Puppet
Puppet Master 升級到 2.7.25-2 後收到 YAML 錯誤
我們的
puppetmaster
伺服器已升級到 RHEL6 (puppet-2.7.25-2.el6.noarch
) 上可用的最新版本。我們現在在主伺服器上收到如下錯誤:Aug 26 11:36:59 master1 puppet-master[5555]: Could not intern from yaml: instance of IO needed
這在 RHEL4 上執行 0.25.6 的客戶端上:
Aug 26 11:36:59 foo1 Puppet (err): Could not retrieve catalog from remote server: Error 400 on SERVER: Could not intern from yaml: instance of IO needed
伺服器正在使用我不熟悉的 Apache 和乘客執行。有關如何解決此問題的任何想法?
更新
根據@FelixFrank,停止
httpd
服務後,執行以下命令:$ sudo puppet master --no-daemonize --verbose --trace
在 puppet 客戶端嘗試檢索其目錄後,這為我提供了以下回溯:
err: /usr/lib/ruby/1.8/yaml.rb:176:in `load' /usr/lib/ruby/1.8/yaml.rb:176:in `parse' /usr/lib/ruby/site_ruby/1.8/puppet/vendor/safe_yaml/lib/safe_yaml.rb:201:in `safe_load' /usr/lib/ruby/site_ruby/1.8/puppet/vendor/safe_yaml/lib/safe_yaml.rb:141:in `load' /usr/lib/ruby/site_ruby/1.8/puppet/network/formats.rb:6:in `intern' /usr/lib/ruby/site_ruby/1.8/puppet/network/format_handler.rb:12:in `send' /usr/lib/ruby/site_ruby/1.8/puppet/network/format_handler.rb:12:in `protect' /usr/lib/ruby/site_ruby/1.8/puppet/network/format_handler.rb:26:in `intern' /usr/lib/ruby/site_ruby/1.8/puppet/network/format_handler.rb:108:in `convert_from' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/catalog/compiler.rb:25:in `extract_facts_from_request' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/catalog/compiler.rb:38:in `find' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:195:in `find' /usr/lib/ruby/site_ruby/1.8/puppet/network/http/handler.rb:111:in `do_find' /usr/lib/ruby/site_ruby/1.8/puppet/network/http/handler.rb:68:in `send' /usr/lib/ruby/site_ruby/1.8/puppet/network/http/handler.rb:68:in `process' /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick/rest.rb:24:in `service' /usr/lib/ruby/1.8/webrick/httpserver.rb:104:in `service' /usr/lib/ruby/1.8/webrick/httpserver.rb:65:in `run' /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:45:in `listen' /usr/lib/ruby/1.8/webrick/server.rb:173:in `call' /usr/lib/ruby/1.8/webrick/server.rb:173:in `start_thread' /usr/lib/ruby/1.8/webrick/server.rb:162:in `start' /usr/lib/ruby/1.8/webrick/server.rb:162:in `start_thread' /usr/lib/ruby/1.8/webrick/server.rb:95:in `start' /usr/lib/ruby/1.8/webrick/server.rb:92:in `each' /usr/lib/ruby/1.8/webrick/server.rb:92:in `start' /usr/lib/ruby/1.8/webrick/server.rb:23:in `start' /usr/lib/ruby/1.8/webrick/server.rb:82:in `start' /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:42:in `listen' /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in `initialize' /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in `new' /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in `listen' /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:38:in `synchronize' /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:38:in `listen' /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:126:in `listen' /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:141:in `start' /usr/lib/ruby/site_ruby/1.8/puppet/daemon.rb:124:in `start' /usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:202:in `main' /usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:146:in `run_command' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:309:in `run' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:416:in `hook' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:309:in `run' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:407:in `exit_on_fail' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:309:in `run' /usr/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb:69:in `execute' /usr/bin/puppet:4 err: Could not intern from yaml: instance of IO needed
關於下一步嘗試什麼的任何想法?
根據Puppet 更改日誌,2.7.22 包含對 YAML 處理方式的更改:
在 puppet 中發現了一個嚴重漏洞,其中 puppet master 可以通過 REST API 從不受信任的客戶端獲取 YAML。可以反序列化此 YAML 以構造包含任意程式碼的對象。
這是由於一個安全漏洞。為了暫時緩解這個問題,我從 PuppetLabs 的 repo 降級到早期版本,並
puppet-server
通過yum versionlock
.