On Tuesday, May 6, 2014 1:31:48 PM UTC+2, Thomas wrote: > > When deploying openvz images, we use a init-script to delete puppets ssl > directory and then run a curl that deletes the certificate from the puppet > server: > curl -k -X DELETE -H "Accept: pson" " > https://puppet.example.com:8140/production/certificate_status/client.examle.com > ". > > After upgrading to puppet 3.5.1 this stopped working, I have read that I > need to revoke the certificate first and that works: > curl -k -X PUT -H "Content-Type: text/pson" --data > '{"desired_state":"revoked"}' > https://puppet.example.com:8140/production/certificate_status/client.example.com > > I have verified that the certificate gets revoked on the server: > [root@puppet ~]# puppet cert list client.example.com > - "client.example.com" (SHA256) > A9:FD:2D:C3:E4:7C:84:12:9C:D0:B2:4C:F2:81:AB:A0:BE:9C:A4:40:A7:8E:4A:6A:D8:E0:A4:D7:10:A9:4B:E2 > > (certificate revoked) > > After this, the documentation says that I should run the DELETE command > described above but that fails (using | sed for readability): > curl -k -X DELETE -H "Accept: pson" > https://puppet.example.com:8140/production/certificate_status/client.example.com<https://puppet.example.com:8140/production/certificate_status/work-reduce203.trioptima.com>| > sed 's/,/\n/g' > {"issue_kind":"RUNTIME_ERROR" > "message":"Server Error: undefined method `each' for nil:NilClass" > "stacktrace":["/usr/lib/ruby/site_ruby/1.8/puppet/network/http/route.rb:72:in > `process'" > "/usr/lib/ruby/site_ruby/1.8/puppet/network/http/handler.rb:63:in > `process'" > "/usr/lib/ruby/site_ruby/1.8/puppet/util/profiler/none.rb:6:in `profile'" > "/usr/lib/ruby/site_ruby/1.8/puppet/util/profiler.rb:43:in `profile'" > "/usr/lib/ruby/site_ruby/1.8/puppet/network/http/handler.rb:61:in > `process'" > "/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick/rest.rb:31:in > `service'" > "/usr/lib/ruby/1.8/webrick/httpserver.rb:104:in `service'" > "/usr/lib/ruby/1.8/webrick/httpserver.rb:65:in `run'" > "/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:36:in `listen'" > "/usr/lib/ruby/1.8/webrick/server.rb:173:in `call'" > "/usr/lib/ruby/1.8/webrick/server.rb:173:in `start_thread'" > "/usr/lib/ruby/1.8/webrick/server.rb:162:in `start'" > "/usr/lib/ruby/1.8/webrick/server.rb:162:in `start_thread'" > "/usr/lib/ruby/1.8/webrick/server.rb:95:in `start'" > "/usr/lib/ruby/1.8/webrick/server.rb:92:in `each'" > "/usr/lib/ruby/1.8/webrick/server.rb:92:in `start'" > "/usr/lib/ruby/1.8/webrick/server.rb:23:in `start'" > "/usr/lib/ruby/1.8/webrick/server.rb:82:in `start'" > "/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:30:in `listen'" > "/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:29:in > `initialize'" > "/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:29:in `new'" > "/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:29:in `listen'" > "/usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:27:in `start'" > "/usr/lib/ruby/site_ruby/1.8/puppet/daemon.rb:139:in `start'" > "/usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:284:in > `start_webrick_master'" > "/usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:200:in `main'" > "/usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:160:in > `run_command'" > "/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:372:in `run'" > "/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:479:in `plugin_hook'" > "/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:372:in `run'" > "/usr/lib/ruby/site_ruby/1.8/puppet/util.rb:479:in `exit_on_fail'" > "/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:372:in `run'" > "/usr/lib/ruby/site_ruby/1.8/puppet/context.rb:51:in `override'" > "/usr/lib/ruby/site_ruby/1.8/puppet.rb:233:in `override'" > "/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:362:in `run'" > "/usr/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb:137:in `run'" > "/usr/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb:91:in `execute'" > "/usr/bin/puppet:4"]} > > Running the puppet master in debug: > [root@puppet ~]# puppet master --no-daemonize --debug --verbose > [...] > Notice: Starting Puppet master version 3.5.1 > [...] > Debug: Routes Registered: > Debug: Route /^\/v2\.0/ > Debug: Route /.*/ > Debug: Evaluating match for Route /^\/v2\.0/ > Debug: Did not match path ("/production/certificate_status/ > client.example.com") > Debug: Evaluating match for Route /.*/ > Error: Server Error: undefined method `each' for nil:NilClass > > Any hints? >
Adding DELETE in, as suggested by Paul Beltrani in issue PUP-2516<https://tickets.puppetlabs.com/browse/PUP-2516>, /usr/lib/ruby/site_ruby/1.8/puppet/network/http/route.rb (CentOS 6) solved the issue for me. @@ -16,7 +16,8 @@ :HEAD => [MethodNotAllowedHandler], :OPTIONS => [MethodNotAllowedHandler], :POST => [MethodNotAllowedHandler],- :PUT => [MethodNotAllowedHandler]+ :PUT => [MethodNotAllowedHandler],+ :DELETE => [MethodNotAllowedHandler] } @chained = [] end Now I can delete the certificate on the puppet master from the client using curl: [root@client ~]# curl -k -X DELETE -H "Accept: pson" https://puppet.example.com:8140/production/certificate_status/client.example.com "Deleted for client.example.com: Puppet::SSL::Certificate" [root@client ~]# -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/0c8cffa5-5b76-4835-92a3-cd0e35456d50%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
