • Resolution: Duplicate
    • None
    • None
    • None

    Description

      The problem

      When the system ca bundle is corrupt it causes some really strange issues.

      For example: https://support.puppet.com/hc/en-us/articles/232313528--OpenSSL-X509-StoreError-during-installation-of-Puppet-Enterprise-2016-4

      Long story short you might get an error that looks like this:

      2016-11-08 16:15:40,614 - [Error]: Systemd start for pe-puppetserver failed! 
      journalctl log for pe-puppetserver: 
      -- Logs begin at Tue 2016-11-08 11:17:21 PST, end at Tue 2016-11-08 16:15:40 PST. -- 
      Nov 08 16:15:13 y93d9tfm2ejfynr systemd[1]: Starting pe-puppetserver Service... 
      Nov 08 16:15:40 y93d9tfm2ejfynr java[13585]: OpenSSL::X509::StoreError: setting default path failed: IOError 
      Nov 08 16:15:40 y93d9tfm2ejfynr java[13585]: set_default_paths at org/jruby/ext/openssl/X509Store.java:185
      

      Possible solution

      Use the ca bundle from puppet-agent

      https://tickets.puppetlabs.com/browse/PUP-3450

      Or I think it's just this: https://github.com/puppetlabs/puppet-ca-bundle so we could include that in puppetserver and use it?

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              nick.walker Nick Walker
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support