Bug #3363
Puppet Master webrick server doesn't work with Ruby Enterprise Edition
| Status: | Closed | Start: | 03/11/2010 | |
|---|---|---|---|---|
| Priority: | Low | Due date: | ||
| Assignee: | - | % Done: | 0% |
|
| Category: | server | |||
| Target version: | - | |||
| Affected version: | 0.25.4 | Branch: | ||
| Keywords: | ree rubyenterprise passenger sk_x509_num undefined symbol | |||
| Votes: | 1 |
Description
While debugging, I notice that Ruby Enterprise Edition does not work correctly with puppetmasterd when running within the webrick server.
This is almost certainly an issue with ruby enterprise edition, but I’m documenting the issue here since it has bit other people as well (http://urgetopunt.com/puppet/2010/02/28/running-puppet-with-ree.html)
This is ruby-enterprise-1.8.7-2010.01, passenger 2.2.11 and Puppet 0.25.4.
When starting the puppet master using:
/opt/ruby-enterprise/bin/puppetmasterd --config /etc/puppet/puppetmasterd.conf --no-daemonize --servertype webrick --debug --trace
The server starts fine, but as soon as an SSL client connects, ruby totally bombs out:
/opt/ruby-enterprise/bin/ruby: symbol lookup error: /opt/ruby-enterprise/lib/ruby/1.8/x86_64-linux/openssl.so: undefined symbol: sk_x509_num
Workaround: Don’t run puppetmaster using webrick with Ruby Enterprise Edition. Instead, allow apache or some other HTTP server to handle the SSL connection.
History
Updated by James Turnbull 6 months ago
- Status changed from Unreviewed to Accepted
Updated by Alex Ongena 4 months ago
when puppetd runs with ruby enterprise and is configured to ‘listen’, a puppetrun on the puppetmaster causes puppetd to stop with the same error.
dbc3-1:# puppetd —no-daemonize -w 5 /usr/local/bin/ruby: symbol lookup error: /usr/local/lib/ruby/1.8/i686-linux/openssl.so: undefined symbol: sk_x509_num
dbc3-1:/# ruby —version ruby 1.8.7 (2009-12-24 patchlevel 248) [i686-linux], MBARI 0x8770, Ruby Enterprise Edition 2010.01
Updated by Holt Sorenson 4 months ago
Patch for this issue which is absolutely not a puppet problem but may help someone else along the way:
$ cat rpmroot/SOURCES/openssl_ext-sk_x509.patch
diff -urN ruby-enterprise-1.8.7-2010.01.orig/source/ext/openssl/ossl_ssl.c ruby-enterprise-1.8.7-2010.01.sk_x509_fix/source/ext/openssl/ossl_ssl.c
--- ruby-enterprise-1.8.7-2010.01.orig/source/ext/openssl/ossl_ssl.c 2010-01-20 18:01:26.000000000 +0000
+++ ruby-enterprise-1.8.7-2010.01.sk_x509_fix/source/ext/openssl/ossl_ssl.c 2010-05-04 09:53:27.000000000 +0000
@@ -1196,10 +1196,10 @@
}
chain = SSL_get_peer_cert_chain(ssl);
if(!chain) return Qnil;
- num = sk_x509_num(chain);
+ num = sk_X509_num(chain);
ary = rb_ary_new2(num);
for (i = 0; i < num; i++){
- cert = (X509*)sk_x509_value(chain, i);
+ cert = (X509*)sk_X509_value(chain, i);
rb_ary_push(ary, ossl_x509_new(cert));
}
Updated by Holt Sorenson 4 months ago
ruby enterprise edition bug entry at: http://is.gd/bTq6P
Updated by Peter Meier 4 months ago
so if this is actually a REE bug we can close this bug? but it’s useful for documentation.
Updated by Markus Roberts 1 day ago
- Status changed from Accepted to Closed
It’s a bug, but not our bug.