You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I try to apply the module on fresh OS install. No openvpn or easy-rsa package exists on the host before.
class { 'openvpn':
...
crl_auto_renew => true,
}
What are you seeing
As you can see from the log output below, for some reasons Exec[renew crl.pem on server] runs before File[/etc/openvpn/server/easy-rsa/vars] is created. So this exec ends up with error:
/bin/sh: ./vars: No such file or directory
What behaviour did you expect instead
Correct order:
File[/etc/openvpn/server/easy-rsa/vars] -> Exec[renew crl.pem on server]
Output log
Info: Caching catalog for control.spar-nn.internal
Info: Applying configuration version 'fm2-production-ddaa74e12aa'
Notice: /Stage[main]/Openvpn::Install/Package[openvpn]/ensure: created (corrective)
Notice: /Stage[main]/Openvpn::Install/Package[easy-rsa]/ensure: created (corrective)
Notice: /Stage[main]/Openvpn::Install/File[/etc/openvpn/keys]/ensure: created (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/File[/etc/openvpn/server]/group: group changed 'openvpn' to 'nobody' (corrective)
Info: /Stage[main]/Openvpn/Openvpn::Server[server]/File[/etc/openvpn/server]: Scheduling refresh of Service[openvpn@server]
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/File[/etc/openvpn/server/scripts]/ensure: created
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/File[/etc/openvpn/server/auth]/ensure: created (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/File[/etc/openvpn/server/client-configs]/ensure: created (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/File[/etc/openvpn/server/download-configs]/ensure: created (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/File[/etc/openvpn/server.conf]/ensure: defined content as '{md5}ced7ef0db150093a13d9580df777f141' (corrective)
Info: /Stage[main]/Openvpn/Openvpn::Server[server]/File[/etc/openvpn/server.conf]: Scheduling refresh of Service[openvpn@server]
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/Openvpn::Ca[server]/File[/etc/openvpn/server/easy-rsa]/ensure: created (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/Openvpn::Ca[server]/File[/etc/openvpn/server/easy-rsa/easyrsa]/ensure: defined content as '{md5}bfa4bdd544002f712d2e60815ff53277' (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/Openvpn::Ca[server]/File[/etc/openvpn/server/easy-rsa/openssl-easyrsa.cnf]/ensure: defined content as '{md5}6b8725cc3d8de8101ec82ebcef8201fb' (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/Openvpn::Ca[server]/File[/etc/openvpn/server/easy-rsa/x509-types]/ensure: created (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/Openvpn::Ca[server]/File[/etc/openvpn/server/easy-rsa/x509-types/COMMON]/ensure: defined content as '{md5}67d826b0d01b46c4bb442b749039b9dc' (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/Openvpn::Ca[server]/File[/etc/openvpn/server/easy-rsa/x509-types/ca]/ensure: defined content as '{md5}bdf6c4b1e71f502a768eda6e65e1ffbd' (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/Openvpn::Ca[server]/File[/etc/openvpn/server/easy-rsa/x509-types/client]/ensure: defined content as '{md5}84e917d7be5ee502148039694d5e579e' (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/Openvpn::Ca[server]/File[/etc/openvpn/server/easy-rsa/x509-types/code-signing]/ensure: defined content as '{md5}621ccf76427f001f4528af513222ad79' (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/Openvpn::Ca[server]/File[/etc/openvpn/server/easy-rsa/x509-types/email]/ensure: defined content as '{md5}c544c74ab3c1e5eaa69d8a8ec1e30ef7' (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/Openvpn::Ca[server]/File[/etc/openvpn/server/easy-rsa/x509-types/kdc]/ensure: defined content as '{md5}a419f7bf9f3f173251cc389749654af7' (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/Openvpn::Ca[server]/File[/etc/openvpn/server/easy-rsa/x509-types/server]/ensure: defined content as '{md5}d0d7a06379af67505bf5dae59d3e7afb' (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/Openvpn::Ca[server]/File[/etc/openvpn/server/easy-rsa/x509-types/serverClient]/ensure: defined content as '{md5}3b92ac8660e21b3d4bb0b765899c2a3d' (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/Exec[renew crl.pem on server]/returns: /bin/sh: ./vars: No such file or directory
Error: '. ./vars && EASYRSA_REQ_CN='' EASYRSA_REQ_OU='' openssl ca -gencrl -out /etc/openvpn/server/crl.pem -config /etc/openvpn/server/easy-rsa/openssl.cnf' returned 1 instead of one of [0]
Error: /Stage[main]/Openvpn/Openvpn::Server[server]/Exec[renew crl.pem on server]/returns: change from 'notrun' to ['0'] failed: '. ./vars && EASYRSA_REQ_CN='' EASYRSA_REQ_OU='' openssl ca -gencrl -out /etc/openvpn/server/crl.pem -config /etc/openvpn/server/easy-rsa/openssl.cnf' returned 1 instead of one of [0] (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/Openvpn::Ca[server]/File[/etc/openvpn/server/easy-rsa/revoked]/ensure: created (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/Openvpn::Ca[server]/File[/etc/openvpn/server/easy-rsa/vars]/ensure: defined content as '{md5}645752a4f1d2ae7adcb49f6c0407022a' (corrective)
Any additional information you'd like to impart
The text was updated successfully, but these errors were encountered:
Affected Puppet, Ruby, OS and module versions/distributions
How to reproduce (e.g Puppet code you use)
I try to apply the module on fresh OS install. No openvpn or easy-rsa package exists on the host before.
