puppetlabs/java_ks modules and puppet:// uri paths
144 views
Skip to first unread message
Juan Sierra Pons
May 20, 2014, 9:30:01 AM5/20/14
to puppet...@googlegroups.com
Hi,
I am recently using the puppetlabs/java_ks module. The documentation
claims that the module supports puppet:// uri path for certificates:
from https://forge.puppetlabs.com/puppetlabs/java_ks:
"
certificate
An already-signed certificate to place in the keystore. Accepts local
file paths or puppet:// uri paths.
"
I am using the following code:
java_ks {"$hostname-$certificate":
ensure => latest,
certificate => "puppet:///extra_files/certificates/mycert.org.crt",
target => hiera('java::keystore::path'),
password => hiera('java::certificate::password'),
trustcacerts => true,
}
But when I run the command, the following error appears:
Info: Applying configuration version 'd4944df'
Notice: /Stage[main]/Puppet::Agent::Config/Ini_setting[environment]/value:
value changed 'working_hashes' to 'keystore'
Error: Execution of 'keytool -importcert -noprompt -alias
myserver-mycert.org.crt.org.crt -file
/etc/puppet/files/certificates/mycert.org.crt -keystore /home/devops/
.keystore -trustcacerts' returned 1: Enter keystore password:
Re-enter new password: keytool error: java.io.FileNotFoundException:
/etc/puppet/files/certifi
cates/mycert.org.crt (No such file or directory)
It is referencing the path on the puppet client instead of using the
puppet:/// uri to download the certificate:
keytool -importcert -noprompt -alias myserver-mycert.org.crt.org.crt
-file /etc/puppet/files/certificates/mycert.org.crt -keystore
/home/devops/
Any Idea what I am doing wrong?
Best regards
--------------------------------------------------------------------------------------
Juan Sierra Pons ju...@elsotanillo.net
Linux User Registered: #257202
Web: http://www.elsotanillo.net Git: http://www.github.com/juasiepo
GPG key = 0xA110F4FE
Key Fingerprint = DF53 7415 0936 244E 9B00 6E66 E934 3406 A110 F4FE
--------------------------------------------------------------------------------------
I am recently using the puppetlabs/java_ks module. The documentation
claims that the module supports puppet:// uri path for certificates:
from https://forge.puppetlabs.com/puppetlabs/java_ks:
"
certificate
An already-signed certificate to place in the keystore. Accepts local
file paths or puppet:// uri paths.
"
I am using the following code:
java_ks {"$hostname-$certificate":
ensure => latest,
certificate => "puppet:///extra_files/certificates/mycert.org.crt",
target => hiera('java::keystore::path'),
password => hiera('java::certificate::password'),
trustcacerts => true,
}
But when I run the command, the following error appears:
Info: Applying configuration version 'd4944df'
Notice: /Stage[main]/Puppet::Agent::Config/Ini_setting[environment]/value:
value changed 'working_hashes' to 'keystore'
Error: Execution of 'keytool -importcert -noprompt -alias
myserver-mycert.org.crt.org.crt -file
/etc/puppet/files/certificates/mycert.org.crt -keystore /home/devops/
.keystore -trustcacerts' returned 1: Enter keystore password:
Re-enter new password: keytool error: java.io.FileNotFoundException:
/etc/puppet/files/certifi
cates/mycert.org.crt (No such file or directory)
It is referencing the path on the puppet client instead of using the
puppet:/// uri to download the certificate:
keytool -importcert -noprompt -alias myserver-mycert.org.crt.org.crt
-file /etc/puppet/files/certificates/mycert.org.crt -keystore
/home/devops/
Any Idea what I am doing wrong?
Best regards
--------------------------------------------------------------------------------------
Juan Sierra Pons ju...@elsotanillo.net
Linux User Registered: #257202
Web: http://www.elsotanillo.net Git: http://www.github.com/juasiepo
GPG key = 0xA110F4FE
Key Fingerprint = DF53 7415 0936 244E 9B00 6E66 E934 3406 A110 F4FE
--------------------------------------------------------------------------------------
Morgan Haskel
May 20, 2014, 4:55:28 PM5/20/14
to puppet...@googlegroups.com
Juan,
Are you exporting extra_files as a mountpoint in fileserver.conf? If not and extra_files is in a module then the path should be puppet:///modules/<modulename>/extra_files/certificates/mycert.org.crt
The documentation at http://docs.puppetlabs.com/guides/file_serving.html might help.
Morgan
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CABS%3Dy9smEYZNWrH82J2n3JEyEa-UFkrKtneVT2v_Yzg%3D4FEohw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Morgan Haskel
Module Engineer
Join us at PuppetConf 2014, September 23-24 in San Francisco - http://puppetconf.com
Juan Sierra Pons
May 21, 2014, 2:50:31 AM5/21/14
to puppet...@googlegroups.com
Hi Morgan,
Yes, I have configured [extra_files] and it is working ok with other
module. The isue here is that instead of downloading the file
mycert.org.crt and using it while running the local command it
references it as if the certificate were already on the client and
using the [extra_files] actual path (on the puppetmaster)
This is the command (as seen on debug)
on the puppetmaster.
BTW: there is an open bug about this:
https://tickets.puppetlabs.com/browse/MODULES-559
Thanks for your time
Best regards
--------------------------------------------------------------------------------------
Juan Sierra Pons ju...@elsotanillo.net
Linux User Registered: #257202
Web: http://www.elsotanillo.net Git: http://www.github.com/juasiepo
GPG key = 0xA110F4FE
Key Fingerprint = DF53 7415 0936 244E 9B00 6E66 E934 3406 A110 F4FE
--------------------------------------------------------------------------------------
> https://groups.google.com/d/msgid/puppet-users/CA%2BFnDv06c8__o%2BwF7pFM8bpSMFdQpRA%3D%3DKFn5H_V3sfSpaf5Eg%40mail.gmail.com.
Yes, I have configured [extra_files] and it is working ok with other
module. The isue here is that instead of downloading the file
mycert.org.crt and using it while running the local command it
references it as if the certificate were already on the client and
using the [extra_files] actual path (on the puppetmaster)
This is the command (as seen on debug)
keytool -importcert -noprompt -alias myserver-mycert.org.crt.org.crt
-file /etc/puppet/files/certificates/mycert.org.crt -keystore
/home/devops/
/etc/puppet/files/certificates/mycert.org.crt is the actual path but
-file /etc/puppet/files/certificates/mycert.org.crt -keystore
/home/devops/
on the puppetmaster.
BTW: there is an open bug about this:
https://tickets.puppetlabs.com/browse/MODULES-559
Thanks for your time
Best regards
--------------------------------------------------------------------------------------
Juan Sierra Pons ju...@elsotanillo.net
Linux User Registered: #257202
Web: http://www.elsotanillo.net Git: http://www.github.com/juasiepo
GPG key = 0xA110F4FE
Key Fingerprint = DF53 7415 0936 244E 9B00 6E66 E934 3406 A110 F4FE
--------------------------------------------------------------------------------------
Morgan Haskel
May 22, 2014, 2:26:55 PM5/22/14
to puppet...@googlegroups.com
Juan,
We're looking into this ticket.
Morgan
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CABS%3Dy9scS4kfoun-31Xy4kofiOsYQBK8UWsqqKUUhtgPYMdOpw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages