Comments (22)
It might be easier to use puppet/util/inifile
instead of inifile
, as it's shipped with Puppet itself.
from puppet-openssl.
Is the inifile gem maybe included in the new puppet 4 installer?
We are still using puppet 3, which does not seem to have the inifile gem...
from puppet-openssl.
We def need to either install the inifile gem or document that it is needed with a code example.
This took way to long to figure out on my own....
from puppet-openssl.
Code Example for documentation:
# Ruby 1.8.7 needs older version (less than 3.0.0)
# https://github.com/TwP/inifile/issues/35
if versioncmp($::rubyversion, '1.9.3') >= 0 {
$inifile_ensure = installed
} else {
$inifile_ensure = '2.0.2'
}
package { 'inifile':
ensure => $inifile_ensure,
provider => gem,
before => Openssl::Certificate::X509['www.example.com'],
}
from puppet-openssl.
I vote for the built in puppet inifile.
Managing the gem with puppet seems to work on fresh builds, but if you have existing vms, then it tanks your puppet run. The next run will work and finish up, but this could be a problem if you miss refreshes like nginx/apache service due the puppet run failing right in the middle.
from puppet-openssl.
FYI, I am using Puppet 4 and I had to install the inifile gem on the bundled Puppet ruby in order to get puppet working again, so this issue is not specific to Puppet 3.
from puppet-openssl.
Hi all - thanks for tracking this issue. I ran into the same problem (open source puppet 4.4 on agent running Ubuntu 14.04, puppet-openssl 1.7.1). I am using openssl::certificate::x509 to build certs. First run worked fine. Once the certs were built, I started getting the "failure to load inifile" error.
Installing inifile gem directly (gem install inifile) didn't help.
Resolved the issue for now by installing inifile gem using:
$/opt/puppetlabs/puppet/bin/gem install inifile
See:
https://ask.puppet.com/question/18703/could-not-load-ruby-gem-from-puppet-provider/
from puppet-openssl.
Hitting this on ubuntu xenial on v1.7.1
ubuntu@ip-10-187-21-156:~$ uname -a
Linux ip-10-187-21-156 4.4.0-24-generic #43-Ubuntu SMP Wed Jun 8 19:27:37 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
ubuntu@ip-10-187-21-156:~$ puppet --version
3.8.5
ubuntu@ip-10-187-21-156:~$ sudo puppet module list | grep openssl
├── camptocamp-openssl (v1.7.1)
This never happens on the initial run, as far as i can tell, but on all subsequent runs.
from puppet-openssl.
Also in Puppet 4.5.2 on CentOs 7
[vagrant@localhost ~]$ uname -a
Linux localhost.localdomain 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
[vagrant@localhost ~]$ cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
[vagrant@localhost ~]$ puppet --version
4.5.2
from puppet-openssl.
I don't really want to allow gem into my production servers only to make this module work... Could you instead use a standard library?
from puppet-openssl.
I'm facing the same error on CentOS 7.x and Puppet 4.5.x.
I've solved installing inifile
gem:
$ /opt/puppetlabs/puppet/bin/gem install inifile
Regards.
from puppet-openssl.
Facing same issue on Ubuntu 16.04.1 LTS and Puppet 4.5.3
Solved using the aforementioned way, thanks chilcano.
from puppet-openssl.
I've just reworked the code to use puppet/util/inifile
: #73
Could you please test and confirm that it works?
@cjeanneret what do you think?
from puppet-openssl.
@raphink I just tested #73 on a RHEL 6 server where I was seeing this problem. At least the error is gone, but I haven't tested it further.
from puppet-openssl.
Thanks @ckaenzig. I'll wait for a few more comments from people here /cc @bgshacklett @edestecd @hdeadman @kmob @bdashrad @benedicere @chilcano @kronos-pbrideau @malaikah
from puppet-openssl.
Hi everyone, may is not what you want to do but I choose to not use inifile because it means to load a whole module just to compare some variables. So, I've replaced the inifile block-code for this:
commonName = subjectAltName = ''
IO.foreach(resource[:template]) do |line|
line.chomp!
key, value = line.split('=', 2)
case key
when /^([#;]|$)/; # ignore line
when /^subjectAltName.+/; subjectAltName = value.strip()
when /^commonName.+$/; commonName = value.strip()
end
end
return false if "#{subjectAltName}".delete(' ').gsub(/^"|"$/, '') != altName.delete(' ').gsub(/^"|"$/, '').gsub('IPAddress','IP')
return false if "#{commonName}" != cdata['CN']
return true
from puppet-openssl.
@raphink Unfortunately, I no-longer have access to the environment where I was implementing this module. Perhaps I can get a test case going at some point. I'll report back if I do.
from puppet-openssl.
@damong it seems that would fit the initial intent, although in #73 I'm not loading an external inifile module, but puppet/util/inifile
, which is already loaded in other places in Puppet anyway.
from puppet-openssl.
@bgshacklett ok, thanks for replying.
from puppet-openssl.
+1 to merging #73. Tested and it functions as expected.
Edit: On Centos 7
from puppet-openssl.
Successfully tested #73 on Centos 6.8 and PE 2016.1.2. It works as expected.
from puppet-openssl.
OK, I merged #73. I'll craft a release on Monday, unless @mcanevet has time for that
from puppet-openssl.
Related Issues (20)
- openssl pkcs12 export leaks password
- PKCS12 export not rebuit when inputs change HOT 1
- PKCS12 export lists out_pass as optional when it isn't
- openssl_version fact resolves to nil HOT 1
- feature request: function to read certificate expiration date
- feature request: support for fullchain certificate stores
- openssl_version fact resolves to nil HOT 1
- feature request: manage certificate authority and allow signing certs with a CA
- feature request: make keys and certificates exportable HOT 1
- Bug/Maintenance in/for configuration templates HOT 1
- Move on from puppet6
- Replace expired certificate? HOT 1
- Dead code HOT 1
- stdlib 9 support HOT 1
- Release 3.0.0 broken HOT 2
- [Bug] TLS certificate can't be created if the directory for private key is specified
- Logic bug prevents ``altnames`` from being used.
- r10k generate types fails HOT 3
- feature to add x509 extension
- feature request: support for crypto policy on Enterprise Linux systems
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from puppet-openssl.