Jira (PUP-10027) net-ldap call from function in puppetserver6 jruby fails

[Larry Orcutt (JIRA)]

Larry Orcutt created an issue

Puppet / PUP-10027 net-ldap call from function in puppetserver6 jruby fails Issue Type: Bug Affects Versions: PUP 6.5.0 Assignee: Unassigned Components: UX Created: 2019/09/20 10:08 AM Fix Versions: SERVER 6.0.0 Priority: Normal Reporter: Larry Orcutt Puppet Version: 6.7 Puppet Server Version: 6.5 puppetserver-6.5.0-1.el7.noarch OS Name/Version: rhel 7 [root@ ~]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.6 (Maipo) [root@ ~]# uname -r 3.10.0-957.27.2.el7.x86_64 [root@ ~]# Describe your issue in as much detail as possible… Internally developed function uses net-ldap gem to query ldap. Code works on puppetserver5 and on ruby test script outside of jruby, but fails when pointed at a puppetserver6 compiler. puppetserver gem list net-ldap LOCAL GEMS *** net-ldap (0.16.1) Error on  client is: Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Function Call, (file: ...../modules/user/manifests/test.pp, line: 2, column: 8) on node orcutt-dev.ccs.ornl.gov Describe steps to reproduce… puppetserver v6 puppetserver gem install net-ldap assign class to call following test function: require 'net/ldap' Puppet::Functions.create_function(:ldaptest) do dispatch :ldaptest do end def ldaptest() user = 'test1 ldap_server = 'ldap.example.com' ldap_base = 'ou=moderate,dc=foo,dc=bar,dc=com' u_ldap_base = "ou=People,#{ldap_base}" u_ldap_filter = "(uid=#{user})" ldap = Net::LDAP.new( {    :host => ldap_server,    :port => 389,    :encryption => :start_tls,    :connect_timeout => 2, } ) x = ldap.search(   :base => u_ldap_base,    :filter => u_ldap_filter ) return "LDAP:<#{x}>" end end run puppet agent on client Desired Behavior: Actual Behavior: [root@]# puppet agent -t -E env1 --server puppetserver1 Info: Using configured environment 'env1' Info: Retrieving pluginfacts Info: Retrieving plugin Info: Retrieving locales Info: Loading facts Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Function Call, (file: ..../modules/user/manifests/test.pp, line: 2, column: 8) on node xxx Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run [root@]#     Huge stack dump in puppetserver.log. If unable to reproduce with these instructions can arrange more log information.       Add Comment

This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93)

[Larry Orcutt (JIRA)]

Larry Orcutt updated an issue

Puppet / PUP-10027 net-ldap call from function in puppetserver6 jruby fails

Change By: Larry Orcutt *Puppet Version: 6.7* *Puppet Server Version: 6.5* puppetserver-6.5.0-1.el7.noarch *OS Name/Version: rhel 7*

[root@ ~]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.6 (Maipo) [root@ ~]# uname -r 3.10.0-957.27.2.el7.x86_64 [root@ ~]#

+Describe your issue in as much detail as possible…+

Internally developed function uses net-ldap gem to query ldap. Code works on puppetserver5 and on ruby test script outside of jruby, but fails when pointed at a puppetserver6 compiler.

# puppetserver gem list net-ldap * ** *** LOCAL GEMS *** net-ldap (0.16.1) +*Error on  client is:*+ Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Function Call, (file: ...../modules/user/manifests/test.pp, line: 2, column: 8) on node orcutt-dev.ccs.ornl.gov xxx *+Describe steps to reproduce…+* # puppetserver v6 # puppetserver gem install net-ldap # assign class to call following test function:

require 'net/ldap' Puppet::Functions.create_function(:ldaptest) do dispatch :ldaptest do end def ldaptest() user = 'test1 ldap_server = 'ldap.example.com' ldap_base = 'ou=moderate,dc=foo,dc=bar,dc=com' u_ldap_base = "ou=People,#\{ldap_base}" u_ldap_filter = "(uid=#\{user})" ldap = Net::LDAP.new(

{

{    :host => ldap_server,    :port => 389,    :encryption => :start_tls,    :connect_timeout => 2, }

) x = ldap.search(   :base => u_ldap_base,    :filter => u_ldap_filter ) return "LDAP:<#\{x}>" end end run puppet agent on client

*Desired Behavior:* *Actual Behavior:*

[root@]# puppet agent -t -E env1 --server puppetserver1 Info: Using configured environment 'env1' Info: Retrieving pluginfacts Info: Retrieving plugin Info: Retrieving locales Info: Loading facts Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Function Call, (file: ..../modules/user/manifests/test.pp, line: 2, column: 8) on node xxx Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run [root@]#     Huge stack dump in puppetserver.log. If unable to reproduce with these instructions can arrange more log information.

