search

puppetlabs / pupperware

Container fun time lives here.
Other
183 stars 67 forks source link

Version 6.11.1 PuppetServer container has a bug, consider pinning #225

Closed lolocho closed 4 years ago

lolocho commented 4 years ago

When running pupperware/docker-compose.yml, I discovered that the container for puppet/puppetserver created yesterday (5.7/2020) about 13 hours ago (6.11.1) has a bug with the DNS_ALT_NAMES resulting in puppetserver not able to complete start up. Using docker logs, could see it was due to malformed dns_alt_names line in the puppet.conf.

Expected Behavior

Expect a running puppetserver when done

Steps to Reproduce

Run the latest yaml, using the 6.11.1 as the version: PUPPETSERVER_VERSION=6.11.1 docker-compose up

Environment

CentOS 7.6

Additional Context

Though the bug is not in this tool, I saw other Bug Reports where it was referenced to pin the version due to bug in the container. Container 6.10.0 does not have the bug

Iristyle commented 4 years ago

FYI @joshcooper @Magisus @justinstoller

joshcooper commented 4 years ago 
$ git rev-parse HEAD
76533b10d55d1fc6c58af7b4dba6abdcc5a5a8c2
$  PUPPETSERVER_VERSION=6.11.1 docker-compose up
...
puppet_1    | Running /docker-entrypoint.d/80-ca.sh
puppet_1    | /opt/puppetlabs/puppet/lib/ruby/2.5.0/openssl/x509.rb:20:in `create_ext': subjectAltName = DNS:, DNS:puppet, DNS:whatcom, DNS:whatcom.vpn.puppet.net: invalid extension string (OpenSSL::X509::ExtensionError)
puppet_1    |   from /opt/puppetlabs/puppet/lib/ruby/2.5.0/openssl/x509.rb:20:in `create_extension'
puppet_1    |   from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.7.0/lib/puppetserver/ca/local_certificate_authority.rb:190:in `add_subject_alt_names_extension'
puppet_1    |   from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.7.0/lib/puppetserver/ca/local_certificate_authority.rb:170:in `sign_authorized_cert'
puppet_1    |   from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.7.0/lib/puppetserver/ca/local_certificate_authority.rb:148:in `create_master_cert'
puppet_1    |   from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.7.0/lib/puppetserver/ca/action/setup.rb:79:in `generate_pki'
puppet_1    |   from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.7.0/lib/puppetserver/ca/action/setup.rb:67:in `run'
puppet_1    |   from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.7.0/lib/puppetserver/ca/cli.rb:94:in `run'
puppet_1    |   from /opt/puppetlabs/server/apps/puppetserver/cli/apps/ca:5:in `<main>'

Running 6.10.0 works:

$ PUPPETSERVER_VERSION=6.10.0 docker-compose up
...
puppet_1    | Running /docker-entrypoint.d/80-ca.sh
puppet_1    | Running /docker-entrypoint.d/85-setup-storeconfigs.sh
...

It looks like @Iristyle fixed this in https://github.com/puppetlabs/puppetserver/commit/194fb82faa56ecbc7cc288bf87e7bff4f22978ef, but it's in 6.12.0 which is missing from https://hub.docker.com/r/puppet/puppetserver/tags. Is there automation to push docker images during release?

Iristyle commented 4 years ago

Thanks @joshcooper - yes, there is automation to publish each tagged image.

Looks like @underscorgan is on the case!

underscorgan commented 4 years ago

The 6.12.0 image has been published and I've tested that docker-compose up works. @lolocho please let me know if you're still seeing issues and we can re-open this issue!