Jira (PDB-5084) Fix ssl-setup client-auth insinuation

29 views
Skip to first unread message

Rob Browning (Jira)

unread,
Mar 26, 2021, 5:08:02 PM3/26/21
to puppe...@googlegroups.com
Rob Browning created an issue
 
PuppetDB / Bug PDB-5084
Fix ssl-setup client-auth insinuation
Issue Type: Bug Bug
Affects Versions: PDB 6.15.0
Assignee: Rob Browning
Created: 2021/03/26 2:07 PM
Priority: Normal Normal
Reporter: Rob Browning

Running puppetdb ssl-setup -f as sometimes suggested by the postinst ends up adding a duplicated assignment to the end of the jetty.ini file, i.e. client-auth = want = client-auth = want.
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935)
Atlassian logo

Rob Browning (Jira)

unread,
Mar 26, 2021, 5:11:03 PM3/26/21
to puppe...@googlegroups.com
Rob Browning updated an issue
Change By: Rob Browning
Sprint: HA 2020-04-07

Frédéric Lespez

unread,
Mar 27, 2021, 12:16:03 PM3/27/21
to puppe...@googlegroups.com
Frédéric Lespez commented on Bug PDB-5084
 
Re: Fix ssl-setup client-auth insinuation

Seeing this bug with PDB 6.15 on Debian Buster.

Frédéric Lespez

unread,
Mar 27, 2021, 12:29:02 PM3/27/21
to puppe...@googlegroups.com

Running puppetdb ssl-setup -f also changes the permissions of the jetty.ini file from 644 to 640 which prevents PuppetDB to start.

Before running puppetdb ssl-setup -f:

# ls -l /etc/puppetlabs/puppetdb/conf.d/jetty.ini
 
-rw-r--r-- 1 root root 2554 mars  27 17:18 /etc/puppetlabs/puppetdb/conf.d/jetty.ini

After running puppetdb ssl-setup -f:

# ls -l /etc/puppetlabs/puppetdb/conf.d/jetty.ini
 
-rw-r----- 1 root root 2592 mars  27 17:19 /etc/puppetlabs/puppetdb/conf.d/jetty.ini

This permission problem seems to be old (See PDB-2590). But I have never seen it before.
As far I can see, it has been introduced with the last version (6.15.0)

Rob Browning (Jira)

unread,
Apr 15, 2021, 12:21:01 PM4/15/21
to puppe...@googlegroups.com
Rob Browning commented on Bug PDB-5084

Yes, PDB-2590 appears likely to still be a problem. We'll plan to fix it soon too. Thanks.
This message was sent by Atlassian Jira (v8.13.2#813002-sha1:c495a97)
Atlassian logo

Rob Browning (Jira)

unread,
Apr 15, 2021, 12:27:06 PM4/15/21
to puppe...@googlegroups.com
Rob Browning updated an issue
Change By: Rob Browning
Release Notes: Bug Fix
Release Notes Summary: Some previous versions of The ssl-setup command might insert a duplicate setting into the jetty.ini file like this `client-auth = want = client-auth = want`.  The problem can be addressed by removing the duplication, changing that line to `client-auth = want`.
Reply all
Reply to author
Forward
0 new messages