class { 'openvpn':
...
crl_auto_renew => true,
}
What are you seeing
As you can see from the log output below, for some reasons Exec[renew crl.pem on server] runs before File[/etc/openvpn/server/easy-rsa/vars] is created. So this exec ends up with error:
/bin/sh: ./vars: No such file or directory
What behaviour did you expect instead
Correct order:
File[/etc/openvpn/server/easy-rsa/vars] -> Exec[renew crl.pem on server]
Output log
Info: Caching catalog for control.spar-nn.internal
Info: Applying configuration version 'fm2-production-ddaa74e12aa'
Notice: /Stage[main]/Openvpn::Install/Package[openvpn]/ensure: created (corrective)
Notice: /Stage[main]/Openvpn::Install/Package[easy-rsa]/ensure: created (corrective)
Notice: /Stage[main]/Openvpn::Install/File[/etc/openvpn/keys]/ensure: created (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/File[/etc/openvpn/server]/group: group changed 'openvpn' to 'nobody' (corrective)
Info: /Stage[main]/Openvpn/Openvpn::Server[server]/File[/etc/openvpn/server]: Scheduling refresh of Service[openvpn@server]
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/File[/etc/openvpn/server/scripts]/ensure: created
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/File[/etc/openvpn/server/auth]/ensure: created (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/File[/etc/openvpn/server/client-configs]/ensure: created (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/File[/etc/openvpn/server/download-configs]/ensure: created (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/File[/etc/openvpn/server.conf]/ensure: defined content as '{md5}ced7ef0db150093a13d9580df777f141' (corrective)
Info: /Stage[main]/Openvpn/Openvpn::Server[server]/File[/etc/openvpn/server.conf]: Scheduling refresh of Service[openvpn@server]
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/Openvpn::Ca[server]/File[/etc/openvpn/server/easy-rsa]/ensure: created (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/Openvpn::Ca[server]/File[/etc/openvpn/server/easy-rsa/easyrsa]/ensure: defined content as '{md5}bfa4bdd544002f712d2e60815ff53277' (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/Openvpn::Ca[server]/File[/etc/openvpn/server/easy-rsa/openssl-easyrsa.cnf]/ensure: defined content as '{md5}6b8725cc3d8de8101ec82ebcef8201fb' (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/Openvpn::Ca[server]/File[/etc/openvpn/server/easy-rsa/x509-types]/ensure: created (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/Openvpn::Ca[server]/File[/etc/openvpn/server/easy-rsa/x509-types/COMMON]/ensure: defined content as '{md5}67d826b0d01b46c4bb442b749039b9dc' (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/Openvpn::Ca[server]/File[/etc/openvpn/server/easy-rsa/x509-types/ca]/ensure: defined content as '{md5}bdf6c4b1e71f502a768eda6e65e1ffbd' (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/Openvpn::Ca[server]/File[/etc/openvpn/server/easy-rsa/x509-types/client]/ensure: defined content as '{md5}84e917d7be5ee502148039694d5e579e' (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/Openvpn::Ca[server]/File[/etc/openvpn/server/easy-rsa/x509-types/code-signing]/ensure: defined content as '{md5}621ccf76427f001f4528af513222ad79' (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/Openvpn::Ca[server]/File[/etc/openvpn/server/easy-rsa/x509-types/email]/ensure: defined content as '{md5}c544c74ab3c1e5eaa69d8a8ec1e30ef7' (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/Openvpn::Ca[server]/File[/etc/openvpn/server/easy-rsa/x509-types/kdc]/ensure: defined content as '{md5}a419f7bf9f3f173251cc389749654af7' (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/Openvpn::Ca[server]/File[/etc/openvpn/server/easy-rsa/x509-types/server]/ensure: defined content as '{md5}d0d7a06379af67505bf5dae59d3e7afb' (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/Openvpn::Ca[server]/File[/etc/openvpn/server/easy-rsa/x509-types/serverClient]/ensure: defined content as '{md5}3b92ac8660e21b3d4bb0b765899c2a3d' (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/Exec[renew crl.pem on server]/returns: /bin/sh: ./vars: No such file or directory
Error: '. ./vars && EASYRSA_REQ_CN='' EASYRSA_REQ_OU='' openssl ca -gencrl -out /etc/openvpn/server/crl.pem -config /etc/openvpn/server/easy-rsa/openssl.cnf' returned 1 instead of one of [0]
Error: /Stage[main]/Openvpn/Openvpn::Server[server]/Exec[renew crl.pem on server]/returns: change from 'notrun' to ['0'] failed: '. ./vars && EASYRSA_REQ_CN='' EASYRSA_REQ_OU='' openssl ca -gencrl -out /etc/openvpn/server/crl.pem -config /etc/openvpn/server/easy-rsa/openssl.cnf' returned 1 instead of one of [0] (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/Openvpn::Ca[server]/File[/etc/openvpn/server/easy-rsa/revoked]/ensure: created (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[server]/Openvpn::Ca[server]/File[/etc/openvpn/server/easy-rsa/vars]/ensure: defined content as '{md5}645752a4f1d2ae7adcb49f6c0407022a' (corrective)
Any additional information you'd like to impart
The text was updated successfully, but these errors were encountered: