Project

General

Profile

Bug #1836

Foreman chokes on "puppet cert clean host.does.not.exist.example.com" as of Puppet 2.7.19 and thus can't provision new hosts

Added by Andreas Ntaflos almost 7 years ago. Updated almost 7 years ago.

Status:
Closed
Priority:
High
Assignee:
Category:
Puppet
Target version:
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

In Puppet 2.7.19 a bug in puppet cert clean was fixed. Previously, the command always terminated with exit status 0, even if the certificate to be cleaned did not exist. Now, as of Puppet 2.7.19 (see https://projects.puppetlabs.com/issues/14860), the command terminates with exit status 24, which is the correct behaviour.

Foreman, or probably the Foreman smart proxy, should take this behavior change into account when provisioning hosts. Otherwise it is not possible to provision new hosts as retrieving the /unattended/provision resource fails with a 500 error, resulting from the smart proxy on the Puppet server (proxying Puppet CA) failing to correctly run puppetca --clean:

W, [2012-08-24T18:52:42.575984 #1386]  WARN -- : Failed to run puppetca: err: Could not call revoke: Could not find a serial number for web02.dmz01.example.com
Could not find a serial number for web02.dmz01.example.com

E, [2012-08-24T18:52:42.576345 #1386] ERROR -- : Failed to remove certificate(s) for web02.dmz01.example.com: Execution of puppetca failed, check log files

Associated revisions

Revision a402c712 (diff)
Added by Ohad Levy almost 7 years ago

fixes #1836 - puppet cert in 2.7.19 has a different exit code

History

#1 Updated by Ohad Levy almost 7 years ago

  • Target version set to 1.1

#2 Updated by Ohad Levy almost 7 years ago

  • Project changed from Foreman to Smart Proxy
  • Category deleted (PuppetCA)
  • Target version deleted (1.1)

#3 Updated by Ohad Levy almost 7 years ago

  • Category set to Puppet
  • Target version set to 1.1

#4 Updated by Ohad Levy almost 7 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

#5 Updated by Andreas Ntaflos almost 7 years ago

As is probably easy to surmise, downgrading Puppet to 2.7.18, at least on the Puppetmaster/Puppet CA server on which the smart proxy runs, works around this problem.

Also available in: Atom PDF