Open fheinle opened 6 years ago
The problem appears to lie in the file names used by ssl client cert and private key used for authenticating against puppetdb. While using the content of the certs in .octocatalog-diff.cfg.rb
works fine for using those credentials for gathering facts etc, running puppet master --compile
later fails because it can't pick up the files. The files are stored with just the host name as their file names and not the fqdn, so puppet won't pick it up automatically. c.f. https://github.com/github/octocatalog-diff/blob/4860fccdee5389b814bc2caeab4a1784aa3cc4d3/lib/octocatalog-diff/catalog-util/builddir.rb#L370
Replacing this line with host = Socket.gethostbyname(Socket.gethostname).first
fixed the issue by resolving the hostname to its FQDN, requires working DNS on the client, though. host = `hostname -f`
works under unixoid systems, etc.
Is there any work-around (without applying the patch) for this?
Not sure if this is part of this issue, or should open a new issue.
I am using puppet's CA.
Running with puppet 6 I also encountered that puppet is missing CRL. I've managed to get it installed with the following hack (inside enc_wrapper script):
# Do you ENC thingy
# Need to manually install missing CRL file
cp /etc/puppetlabs/puppet/ssl/crl.pem $(readlink -f ../../../*builddir*)/var/ssl
Hope this helps.
When I run
octocatalog-diff
it succeeds gathering facts from puppetdb but later fails compiling the catalog while collecting exported resources indicating errors with OpenSSL.run octocatalog-diff against any node
could not retrieve stuff from puppetdb, failing with e.g. openssl errors
octocatalog-diff
outputCommand used:
octocatalog-diff -n puppet.example.com --debug
Debugging output:
ruby 2.3.1p112 (2016-04-26) [x86_64-linux-gnu]
from Ubuntu 16.04gem install octocatalog-diff
yes