Bug #1836
closedForeman chokes on "puppet cert clean host.does.not.exist.example.com" as of Puppet 2.7.19 and thus can't provision new hosts
Description
In Puppet 2.7.19 a bug in puppet cert clean
was fixed. Previously, the command always terminated with exit status 0, even if the certificate to be cleaned did not exist. Now, as of Puppet 2.7.19 (see https://projects.puppetlabs.com/issues/14860), the command terminates with exit status 24, which is the correct behaviour.
Foreman, or probably the Foreman smart proxy, should take this behavior change into account when provisioning hosts. Otherwise it is not possible to provision new hosts as retrieving the /unattended/provision
resource fails with a 500 error, resulting from the smart proxy on the Puppet server (proxying Puppet CA) failing to correctly run puppetca --clean
:
W, [2012-08-24T18:52:42.575984 #1386] WARN -- : Failed to run puppetca: err: Could not call revoke: Could not find a serial number for web02.dmz01.example.com Could not find a serial number for web02.dmz01.example.com E, [2012-08-24T18:52:42.576345 #1386] ERROR -- : Failed to remove certificate(s) for web02.dmz01.example.com: Execution of puppetca failed, check log files
Updated by Ohad Levy over 12 years ago
- Project changed from Foreman to Smart Proxy
- Category deleted (
PuppetCA) - Target version deleted (
1.1)
Updated by Ohad Levy over 12 years ago
- Category set to Puppet
- Target version set to 1.1
Updated by Ohad Levy over 12 years ago
- Status changed from New to Closed
- % Done changed from 0 to 100
Applied in changeset a402c71290f2d8205e60b876f2a40dfa9fefacda.
Updated by Andreas Ntaflos over 12 years ago
As is probably easy to surmise, downgrading Puppet to 2.7.18, at least on the Puppetmaster/Puppet CA server on which the smart proxy runs, works around this problem.