Project

General

Profile

Actions

Bug #1836

closed

Foreman chokes on "puppet cert clean host.does.not.exist.example.com" as of Puppet 2.7.19 and thus can't provision new hosts

Added by Andreas Ntaflos about 12 years ago. Updated about 12 years ago.

Status:
Closed
Priority:
High
Assignee:
Category:
Puppet
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

In Puppet 2.7.19 a bug in puppet cert clean was fixed. Previously, the command always terminated with exit status 0, even if the certificate to be cleaned did not exist. Now, as of Puppet 2.7.19 (see https://projects.puppetlabs.com/issues/14860), the command terminates with exit status 24, which is the correct behaviour.

Foreman, or probably the Foreman smart proxy, should take this behavior change into account when provisioning hosts. Otherwise it is not possible to provision new hosts as retrieving the /unattended/provision resource fails with a 500 error, resulting from the smart proxy on the Puppet server (proxying Puppet CA) failing to correctly run puppetca --clean:

W, [2012-08-24T18:52:42.575984 #1386]  WARN -- : Failed to run puppetca: err: Could not call revoke: Could not find a serial number for web02.dmz01.example.com
Could not find a serial number for web02.dmz01.example.com

E, [2012-08-24T18:52:42.576345 #1386] ERROR -- : Failed to remove certificate(s) for web02.dmz01.example.com: Execution of puppetca failed, check log files
Actions #1

Updated by Ohad Levy about 12 years ago

  • Target version set to 1.1
Actions #2

Updated by Ohad Levy about 12 years ago

  • Project changed from Foreman to Smart Proxy
  • Category deleted (PuppetCA)
  • Target version deleted (1.1)
Actions #3

Updated by Ohad Levy about 12 years ago

  • Category set to Puppet
  • Target version set to 1.1
Actions #4

Updated by Ohad Levy about 12 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100
Actions #5

Updated by Andreas Ntaflos about 12 years ago

As is probably easy to surmise, downgrading Puppet to 2.7.18, at least on the Puppetmaster/Puppet CA server on which the smart proxy runs, works around this problem.

Actions

Also available in: Atom PDF