[Bug 950183] [NEW] puppetmaster-passenger postinst creates wrong certificate files and puppetmaster vhost if puppet config print has an error

Glenn Aaldering glenn at openvideo.nl
Thu Mar 8 19:19:44 UTC 2012 

Public bug reported:

How to reproduce:

echo abc > /etc/puppet/puppet.conf

root at host:~# puppet config print
err: Could not parse /etc/puppet/puppet.conf: Could not match line abc at /etc/puppet/puppet.conf:abc

root at host:~# aptitude install puppetmaster-passenger
The following NEW packages will be installed:
  puppetmaster-common{a} puppetmaster-passenger 
0 packages upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/27.9 kB of archives. After unpacking 635 kB will be used.
Do you want to continue? [Y/n/?] y
Selecting previously unselected package puppetmaster-common.
(Reading database ... 25302 files and directories currently installed.)
Unpacking puppetmaster-common (from .../puppetmaster-common_2.7.11-1_all.deb) ...
Selecting previously unselected package puppetmaster-passenger.
Unpacking puppetmaster-passenger (from .../puppetmaster-passenger_2.7.11-1_all.deb) ...
Processing triggers for man-db ...
Processing triggers for ureadahead ...
Setting up puppetmaster-common (2.7.11-1) ...
 * Starting puppet queue                                                                                                                                                                                     [ OK ] 
Setting up puppetmaster-passenger (2.7.11-1) ...
err: Could not parse /etc/puppet/puppet.conf: Could not match line abc at /etc/puppet/puppet.conf:abc
notice: err: has a waiting certificate request
notice: Signed certificate request for err:
notice: Removing file Puppet::SSL::CertificateRequest err: at '/etc/puppet/ssl/ca/requests/err:.pem'
notice: Removing file Puppet::SSL::CertificateRequest err: at '/etc/puppet/ssl/certificate_requests/err:.pem'
notice: could has a waiting certificate request
notice: Signed certificate request for could
notice: Removing file Puppet::SSL::CertificateRequest could at '/etc/puppet/ssl/ca/requests/could.pem'
notice: Removing file Puppet::SSL::CertificateRequest could at '/etc/puppet/ssl/certificate_requests/could.pem'
notice: not has a waiting certificate request
notice: Signed certificate request for not
notice: Removing file Puppet::SSL::CertificateRequest not at '/etc/puppet/ssl/ca/requests/not.pem'
notice: Removing file Puppet::SSL::CertificateRequest not at '/etc/puppet/ssl/certificate_requests/not.pem'
notice: parse has a waiting certificate request
notice: Signed certificate request for parse
notice: Removing file Puppet::SSL::CertificateRequest parse at '/etc/puppet/ssl/ca/requests/parse.pem'
notice: Removing file Puppet::SSL::CertificateRequest parse at '/etc/puppet/ssl/certificate_requests/parse.pem'
crit: directory traversal detected in Puppet::SSL::Certificate::File: "/etc/puppet/puppet.conf:"
err: Cached certificate for /etc/puppet/puppet.conf: failed: invalid key
crit: directory traversal detected in Puppet::SSL::Certificate::Ca: "/etc/puppet/puppet.conf:"
err: Could not call generate: invalid key
Module ssl already enabled
Enabling site puppetmaster.
To activate the new configuration, you need to run:
  service apache2 reload
Syntax error on line 18 of /etc/apache2/sites-enabled/puppetmaster:
SSLCertificateFile: file '/etc/puppet/ssl/certs/squigley.namespace.at.pem' does not exist or is empty
Action 'configtest' failed.
The Apache error log may have more information.
   ...fail!
invoke-rc.d: initscript apache2, action "restart" failed.
dpkg: error processing puppetmaster-passenger (--configure):
 subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
 puppetmaster-passenger
E: Sub-process /usr/bin/dpkg returned an error code (1)
A package failed to install.  Trying to recover:
Setting up puppetmaster-passenger (2.7.11-1) ...
err: Could not parse /etc/puppet/puppet.conf: Could not match line abc at /etc/puppet/puppet.conf:abc
err: Could not call generate: A Certificate already exists for err:
Module ssl already enabled
Site puppetmaster already enabled
Syntax error on line 18 of /etc/apache2/sites-enabled/puppetmaster:
SSLCertificateFile: file '/etc/puppet/ssl/certs/squigley.namespace.at.pem' does not exist or is empty
Action 'configtest' failed.
The Apache error log may have more information.
   ...fail!
invoke-rc.d: initscript apache2, action "restart" failed.
dpkg: error processing puppetmaster-passenger (--configure):
 subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
 puppetmaster-passenger

** Affects: puppet (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to puppet in Ubuntu.
https://bugs.launchpad.net/bugs/950183

Title:
  puppetmaster-passenger postinst creates wrong certificate files and
  puppetmaster vhost if puppet config print has an error

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/950183/+subscriptions

More information about the Ubuntu-server-bugs mailing list