Add Comment

[Larry Orcutt (JIRA)]

Larry Orcutt updated an issue

Puppet / PUP-10027 net-ldap call from function in puppetserver6 jruby fails Change By: Larry Orcutt

*Puppet Version: 6.7* *Puppet Server Version: 6.5* puppetserver-6.5.0-1.el7.noarch *OS Name/Version: rhel 7* ``` [root@ ~]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.6 (Maipo) [root@ ~]# uname -r 3.10.0-957.27.2.el7.x86_64 [root@ ~]# ```

+Describe your issue in as much detail as possible…+ Internally developed function uses net-ldap gem to query ldap. Code works on puppetserver5 and on ruby test script outside of jruby, but fails when pointed at a puppetserver6 compiler. # puppetserver gem list net-ldap * ** *** LOCAL GEMS *** net-ldap (0.16.1) +*Error on  client is:*+

Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Function Call, (file: ...../modules/user/manifests/test.pp, line: 2, column: 8) on node xxx

[Jorie Tappa (JIRA)]

Jorie Tappa updated an issue

Puppet / PUP-10027 net-ldap call from function in puppetserver6 jruby fails

Change By: Jorie Tappa Team: Server

Add Comment

[Josh Cooper (JIRA)]

Josh Cooper updated an issue

Puppet / PUP-10027 net-ldap call from function in puppetserver6 jruby fails

Change By: Josh Cooper Fix Version/s: SERVER 6.0.0

Add Comment

[Josh Cooper (JIRA)]

Josh Cooper updated an issue

Puppet / PUP-10027 net-ldap call from function in puppetserver6 jruby fails Change By: Josh Cooper

*Puppet Version: 6.7* *Puppet Server Version: 6.5* puppetserver-6.5.0-1.el7.noarch *OS Name/Version: rhel 7*

``` {noformat}

[root@ ~]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.6 (Maipo) [root@ ~]# uname -r 3.10.0-957.27.2.el7.x86_64 [root@ ~]#

``` {noformat}

+Describe your issue in as much detail as possible…+ Internally developed function uses net-ldap gem to query ldap. Code works on puppetserver5 and on ruby test script outside of jruby, but fails when pointed at a puppetserver6 compiler.

{noformat}

# puppetserver gem list net-ldap * ** *** LOCAL GEMS *** net-ldap (0.16.1)

{noformat}

+*Error on  client is:*+

{noformat}

Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Function Call, (file: ...../modules/user/manifests/test.pp, line: 2, column: 8) on node xxx

{noformat}

*+Describe steps to reproduce…+* # puppetserver v6 # puppetserver gem install net-ldap # assign class to call following test function: ```

{code:ruby}

require 'net/ldap' Puppet::Functions.create_function(:ldaptest) do dispatch :ldaptest do end def ldaptest() user = 'test1 ldap_server = 'ldap.example.com' ldap_base = 'ou=moderate,dc=foo,dc=bar,dc=com' u_ldap_base = "ou=People,#\{ldap_base}" u_ldap_filter = "(uid=#\{user})" ldap = Net::LDAP.new( {    :host => ldap_server,    :port => 389,    :encryption => :start_tls,    :connect_timeout => 2, } ) x = ldap.search(   :base => u_ldap_base,    :filter => u_ldap_filter ) return "LDAP:<#\{x}>" end end

``` {code}

run puppet agent on client *Desired Behavior:* *Actual Behavior:*

{noformat}

[root@]# puppet agent -t -E env1 --server puppetserver1 Info: Using configured environment 'env1' Info: Retrieving pluginfacts Info: Retrieving plugin Info: Retrieving locales Info: Loading facts Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Function Call, (file: ..../modules/user/manifests/test.pp, line: 2, column: 8) on node xxx Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run [root@]#

{noformat}

Huge stack dump in puppetserver.log. If unable to reproduce with these instructions can arrange more log information.

Add Comment

[Josh Cooper (JIRA)]

Josh Cooper commented on PUP-10027

Re: net-ldap call from function in puppetserver6 jruby fails Based on :encryption => :start_tls, I'm guessing this is an issue with the net/ldap gem trying to load openssl and related OpenSSL::* classes in JRuby. Can you provide more info from the puppetserver log?

Add Comment

[Larry Orcutt (JIRA)]

Larry Orcutt commented on PUP-10027

Re: net-ldap call from function in puppetserver6 jruby fails

I worked around it by simply not using that gem anymore as I had to to get the upgrade in place - so I don't have those logs any more. There was very little in the puppetserver log.   I troubleshot by embedding print statements down in the gem ruby code and finally got to where I couldn't trace it any more - I think it was in net/ldap/connection.rb   Sorry I can't tell you any more.

Add Comment