[Pkg-puppet-devel] autopkgtest issues in Ubuntu

[Nish Aravamudan]

On 24.02.2017 [22:26:34 +0200], Apollon Oikonomopoulos wrote:
> On 11:54 Fri 24 Feb     , Nish Aravamudan wrote:
> > So I just did a quick test in a LXD of 17.04 after installing
> > puppet-master and ruby-serverspec.
> > 
> > # ps aux | grep puppet
> > puppet    4421  0.0  0.2 216624 45424 ?        Ssl  19:52   0:00 /usr/bin/ruby /usr/bin/puppet master
> > 
> > # find /var/lib/puppet/ssl/
> > /var/lib/puppet/ssl/
> > /var/lib/puppet/ssl/certificate_requests
> > /var/lib/puppet/ssl/public_keys
> > /var/lib/puppet/ssl/public_keys/oriented-squirrel.lxd.pem
> > /var/lib/puppet/ssl/certs
> > /var/lib/puppet/ssl/certs/ca.pem
> > /var/lib/puppet/ssl/certs/oriented-squirrel.lxd.pem
> > /var/lib/puppet/ssl/private_keys
> > /var/lib/puppet/ssl/private_keys/oriented-squirrel.lxd.pem
> > /var/lib/puppet/ssl/ca
> > /var/lib/puppet/ssl/ca/ca_key.pem
> > /var/lib/puppet/ssl/ca/requests
> > /var/lib/puppet/ssl/ca/ca_crt.pem
> > /var/lib/puppet/ssl/ca/ca_pub.pem
> > /var/lib/puppet/ssl/ca/ca_crl.pem
> > /var/lib/puppet/ssl/ca/signed
> > /var/lib/puppet/ssl/ca/signed/oriented-squirrel.lxd.pem
> > /var/lib/puppet/ssl/ca/inventory.txt
> > /var/lib/puppet/ssl/ca/serial
> > /var/lib/puppet/ssl/ca/private
> > /var/lib/puppet/ssl/ca/private/ca.pass
> > /var/lib/puppet/ssl/crl.pem
> > /var/lib/puppet/ssl/private
> > 
> > # find /var/cache/puppet/ssl/
> > find: ‘/var/cache/puppet/ssl/’: No such file or directory
> > 
> > # puppet cert print $(hostname --fqdn)
> > Error: Could not find certificate for oriented-squirrel
> > 
> > So is the puppet certificate generation supposed to be from the puppet
> > upstream (master process) or from the debian package installation? As I
> > mentioned earlier, puppet-master-passenger's postinst seems to ensure
> > the hostcert exists, but I don't see anything corresponding for
> > puppet-master.
> 
> The puppet master will always generate the certificate if it's missing.  
> However, the reason we pre-generate this in puppet-master-passenger is 
> that the certificate has to exist before apache starts (as stated in the 
> relevant comment).
> 
> What is odd here is that the master has somehow picked up 
> oriented-squirrel.lxd as the FQDN (`certname' in puppet talk), but 
> hostname --fqdn only returns oriented-squirrel, without the .lxd suffix.
> 
> Looking at the code, Puppet initializes the certname from the `hostname' 
> and `domain' facts. Could you also run `facter' in LXD to see what's 
> going on? Additionally, the contents of /etc/hostname, /etc/hosts and 
> /etc/nsswitch.conf might help.

I think I've given the Facter output separately.

~# cat /etc/hostname 
oriented-squirrel

~# cat /etc/hosts
127.0.0.1   localhost
127.0.1.1   oriented-squirrel

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

~# cat /etc/nsswitch.conf 
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat
group:          compat
shadow:         compat
gshadow:        files

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

-- 
Nishanth Aravamudan
Ubuntu Server
Canonical Ltd