Re: [Puppet Users] Starting master fails
131 views
Skip to first unread message
Jakov Sosic
Sep 21, 2012, 5:39:27 PM9/21/12
to puppet...@googlegroups.com
On 09/21/2012 01:35 PM, Peter Spatz wrote:
> Hello,
>
> first, i�m new to puppet. I�m searching for a configuration management
> tool and puppet was in focus.
> I�m using Solaris Zone
> SunOS: 5.10 Generic_147440-15 sun4v sparc sun4v
> Ruby: ruby 1.8.5 (2006-12-04 patchlevel 2) [sparc-solaris2.10]
> puppet: v3.0.0-rc6
> /lib:/usr/lib:/opt/coolstack/mysql_32bit/bin/:/opt/coolstack/mysql_32bit/lib/:/usr/local/lib:/opt/sfw/lib/ruby/:/usr/local/ss/lib/
>
> Starting puppet master, syslog prints:
>
> Sep 21 13:24:55 sis102f0 puppet-master[9649]: [ID 702911 daemon.debug]
> Finishing transaction 6891204
> Sep 21 13:24:55 sis102f0 puppet-master[9649]: [ID 702911 daemon.info]
> Creating a new SSL certificate request for ca
> Sep 21 13:24:55 sis102f0 puppet-master[9649]: [ID 702911 daemon.error]
> Could not prepare for execution: uninitialized constant
> OpenSSL::Digest::SHA256
>
> What�s missing?
First, what does the:
$ which ruby
says?
Then try this:
$ ruby -ropenssl -e 'p OpenSSL::Digest::Digest.new("sha256")'
and this:
$ ruby -e "puts require('openssl')"
And then report back with output.
Also, that being Solaris, check whether you have more than one ruby
installations on system and if you are using the right one...
--
Jakov Sosic
www.srce.unizg.hr
> Hello,
>
> first, i�m new to puppet. I�m searching for a configuration management
> tool and puppet was in focus.
> I�m using Solaris Zone
> SunOS: 5.10 Generic_147440-15 sun4v sparc sun4v
> Ruby: ruby 1.8.5 (2006-12-04 patchlevel 2) [sparc-solaris2.10]
> puppet: v3.0.0-rc6
> /lib:/usr/lib:/opt/coolstack/mysql_32bit/bin/:/opt/coolstack/mysql_32bit/lib/:/usr/local/lib:/opt/sfw/lib/ruby/:/usr/local/ss/lib/
>
> Starting puppet master, syslog prints:
>
> Sep 21 13:24:55 sis102f0 puppet-master[9649]: [ID 702911 daemon.debug]
> Finishing transaction 6891204
> Sep 21 13:24:55 sis102f0 puppet-master[9649]: [ID 702911 daemon.info]
> Creating a new SSL certificate request for ca
> Sep 21 13:24:55 sis102f0 puppet-master[9649]: [ID 702911 daemon.error]
> Could not prepare for execution: uninitialized constant
> OpenSSL::Digest::SHA256
>
> What�s missing?
First, what does the:
$ which ruby
says?
Then try this:
$ ruby -ropenssl -e 'p OpenSSL::Digest::Digest.new("sha256")'
and this:
$ ruby -e "puts require('openssl')"
And then report back with output.
Also, that being Solaris, check whether you have more than one ruby
installations on system and if you are using the right one...
--
Jakov Sosic
www.srce.unizg.hr
Greg
Oct 31, 2012, 12:52:06 AM10/31/12
to puppet...@googlegroups.com
Have found the same issue and it looks like you need to have a version of OpenSSL that supports the encryption installed. Note: This only appears to be in the 3.x stream - must be a change in there to strengthen the certificates or something. 2.x seems OK as far as I can tell...
On Saturday, 22 September 2012 07:39:50 UTC+10, Jakov Sosic wrote:
The one Oracle/Sun provides in /usr/sfw doesn't support SHA256 by the looks of it (Its OpenSSL 0.9.7d with security patches)
Run ldd against the OpenSSL library in Ruby to confirm which library you are using:
bash-3.2# ldd ./lib/ruby/1.8/i386-solaris2.10/openssl.so | grep ssl
libssl.so.0.9.7 => /usr/sfw/lib/64/libssl.so.0.9.7 <-- /usr/sfw/lib is core Solaris GNU packages - really old...
libssl_extra.so.0.9.7 => /usr/sfw/lib/amd64/libssl_extra.so.0.9.7
(NOTE: You will need find your openssl.so object - in my case its from a self-compiled copy of ruby...)
bash-3.2# uname -a
SunOS test1 5.10 Generic_147441-25 i86pc i386 i86pc
bash-3.2# /usr/sfw/bin/openssl version
OpenSSL 0.9.7d 17 Mar 2004 (+ security fixes for: CVE-2005-2969 CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343 CVE-2006-7250 CVE-2007-5135 CVE-2007-3108 CVE-2008-5077 CVE-2008-7270 CVE-2009-0590 CVE-2009-2409 CVE-2009-3555 CVE-2010-4180 CVE-2011-4576 CVE-2011-4619 CVE-2012-0884 CVE-2012-1165 CVE-2012-2110 CVE-2012-2131 CVE-2012-2333)
Basically, looks like you need to get packages for (or compile) a more recent version of OpenSSL then link ruby against it. A very brief glance at http://www.openssl.org/news/changelog.html suggests that you need version 1.0.1 or later.
Checking Solaris 11:
bash# openssl version
OpenSSL 1.0.0j 10 May 2012
bash# uname -a
SunOS test2 5.11 11.0 i86pc i386 i86pc
This version also seems to support sha256, so looks like it may be available in some current 1.0.0 streams as well...
Hope that helps...
Greg
On Saturday, 22 September 2012 07:39:50 UTC+10, Jakov Sosic wrote:
On 09/21/2012 01:35 PM, Peter Spatz wrote:
> Hello,
>
> first, i�m new to puppet. I�m searching for a configuration management
> tool and puppet was in focus.
> I�m using Solaris Zone
> SunOS: 5.10 Generic_147440-15 sun4v sparc sun4v
> Ruby: ruby 1.8.5 (2006-12-04 patchlevel 2) [sparc-solaris2.10]
> puppet: v3.0.0-rc6
> /lib:/usr/lib:/opt/coolstack/mysql_32bit/bin/:/opt/coolstack/mysql_32bit/lib/:/usr/local/lib:/opt/sfw/lib/ruby/:/usr/local/ss/lib/
>
> Starting puppet master, syslog prints:
>
> Sep 21 13:24:55 sis102f0 puppet-master[9649]: [ID 702911 daemon.debug]
> Finishing transaction 6891204
> Sep 21 13:24:55 sis102f0 puppet-master[9649]: [ID 702911 daemon.info]
> Creating a new SSL certificate request for ca
> Sep 21 13:24:55 sis102f0 puppet-master[9649]: [ID 702911 daemon.error]
> Could not prepare for execution: uninitialized constant
> OpenSSL::Digest::SHA256
>
> What�s missing?
Reply all
Reply to author
Forward
0 new messages