search

markt-de / puppet-acme

Centralized SSL certificate management using acme.sh and the ACME protocol
https://forge.puppet.com/markt/acme
Apache License 2.0
9 stars 17 forks source link

versioncmp failing #27

Closed tykeal closed 4 years ago

tykeal commented 4 years ago

I'm trying to get this module setup (I'm on CentOS 8) and I keep getting the following error during runs on the puppetmaster:

Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Function Call, 'versioncmp' parameter 'a' expects a String value, got Undef (file: /etc/puppetlabs/code/environments/production/modules/acme/manifests/request/handler.pp, line: 188, column: 25) on node REDACTED

Looking at the line in question I'm trying to puzzle out where $openssl_version is supposed to come from as the stated dependencies don't seem to be creating the fact.

Current configuration: puppetserver 6.12.0 puppet-agent: 6.16 OS: CentOS 8

declared dependencies: puppetlabs-stdlib: 6.3.0 puppetlabs-concat: 6.2.0 puppetlabs-vcsrepo: 3.1.0 camptocamp-openssl: 1.14.0

fraenki commented 4 years ago

Are you sure that you have the required camptocamp-openssl module installed? It provides the required fact:

https://github.com/camptocamp/puppet-openssl/blob/master/lib/facter/openssl_version.rb

(FWIW, please don't use the master branch of puppet-acme, it contains an increasing number of possibly breaking changes in preparation for release 2.0.)

tykeal commented 4 years ago

I've got the camptocamp-openssl module installed (see above) and no, I'm not using the mainline of this module. I'm currently using 1.0.5.

I had even tried to do an include / require of the module to see if that was the problem but it didn't seem to resolve it. I'll look into it further on my side. Since it seems to be an issue with one of my modules for some reason and not yours. I'll just close this.

fraenki commented 4 years ago

There are several incompatible openssl modules available on Puppet Forge, so maybe one of your other modules pulls in the wrong openssl module...

tykeal commented 4 years ago

It's the only openssl module I've got installed. In fact, camptocamp-openssl is the only openssl module I, or my work has ever used.

I'm not certain what is going on here. I'm checking over our puppet server and it clearly has the openssl fact in the local cache, but it's not setting the variable at all. Other custom facts seem to be working. This tells me that it may be a bug with the fact on CentOS8. Thanks for the pointers. I'll try and figure this out and if needs be raise a bug on camptocamp-openssl

tykeal commented 4 years ago

And within just a moment I found the problem the version lookup regex that is being used is too strict and can't cope with the version string that is showing up on CentOS8 for some reason. I'll raise the bug upstream. Thanks again for helping me track this down.

tykeal commented 4 years ago

Hah! somone already got a change merged back in March. Just no release since then!

fraenki commented 4 years ago

For future reference: https://github.com/camptocamp/puppet-openssl/commit/5fe38f9893b881a39bbae5f76f5bdd12eacba261

advorkin commented 1 year ago

Hello, @fraenki .

Can you please advice what the proper solution is to this problem? Should we be using camptocamp-openssl (which is now retired)? We are getting the same error message with puppet-openssl module (all latest versions).

Thank you!