Skip to content

Month: April 2011

puppetmaster-passenger session ticket A: tlsv1 alert decrypt error

There is a bug in the default puppetmaster vhost that’s included in Ubuntu-10.10’s puppetmaster-passenger package.

# puppetd --server puppet.fqdn --waitforcert 60 --no-usecacheonfailure
err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: tlsv1 alert decrypt error
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run

Lucky for us this is easily fixed using the patch below.
If you have trouble copy/pasting it, here’s a direct link: apache_passenger_tlsv1.patch.

*** puppetmaster	Mon Feb  21 15:25:28 2011
--- puppetmaster.new	Mon Feb  21 15:25:13 2011
***************
*** 13,19 ****
          SSLCertificateChainFile /var/lib/puppet/ssl/certs/ca.pem
          # If Apache complains about invalid signatures on the CRL, you can try disabling
          # CRL checking by commenting the next line, but this is not recommended.
!         SSLCARevocationFile     /var/lib/puppet/ssl/ca/ca_crl.pem
          # Set to require if this puppetmaster doesn't issue certificates
          # to puppet clients.
          # NB: this requires SSLCACertificateFile /var/lib/puppet/ssl/certs/ca.pem
--- 13,20 ----
          SSLCertificateChainFile /var/lib/puppet/ssl/certs/ca.pem
          # If Apache complains about invalid signatures on the CRL, you can try disabling
          # CRL checking by commenting the next line, but this is not recommended.
!         # default: SSLCARevocationFile     /var/lib/puppet/ssl/ca/ca_crl.pem
!         SSLCARevocationPath     /var/lib/puppet/ssl/ca/crl
          # Set to require if this puppetmaster doesn't issue certificates
          # to puppet clients.
          # NB: this requires SSLCACertificateFile /var/lib/puppet/ssl/certs/ca.pem

You can apply it using:

# patch -i apache_passenger_tlsv1.patch \
/etc/apache2/sites-available/puppetmaster

I’ve already filed a bug and supplied the solution a while ago. It has been confirmed but it’s still not in the default repositories yet, which is beyond my reach.

Veewee 0.1.16: ‘we tried to create a box or a box was here before but now it’s gone’

A few days ago I ran into a strange error using Veewee 0.1.16 on Mac OSX 10.6.7. Due to this error I couldn’t create a single basebox. No matter what I did. However thanks to @patrickdebois’ speedy support it was easily fixed.

For those who can’t wait for the fix to enter upstream I’ve included the patch below.
And also a direct link veewee_shell_osx10.6.7.patch, if you have trouble copy/pasting it.

# cat veewee_shell_osx10.6.7.patch 
*** shell.rb	Wed Apr  6 15:09:59 2011
--- shell.rb.new	Wed Apr  6 15:10:03 2011
***************
*** 3,16 ****
  module Veewee
    class Shell
   
!     def self.execute(command,options = {})
  
        IO.popen("#{command}") { |f| print f }
      end
      
      #pty allows you to gradually see the output of a local command
      #http://www.shanison.com/?p=415
!       def self.execute2(command, options = {} )
          require "pty"
              begin
                PTY.spawn( command ) do |r, w, pid|
--- 3,16 ----
  module Veewee
    class Shell
   
!     def self.execute2(command,options = {})
  
        IO.popen("#{command}") { |f| print f }
      end
      
      #pty allows you to gradually see the output of a local command
      #http://www.shanison.com/?p=415
!       def self.execute(command, options = {} )
          require "pty"
              begin
                PTY.spawn( command ) do |r, w, pid|

You can apply it using:

# sudo patch -i shell_osx10.6.7.patch \
/opt/local/lib/ruby/gems/1.8/gems/veewee-0.1.16/lib/veewee/shell.rb