Details
-
Bug
-
Status: Closed
-
Normal
-
Resolution: Duplicate
-
SERVER 2.y
-
None
-
None
-
Needs Assessment
Description
As noted in several tickets, Puppet code has been refactored to avoid calls to JRuby's OpenSSL library when code is running in Puppet Server contex. This is due to several bugs associated with this implementation. Example of one of these tickets: https://tickets.puppetlabs.com/browse/PUP-3676
Unfortunately, there are valid use cases for user code to need to access this functionality. In our case, we have a custom Puppet function which generates certificates as part of an automated SSL provisioning process. This code has run fine for us in Puppet 3, but as we are just now getting the chance to upgrade to Puppet 4, we need to figure out how to make this code work when running under Puppet Server.
The bug we ran into was with Subject Alt-Name, referenced here: https://github.com/jruby/jruby-openssl/issues/102
For us, having Puppet Server use this version of JRuby OpenSSL would solve our issue. But, the bigger issue is that the Puppet dev team seems to have decided that JRuby's OpenSSL is simply tainted and should be avoided all-together, so no attempts are made to improve it nor are any suitable alternatives provided when running under Puppet Server. This leaves users like us in a really bad place. Puppet Server forces JRuby on us and give us seemingly no recourse for patching this behavior.
Moving to JRuby makes sense for Puppet Server, but you guys can't just pretend such a core JRuby lib doesn't exist, imho.
There needs to be a way for users like us to work around this easily.
Or, if there is already such an option, it should be documented specifically due to the nature of this particular lib and the way Puppet has chosen to handle it.
Attachments
Issue Links
- relates to
-
SERVER-249 Add ability to add java/jars to puppet server
-
- Closed
-
-
SERVER-1731 Provide option for loading gems which bundle jars
-
- Closed
-
