Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-2898

CA Certificates are not used by Puppetserver

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Accepted
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: SERVER 6.7.0
    • Fix Version/s: None
    • Component/s: Puppet Server
    • Labels:
      None
    • Environment:

      Official Puppetserver Docker Container with added custom CA certs

    • Template:
      PUP Bug Template
    • Method Found:
      Needs Assessment
    • QA Risk Assessment:
      Needs Assessment

      Description

      Puppet Version: 6.18.0
      Puppet Server Version: 6.12.1
      OS Name/Version: Puppetserver Docker Container

      I'm currently building a custom function using the https://github.com/vmware/vsphere-automation-sdk-ruby/ gem.

      My Problem is that I can not connect to the VCenter because of the certificate verification failing.  I already added our certificates to the /opt/puppetlabs/puppet/ssl/cert.pem and /opt/puppetlabs/puppet/ssl/puppet-cacerts .

      Also when executing a script to connect to vcenter it fails:

      root@puppet:/etc/puppetlabs/code# /opt/puppetlabs/bin/puppetserver ruby vsphere_automation.rb
      OpenSSL::SSL::SSLError: certificate verify failed
                      connect at uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:1002
                     do_start at uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:924
                        start at uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:913
                      request at uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:1465
                     call_api at /opt/puppetlabs/server/data/puppetserver/jruby-gems/gems/vsphere-automation-runtime-0.4.7/lib/vsphere-automation-runtime/api_client.rb:71                                                                                                                                  
        create_with_http_info at /opt/puppetlabs/server/data/puppetserver/jruby-gems/gems/vsphere-automation-cis-0.4.7/lib/vsphere-automation-cis/api/session_api.rb:59                                                                                                                                     
                       create at /opt/puppetlabs/server/data/puppetserver/jruby-gems/gems/vsphere-automation-cis-0.4.7/lib/vsphere-automation-cis/api/session_api.rb:24                                                                                                                                     
                       <main> at vsphere_automation.rb:74
      
      

      Desired Behavior:

      Puppetserver should respect the certificates inside the Puppet CA Bundle + Certificates added to the bundle

      Actual Behavior:

       

      Puppetserver ignores the Certificates.

      2020-10-27 13:21:18,567 ERROR [puppetserver] Puppet Server Error: Evaluation Error: Error while evaluating a Function Call, get_vms_by_tag: certificate verify failed (file: /etc/puppetlabs/code/environments/test/modules/test/manifests/init.pp, line: 76, column: 11) on node test.foo.bar                                                                                                
      /etc/puppetlabs/code/environments/test/modules/vsphere_tag/lib/puppet/functions/get_vms_by_tag.rb:102:in `get_vms_by_tag'
      /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/pops/functions/dispatch.rb:60:in `invoke'                          
      /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/pops/functions/dispatcher.rb:43:in `block in dispatch'
      org/jruby/RubyKernel.java:1189:in `catch'                                                           
      /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/pops/functions/dispatcher.rb:42:in `dispatch'                          
      /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/pops/functions/function.rb:46:in `block in call'
      org/jruby/RubyKernel.java:1189:in `catch'                                                     
      /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/pops/functions/function.rb:45:in `call'                       
      /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/pops/puppet_stack.rb:42:in `stack'                    
      /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/pops/evaluator/runtime3_support.rb:305:in `block in call_function'
      /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/profiler/around_profiler.rb:58:in `profile'
      /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/profiler.rb:51:in `profile'                      
      /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/pops/evaluator/runtime3_support.rb:303:in `call_function'
      /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/pops/evaluator/evaluator_impl.rb:976:in `call_function_with_block'
      /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/pops/evaluator/evaluator_impl.rb:945:in `eval_CallNamedFunctionExpression'
      /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/pops/visitor.rb:94:in `visit_this_1'                  
      /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/pops/evaluator/evaluator_impl.rb:81:in `evaluate'
      /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/pops/evaluator/evaluator_impl.rb:370:in `eval_AssignmentExpression'
      /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/pops/visitor.rb:94:in `visit_this_1'            
      /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/pops/evaluator/evaluator_impl.rb:81:in `evaluate'              
      [...]
      
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              a.heimann Alexander Heimann
              Votes:
              3 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated:

                  Zendesk Support