Date: Wed, 27 Dec 2017 23:28:37 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 224623] sysutils/puppet4: Ruby 2.3.6 Update breaks puppetmaster rc.d script Message-ID: <bug-224623-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D224623 Bug ID: 224623 Summary: sysutils/puppet4: Ruby 2.3.6 Update breaks puppetmaster rc.d script Product: Ports & Packages Version: Latest Hardware: amd64 OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: puppet@FreeBSD.org Reporter: rainbow@purlinux.org Flags: maintainer-feedback?(puppet@FreeBSD.org) Assignee: puppet@FreeBSD.org Due to this code ( https://bugs.ruby-lang.org/issues/14005 ) added to the R= uby 2.3.6 release and beyond, Webrick, the default http daemon for Ruby process= es, can not create OpenSSL connections using 1.0.2k-freebsd in Base. While a separate issue is being looked into with Ruby upstream and hopefully resolved, this is an opportunity for us to move towards our port being in compliance with Puppet best practices. The sysutils/puppet4 port currently relies on the system installation of Ru= by, which isn't a problem. However, we currently ship a "puppetmaster" rc.d scr= ipt with puppet4 that launches a webrick process instead of pointing folks to t= he appropriate way to manage a puppetserver in production. As is shown here (=20 https://puppet.com/docs/puppet/4.10/services_master_webrick.html#important-= deprecation-warning https://docs.puppet.com/puppet/4.1/deprecated_servers.html ), this method of running a puppet server is being deprecated upstream and = soon will no longer be functional even on the versions of Ruby puppet explicitly tests with. The way upstream suggests to work with puppet is via puppetserver:=20 ( https://docs.puppet.com/puppetserver/2.1/services_master_puppetserver.htm= l ) While causing sysutils/puppet4 to rely on puppetserver is not ideal (though that should be the default with sysutils/puppet5), it would be beneficial to users of Puppet4 on FreeBSD to receive a message after installing the port = or package that provided some of the links above, and informed them that Puppet Server was the way forward. In future releases, it may make sense to remove= the puppetmaster rc.d script entirely, but due to the upcoming (in the next few years) deprecation of Puppet4 entirely, it may not make sense entirely to do so, even with the script being broken after the current Ruby update. With that being said, as it stands currently, puppetmaster is broken, and I feel we should evaluate the benefits of including a message like the one suggested above to inform users, as all current guides for deploying puppet= on freebsd suggest the use of the puppetmaster rc.d script instead of installi= ng sysutils/puppetserver (which acts as a drop-in replacement for puppetmaster) ----- Logs associated with the aforementioned failure in:/var/log/puppet/masterhttp.log -- [2017-12-25 21:30:26] ERROR OpenSSL::SSL::SSLError: SSL_accept returned=3D1 errno=3D0 state=3DSSLv3 read client hello B: unexpected record /usr/local/lib/ruby/site_ruby/2.3/puppet/network/http/webrick.rb:32= :in `accept' /usr/local/lib/ruby/site_ruby/2.3/puppet/network/http/webrick.rb:32= :in `block (2 levels) in listen' /usr/local/lib/ruby/2.3/webrick/server.rb:314:in `block in start_thread' ----- System Information: FreeBSD 11.1-RELEASE-p1 x64 puppet4-4.10.8 Name : puppet4 Version : 4.10.8 Installed on : Mon Dec 25 21:06:47 2017 PST Origin : sysutils/puppet4 ruby-2.3.6,1 Name : ruby Version : 2.3.6,1 Installed on : Tue Dec 26 21:40:43 2017 PST Origin : lang/ruby23 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-224623-13>