Using Puppetserver with Foreman report processor

I came across an odd "bug" when testing Puppetserver 1.1.0 with Foreman.
Based on what I could find online the main issue is Java 7's handling of
SNI. So far I've only verified this on my EL7 puppetserver install with
Foreman 1.6 running on EL6.

The basic error is "Puppet Report processor failed: Could not send report
to Foreman at https://foreman.DOMAIN/api/reports: handshake alert:
unrecognized_name". The full error is below [1].

The fix is adding -Djsse.enableSNIExtension=false to the JAVA_ARGS in
/etc/sysconfig/puppetserver.

The only Puppet module I've found to manage puppetserver's config is
https://github.com/camptocamp/puppet-puppetserver, but the
puppetserver::config::java_arg defined type will conflict if your also
using theforeman/puppet module. So this can be used to apply the necessary
change:

ini_subsetting { 'disable puppetserver Java SNI':
  ensure            => 'present',
  section           => '',
  key_val_separator => '=',
  path              => '/etc/sysconfig/puppetserver',
  setting           => 'JAVA_ARGS',
  subsetting        => '-Djsse.enableSNIExtension',
  value             => '=false',
  require           => Class['puppet::server::install'],
  notify            => Class['puppet::server::service'],
}

The 'require' and 'notify' assume your using theforeman/puppet. The
'value' is ugly but necessary
until https://github.com/puppetlabs/puppetlabs-inifile/pull/138 is merged.

• Trey

[1]:

