search

puppetlabs / pupperware

Container fun time lives here.
Other
183 stars 66 forks source link

[puppet/puppetdb:6.6.0] `/docker-entrypoint.d/30-configure-ssl.sh` Errors Out #157

Closed Xtigyro closed 4 years ago

Xtigyro commented 4 years ago

Describe the Bug

The changes introduced 8 hours ago in puppet/puppetdb:6.6.0 lead to an error in the third step of the post-init scripts.

Logs:

Running /docker-entrypoint.d/30-configure-ssl.sh
(/ssl.sh) Using configuration values:
(/ssl.sh) * CERTNAME: 'puppetdb' (/CN=puppetdb)
(/ssl.sh) * DNS_ALT_NAMES: 'puppetdb,'
(/ssl.sh) * CA: 'https://puppet:8140/puppet-ca/v1'
(/ssl.sh) * SSLDIR: '/opt/puppetlabs/server/data/puppetdb/certs'
(/ssl.sh) * WAITFORCERT: '120' seconds
subject=CN = Puppet CA: puppet
issuer=CN = Puppet CA: puppet
Generating RSA private key, 4096 bit long modulus (2 primes)
...........................................................++++
.....................................................................++++
e is 65537 (0x010001)
writing RSA key
(/ssl.sh) Error: unsigned CSR for 'puppetdb' already exists on CA

Expected Behavior

In puppet/puppetdb:6.5.0 - logs:

Running /docker-entrypoint.d/30-configure-ssl.sh
(/ssl.sh) Using configuration values:
(/ssl.sh) * CERTNAME: 'puppetdb' (/CN=puppetdb)
(/ssl.sh) * DNS_ALT_NAMES: ''
(/ssl.sh) * CA: 'https://puppet:8140/puppet-ca/v1'
(/ssl.sh) * SSLDIR: '/etc/puppetlabs/puppet/ssl'
(/ssl.sh) * WAITFORCERT: '120' seconds
subject=CN = Puppet CA: puppet
issuer=CN = Puppet CA: puppet
Generating RSA private key, 4096 bit long modulus (2 primes)
...............................................................................................................++++
.....................++++
e is 65537 (0x010001)
writing RSA key
subject=CN = puppetdb
issuer=CN = Puppet CA: puppet
(/ssl.sh) Successfully signed certificate '/etc/puppetlabs/puppet/ssl/certs/puppetdb.pem'
PEM files in /etc/puppetlabs/puppetdb/ssl are missing, we will move them into place for you
Copying files: /etc/puppetlabs/puppet/ssl/certs/ca.pem, /etc/puppetlabs/puppet/ssl/private_keys/puppetdb.pem and /etc/puppetlabs/puppet/ssl/certs/puppetdb.pem to /etc/puppetlabs/puppetdb/ssl
Updated default settings from package installation for ssl-host in /etc/puppetlabs/puppetdb/conf.d/jetty.ini.
Updated default settings from package installation for ssl-port in /etc/puppetlabs/puppetdb/conf.d/jetty.ini.
Updated default settings from package installation for ssl-key in /etc/puppetlabs/puppetdb/conf.d/jetty.ini.
Updated default settings from package installation for ssl-cert in /etc/puppetlabs/puppetdb/conf.d/jetty.ini.
Updated default settings from package installation for ssl-ca-cert in /etc/puppetlabs/puppetdb/conf.d/jetty.ini.

Steps to Reproduce

Steps to reproduce the behavior:

  1. helm install --namespace puppetserver --name puppetserver . --set puppetserver.puppeturl='https://github.com/puppetlabs/control-repo.git',puppetboard.enabled='true' --debug

Environment

Using the Helm chart.

underscorgan commented 4 years ago

Hi @Xtigyro , thanks for the report! There were a couple of changes in the puppetdb container that were causing issues here, but #158 should fix it! Please test it out and let me know if it works for you!

Xtigyro commented 4 years ago

Hey @underscorgan - I'm about to test this now. Thank you - that was ultra quick! I'm gonna include a bit more changes that will go in 0.2.1 of the Helm chart.

I have a plea. We should always bump the version of the Docker images upon changes. When a certain version is released, the image should never change. Stability is very important after the setup of a particular deployment is finished, tested and validated.

Xtigyro commented 4 years ago

@underscorgan The tests confirmed - the fix is perfect. Thank you!

Running /docker-entrypoint.d/30-configure-ssl.sh
(/ssl.sh) Using configuration values:
(/ssl.sh) * CERTNAME: 'puppetdb' (/CN=puppetdb)
(/ssl.sh) * DNS_ALT_NAMES: 'puppetdb,'
(/ssl.sh) * CA: 'https://puppet:8140/puppet-ca/v1'
(/ssl.sh) * SSLDIR: '/opt/puppetlabs/server/data/puppetdb/certs'
(/ssl.sh) * WAITFORCERT: '120' seconds
subject=CN = Puppet CA: puppet
issuer=CN = Puppet CA: puppet
Generating RSA private key, 4096 bit long modulus (2 primes)
............++++
..........................................................................++++
e is 65537 (0x010001)
writing RSA key
subject=CN = puppetdb
issuer=CN = Puppet CA: puppet
(/ssl.sh) Successfully signed certificate '/opt/puppetlabs/server/data/puppetdb/certs/certs/puppetdb.pem'
Xtigyro commented 4 years ago

I've put my small changes into the same PR, too - https://github.com/underscorgan/pupperware/pull/1.

Wish you a good weekend!