Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Problems with later versions of vault gem and puppetserver #5

Closed
dbednall opened this issue Nov 6, 2017 · 5 comments
Closed

Problems with later versions of vault gem and puppetserver #5

dbednall opened this issue Nov 6, 2017 · 5 comments

Comments

@dbednall
Copy link

@dbednall dbednall commented Nov 6, 2017

In a Puppet 5 server environment using the latest version of the vault-ruby gem, Puppet can successfully perform lookups using puppet lookup from the command line using this module.

However, trying to do the same via a puppet run (i.e. puppet agent -t), which is served by puppetserver, fails.

We think this is due to an older version of Ruby still being used in the latest puppetserver; Puppet 5.2.0 has Ruby 2.4.1p111, puppetserver version 5.1.0 only has Ruby 1.9.3p551.

This is not the fault of this module - but to make it work for a puppet agent -t run, you may need to roll back your vault-ruby gem even as far as 0.6.0. I haven't investigated exactly at which version it becomes incompatible with puppetserver.

Other than by manually upgrading the Ruby version in puppetserver, we have to wait until newer Ruby is included by Puppet.

@gevans-web46

This comment has been minimized.

Copy link

@gevans-web46 gevans-web46 commented Mar 8, 2018

Is this the "undefined method 'keep_alive_timeout=' for #<Net::HTTP..." error?

@petems

This comment has been minimized.

Copy link
Owner

@petems petems commented Mar 19, 2018

You can configure Puppetserver to use the new 9k JRuby which will fix this issue: https://puppet.com/docs/puppetserver/5.1/configuration.html#configuring-the-jruby-version

Puppet code looks like this for RHEL (could write some extra to change to /etc/default/puppetserver on Debian flavour):

ini_setting { "Change jruby to 9k":
    ensure  => present,
    setting => 'JRUBY_JAR',
    path    => "/etc/sysconfig/puppetserver",
    key_val_separator => '=',
    section => '',
    value   => '"/opt/puppetlabs/server/apps/puppetserver/jruby-9k.jar"',
    show_diff => true,
    notify  => Class['puppetserver::service']
  }

Works for me in my testing repo: https://github.com/petems/puppet-hiera-vault-vagrant

@Sharpie

This comment has been minimized.

Copy link

@Sharpie Sharpie commented Apr 17, 2018

Puppet server 5.x currently defaults to running JRuby 1.7 which is compatible with the Ruby 1.9 Language. The keep_alive_timeout setting wasn't added to Net::HTTP until Ruby 2.0, which is the source of the compatibility issue.

Switching Puppet Server to use JRuby 9k will get you a Ruby runtime that is compatible with Ruby 2. 9k will become the default in the upcoming Puppet Server 6.0 release.

@dbednall

This comment has been minimized.

Copy link
Author

@dbednall dbednall commented May 12, 2018

We came back to re-implement this again in our infra recently - big thanks @petems @Sharpie for the 9k tip 🙏 it saved some headaches that's for sure 😃
We're currently using the https://github.com/jfroche/hiera-vault fork of this but will stay on the lookout for improvements - #13 could definitely make life easier.

@petems

This comment has been minimized.

Copy link
Owner

@petems petems commented Dec 30, 2018

Note added to Readme (8b54fbe)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.