2015-08-07 17:48:22,723 ERROR [puppet-server] Puppet Report processor
failed: Could not send report to Foreman at
https://foreman.DOMAIN/api/reports: handshake alert: unrecognized_name
["org/jruby/ext/openssl/SSLSocket.java:190:in connect'", "/usr/share/puppetserver/puppet-server-release.jar!/META-INF/jruby.home/lib/ruby/1.9/net/http.rb:800:inconnect'", "org/jruby/ext/timeout/Timeout.java:104:in timeout'", "/usr/share/puppetserver/puppet-server-release.jar!/META-INF/jruby.home/lib/ruby/1.9/net/http.rb:800:inconnect'",
"/usr/share/puppetserver/puppet-server-release.jar!/META-INF/jruby.home/lib/ruby/1.9/net/http.rb:756:in
do_start'", "/usr/share/puppetserver/puppet-server-release.jar!/META-INF/jruby.home/lib/ruby/1.9/net/http.rb:745:instart'",
"/usr/share/puppetserver/puppet-server-release.jar!/META-INF/jruby.home/lib/ruby/1.9/net/http.rb:1293:in
request'", "/usr/share/ruby/vendor_ruby/puppet/reports/foreman.rb:58:inprocess'",
"/usr/share/ruby/vendor_ruby/puppet/indirector/report/processor.rb:37:in
process'", "/usr/share/ruby/vendor_ruby/puppet/indirector/report/processor.rb:53:inprocessors'", "org/jruby/RubyArray.java:1613:in each'", "/usr/share/ruby/vendor_ruby/puppet/indirector/report/processor.rb:51:inprocessors'",
"/usr/share/ruby/vendor_ruby/puppet/indirector/report/processor.rb:30:in
process'", "/usr/share/ruby/vendor_ruby/puppet/indirector/report/processor.rb:14:insave'",
"/usr/share/ruby/vendor_ruby/puppet/indirector/indirection.rb:283:in
save'", "/usr/share/ruby/vendor_ruby/puppet/network/http/api/v1.rb:160:indo_save'",
"/usr/share/ruby/vendor_ruby/puppet/network/http/api/v1.rb:50:in call'", "/usr/share/ruby/vendor_ruby/puppet/context.rb:64:inoverride'",
"/usr/share/ruby/vendor_ruby/puppet.rb:244:in override'", "/usr/share/ruby/vendor_ruby/puppet/network/http/api/v1.rb:49:incall'",
"/usr/share/ruby/vendor_ruby/puppet/network/http/route.rb:82:in process'", "org/jruby/RubyArray.java:1613:ineach'",
"/usr/share/ruby/vendor_ruby/puppet/network/http/route.rb:81:in process'", "/usr/share/ruby/vendor_ruby/puppet/network/http/handler.rb:63:inprocess'",
"/usr/share/ruby/vendor_ruby/puppet/util/profiler/around_profiler.rb:58:in
profile'", "/usr/share/ruby/vendor_ruby/puppet/util/profiler.rb:51:inprofile'",
"/usr/share/ruby/vendor_ruby/puppet/network/http/handler.rb:61:in
process'", "file:/usr/share/puppetserver/puppet-server-release.jar!/puppet-server-lib/puppet/server/master.rb:37:inhandleRequest'", "Puppet$$Server$$Master_327708334.gen:13:in
handleRequest'", "request_handler_core.clj:274:ininvoke'",
"request_handler_service.clj:14:in handle_request'", "request_handler.clj:3:ininvoke'", "request_handler.clj:3:in invoke'", "core.clj:626:ininvoke'", "core.clj:2468:in doInvoke'", "master_core.clj:62:ininvoke'", "ring.clj:22:in invoke'", "ring.clj:13:ininvoke'", "comidi.clj:267:in invoke'", "ringutils.clj:76:ininvoke'", "ringutils.clj:82:in invoke'", "ringutils.clj:125:ininvoke'", "jetty9_core.clj:408:in invoke'"] /usr/share/ruby/vendor_ruby/puppet/reports/foreman.rb:60:inprocess'
/usr/share/ruby/vendor_ruby/puppet/indirector/report/processor.rb:37:in
process' /usr/share/ruby/vendor_ruby/puppet/indirector/report/processor.rb:53:inprocessors'
org/jruby/RubyArray.java:1613:in each' /usr/share/ruby/vendor_ruby/puppet/indirector/report/processor.rb:51:inprocessors'
/usr/share/ruby/vendor_ruby/puppet/indirector/report/processor.rb:30:in
process' /usr/share/ruby/vendor_ruby/puppet/indirector/report/processor.rb:14:insave'
/usr/share/ruby/vendor_ruby/puppet/indirector/indirection.rb:283:in save' /usr/share/ruby/vendor_ruby/puppet/network/http/api/v1.rb:160:indo_save'
/usr/share/ruby/vendor_ruby/puppet/network/http/api/v1.rb:50:in call' /usr/share/ruby/vendor_ruby/puppet/context.rb:64:inoverride'
/usr/share/ruby/vendor_ruby/puppet.rb:244:in override' /usr/share/ruby/vendor_ruby/puppet/network/http/api/v1.rb:49:incall'
/usr/share/ruby/vendor_ruby/puppet/network/http/route.rb:82:in process' org/jruby/RubyArray.java:1613:ineach'
/usr/share/ruby/vendor_ruby/puppet/network/http/route.rb:81:in process' /usr/share/ruby/vendor_ruby/puppet/network/http/handler.rb:63:inprocess'
/usr/share/ruby/vendor_ruby/puppet/util/profiler/around_profiler.rb:58:in
profile' /usr/share/ruby/vendor_ruby/puppet/util/profiler.rb:51:inprofile'
/usr/share/ruby/vendor_ruby/puppet/network/http/handler.rb:61:in process' file:/usr/share/puppetserver/puppet-server-release.jar!/puppet-server-lib/puppet/server/master.rb:37:inhandleRequest'
Puppet$$Server$$Master_327708334.gen:13:in handleRequest' request_handler_core.clj:274:ininvoke'
request_handler_service.clj:14:in handle_request' request_handler.clj:3:ininvoke'
request_handler.clj:3:in invoke' core.clj:626:ininvoke'
core.clj:2468:in doInvoke' master_core.clj:62:ininvoke'
ring.clj:22:in invoke' ring.clj:13:ininvoke'
comidi.clj:267:in invoke' ringutils.clj:76:ininvoke'
ringutils.clj:82:in invoke' ringutils.clj:125:ininvoke'
jetty9_core.clj:408:in `invoke'

Hi,

That's good to see, thanks for letting me know. Will help clean up my
profile code a bit.

• Trey