Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Problems with later versions of vault gem and puppetserver #5

Closed
dbednall opened this issue Nov 6, 2017 · 5 comments
Closed

Problems with later versions of vault gem and puppetserver #5

dbednall opened this issue Nov 6, 2017 · 5 comments

Comments

@dbednall
Copy link

dbednall commented Nov 6, 2017
edited

In a Puppet 5 server environment using the latest version of the vault-ruby gem, Puppet can successfully perform lookups using puppet lookup from the command line using this module.

However, trying to do the same via a puppet run (i.e. puppet agent -t), which is served by puppetserver, fails.

We think this is due to an older version of Ruby still being used in the latest puppetserver; Puppet 5.2.0 has Ruby 2.4.1p111, puppetserver version 5.1.0 only has Ruby 1.9.3p551.

This is not the fault of this module - but to make it work for a puppet agent -t run, you may need to roll back your vault-ruby gem even as far as 0.6.0. I haven't investigated exactly at which version it becomes incompatible with puppetserver.

Other than by manually upgrading the Ruby version in puppetserver, we have to wait until newer Ruby is included by Puppet.
@gevans-web46
Copy link

Is this the "undefined method 'keep_alive_timeout=' for #<Net::HTTP..." error?

@petems petems mentioned this issue Mar 19, 2018
Open
@petems
Copy link
Owner

petems commented Mar 19, 2018
edited

You can configure Puppetserver to use the new 9k JRuby which will fix this issue: https://puppet.com/docs/puppetserver/5.1/configuration.html#configuring-the-jruby-version

Puppet code looks like this for RHEL (could write some extra to change to /etc/default/puppetserver on Debian flavour):

ini_setting { "Change jruby to 9k":
    ensure  => present,
    setting => 'JRUBY_JAR',
    path    => "/etc/sysconfig/puppetserver",
    key_val_separator => '=',
    section => '',
    value   => '"/opt/puppetlabs/server/apps/puppetserver/jruby-9k.jar"',
    show_diff => true,
    notify  => Class['puppetserver::service']
  }

Works for me in my testing repo: https://github.com/petems/puppet-hiera-vault-vagrant

@Sharpie
Copy link

Sharpie commented Apr 17, 2018

Puppet server 5.x currently defaults to running JRuby 1.7 which is compatible with the Ruby 1.9 Language. The keep_alive_timeout setting wasn't added to Net::HTTP until Ruby 2.0, which is the source of the compatibility issue.

Switching Puppet Server to use JRuby 9k will get you a Ruby runtime that is compatible with Ruby 2. 9k will become the default in the upcoming Puppet Server 6.0 release.

@dbednall
Copy link
Author

We came back to re-implement this again in our infra recently - big thanks @petems @Sharpie for the 9k tip 🙏 it saved some headaches that's for sure 😃
We're currently using the https://github.com/jfroche/hiera-vault fork of this but will stay on the lookout for improvements - #13 could definitely make life easier.

@petems petems mentioned this issue Dec 19, 2018
Closed
@petems
Copy link
Owner

petems commented Dec 30, 2018

Note added to Readme (8b54fbe)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Sharpie @petems @dbednall @gevans-web46