thr3ads.net - Puppet users - [Puppet Users] Delete a clients certificate with curl no longer working? [May 2014]

If this information is useful, please help other people find it:
Share via:
Thomas
2014-May-06 11:31 UTC
[Puppet Users] Delete a clients certificate with curl no longer working?

When deploying openvz images, we use a init-script to delete puppets ssl 
directory and then run a curl that deletes the certificate from the puppet 
server:
curl -k -X DELETE -H "Accept: pson" 
"https://puppet.example.com:8140/production/certificate_status/client.examle.com".

After upgrading to puppet 3.5.1 this stopped working, I have read that I 
need to revoke the certificate first and that works:
curl -k -X PUT -H "Content-Type: text/pson" --data 
'{"desired_state":"revoked"}' 
https://puppet.example.com:8140/production/certificate_status/client.example.com

I have verified that the certificate gets revoked on the server:
[root@puppet ~]# puppet cert list client.example.com
- "client.example.com" (SHA256) 
A9:FD:2D:C3:E4:7C:84:12:9C:D0:B2:4C:F2:81:AB:A0:BE:9C:A4:40:A7:8E:4A:6A:D8:E0:A4:D7:10:A9:4B:E2
(certificate revoked)

After this, the documentation says that I should run the DELETE command 
described above but that fails (using | sed for readability):
curl -k -X DELETE -H "Accept: pson" 
https://puppet.example.com:8140/production/certificate_status/work-reduce203.trioptima.com
| sed 's/,/\n/g'
{"issue_kind":"RUNTIME_ERROR"
"message":"Server Error: undefined method `each' for
nil:NilClass"
"stacktrace":["/usr/lib/ruby/site_ruby/1.8/puppet/network/http/route.rb:72:in
`process'"
"/usr/lib/ruby/site_ruby/1.8/puppet/network/http/handler.rb:63:in
`process'"
"/usr/lib/ruby/site_ruby/1.8/puppet/util/profiler/none.rb:6:in
`profile'"
"/usr/lib/ruby/site_ruby/1.8/puppet/util/profiler.rb:43:in
`profile'"
"/usr/lib/ruby/site_ruby/1.8/puppet/network/http/handler.rb:61:in
`process'"
"/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick/rest.rb:31:in 
`service'"
"/usr/lib/ruby/1.8/webrick/httpserver.rb:104:in `service'"
"/usr/lib/ruby/1.8/webrick/httpserver.rb:65:in `run'"
"/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:36:in
`listen'"
"/usr/lib/ruby/1.8/webrick/server.rb:173:in `call'"
"/usr/lib/ruby/1.8/webrick/server.rb:173:in `start_thread'"
"/usr/lib/ruby/1.8/webrick/server.rb:162:in `start'"
"/usr/lib/ruby/1.8/webrick/server.rb:162:in `start_thread'"
"/usr/lib/ruby/1.8/webrick/server.rb:95:in `start'"
"/usr/lib/ruby/1.8/webrick/server.rb:92:in `each'"
"/usr/lib/ruby/1.8/webrick/server.rb:92:in `start'"
"/usr/lib/ruby/1.8/webrick/server.rb:23:in `start'"
"/usr/lib/ruby/1.8/webrick/server.rb:82:in `start'"
"/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:30:in
`listen'"
"/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:29:in 
`initialize'"
"/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:29:in
`new'"
"/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:29:in
`listen'"
"/usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:27:in
`start'"
"/usr/lib/ruby/site_ruby/1.8/puppet/daemon.rb:139:in `start'"
"/usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:284:in 
`start_webrick_master'"
"/usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:200:in
`main'"
"/usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:160:in 
`run_command'"
"/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:372:in `run'"
"/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:479:in
`plugin_hook'"
"/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:372:in `run'"
"/usr/lib/ruby/site_ruby/1.8/puppet/util.rb:479:in `exit_on_fail'"
"/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:372:in `run'"
"/usr/lib/ruby/site_ruby/1.8/puppet/context.rb:51:in `override'"
"/usr/lib/ruby/site_ruby/1.8/puppet.rb:233:in `override'"
"/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:362:in `run'"
"/usr/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb:137:in
`run'"
"/usr/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb:91:in
`execute'"
"/usr/bin/puppet:4"]}

Running the puppet master in debug:
[root@puppet ~]# puppet master --no-daemonize --debug --verbose
[...]
Notice: Starting Puppet master version 3.5.1
[...]
Debug: Routes Registered:
Debug: Route /^\/v2\.0/
Debug: Route /.*/
Debug: Evaluating match for Route /^\/v2\.0/
Debug: Did not match path 
("/production/certificate_status/client.example.com")
Debug: Evaluating match for Route /.*/
Error: Server Error: undefined method `each' for nil:NilClass

Any hints?

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/9d8aef00-8855-4190-a32d-3ae897217c22%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Puppet users - May 2014 - Delete a clients certificate with curl no longer working?

[Puppet Users] Delete a clients certificate with curl no longer working?
