my autosign script passes cli tests, but fails when invoked by puppet master

asked 2018-03-28 22:19:00 -0600

hesco gravatar image

puppet config print autosign --section master gives me a full readable path to an autosign.sh script which exit $? to give me a 0 for thumbs up and a 1 or perhaps some other non-successful grep return code if it fails. It also echos some progress indicators to STDERR.

I try to get a new certificate by kicking off a build on the jenkins server, it takes its 600s to time out.
It reports csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml, but then also gives me this at 20s intervals for ten minutes: Notice: Did not receive certificate

If I then run the script at the command line, with the expected argument and the cert redirected on STDIN, like so: /etc/puppetlabs/puppet/autosign.sh thisapp00046.jenkinsagent.example.com < /etc/puppetlabs/puppet/ssl/ca/re quests/thisapp00046.jenkinsagent.example.com.pem

the expected file gets created, and evaluated and I get anticipated results: 0, success, yet no certificate is signed, and the csr remains in my sslca/requests folder.

I am expecting to see the STDERR from my autosign.sh script in the jenkins console, but am not, so wonder what might be amiss, that it is perhaps not getting run, in spite of what puppet config print autosign --section master might report after a restart.

What might I be missing please?

edit retag flag offensive close merge delete

Comments

So I slept on it, enabled debug logging, restarted puppetserver again, ran a test from the jenkins server and it worked. been doing service restarts throughout, cannot imagine what has changed other than I am more rested at the moment, but this seems to be working. Thanks to _rc, on irc who helped

hesco gravatar imagehesco ( 2018-03-29 11:56:53 -0600 )edit