[Pkg-puppet-devel] autopkgtest issues in Ubuntu

Nish Aravamudan nish.aravamudan at canonical.com
Fri Feb 24 19:58:29 UTC 2017 

On 24.02.2017 [11:54:11 -0800], Nish Aravamudan wrote:
> On 24.02.2017 [11:48:45 +0200], Apollon Oikonomopoulos wrote:
> > Hi Nish,
> > 
> > On 13:48 Thu 23 Feb     , Nish Aravamudan wrote:
> > > Ok, so adding ca-certificates did not seem to make any difference (and
> > > in fact, it seems like it is already installed in the Ubuntu autopkgtest
> > > environment so that was a red herring anyways). Any ideas why, e.g.:
> > 
> > Puppet has its own CA system and does not rely on ca-certificates on any 
> > way, so having ca-certificates installed or not should not make a 
> > difference.
> 
> Got it.
> 
> > > https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-zesty-nacc-lp1570472/zesty/amd64/p/puppet/20170223_203421_4dd8e@/log.gz
> > > 
> > > there is no certificate for the hostname by default on Ubuntu but there
> > > is on Debian? I don't see anything in the tests that ensure it exists
> > > and only puppet-master-passenger generates it in a postinst (hence those
> > > tests now pass, but I think it's technically incidental and dependent on
> > > the .postinst's behavior, which might be fine).
> > 
> > The certificate should have been generated by the master process itself 
> > if it does not exist, using Puppet's CA. Could you get the list of files 
> > under /var/lib/puppet/ssl and /var/cache/puppet/ssl at the end of the 
> > test?
> 
> So I just did a quick test in a LXD of 17.04 after installing
> puppet-master and ruby-serverspec.
> 
> # ps aux | grep puppet
> puppet    4421  0.0  0.2 216624 45424 ?        Ssl  19:52   0:00 /usr/bin/ruby /usr/bin/puppet master
> 
> # find /var/lib/puppet/ssl/
> /var/lib/puppet/ssl/
> /var/lib/puppet/ssl/certificate_requests
> /var/lib/puppet/ssl/public_keys
> /var/lib/puppet/ssl/public_keys/oriented-squirrel.lxd.pem
> /var/lib/puppet/ssl/certs
> /var/lib/puppet/ssl/certs/ca.pem
> /var/lib/puppet/ssl/certs/oriented-squirrel.lxd.pem

Ah that seems to be the disconnect?

# puppet cert print $(hostname --fqdn).lxd

*does* work, which seems tied to

# puppet master --configprint hostcert
/var/lib/puppet/ssl/certs/mighty-clam.lxd.pem

Note that this is all tied to LXD of course, and I can spin up a VM of
Zesty but I expect we might see something similar there?

-Nish

-- 
Nishanth Aravamudan
Ubuntu Server
Canonical Ltd

More information about the Pkg-puppet-devel mailing list