pdk: PDK 1.5.0 confusing error when cert invalid

When you use a custom CA and install pdk from a package you have to manually add your custom root ca to cert.pem When you upgrade the package you have to repeat that step. When you run pdk update without the right certificate you might get this error:

pdk (WARN): Unable to access the previously used template 'https://git.server/repo.git', using the default template instead.
/opt/puppetlabs/pdk/private/ruby/2.4.4/lib/ruby/gems/2.4.0/gems/pdk-1.5.0/lib/pdk/module/templatedir.rb:189:in `validate_module_template!': The specified template 'https://git.server/repo.git' is not a directory. (ArgumentError)
	from /opt/puppetlabs/pdk/private/ruby/2.4.4/lib/ruby/gems/2.4.0/gems/pdk-1.5.0/lib/pdk/module/templatedir.rb:59:in `initialize'
	from /opt/puppetlabs/pdk/private/ruby/2.4.4/lib/ruby/gems/2.4.0/gems/pdk-1.5.0/lib/pdk/module/convert.rb:71:in `new'
	from /opt/puppetlabs/pdk/private/ruby/2.4.4/lib/ruby/gems/2.4.0/gems/pdk-1.5.0/lib/pdk/module/convert.rb:71:in `stage_changes!'
	from /opt/puppetlabs/pdk/private/ruby/2.4.4/lib/ruby/gems/2.4.0/gems/pdk-1.5.0/lib/pdk/module/update.rb:9:in `run'
	from /opt/puppetlabs/pdk/private/ruby/2.4.4/lib/ruby/gems/2.4.0/gems/pdk-1.5.0/lib/pdk/cli/update.rb:29:in `block (2 levels) in <module:CLI>'
	from /opt/puppetlabs/pdk/private/ruby/2.4.4/lib/ruby/gems/2.4.0/gems/cri-2.10.1/lib/cri/command.rb:329:in `run_this'
	from /opt/puppetlabs/pdk/private/ruby/2.4.4/lib/ruby/gems/2.4.0/gems/cri-2.10.1/lib/cri/command.rb:269:in `run'
	from /opt/puppetlabs/pdk/private/ruby/2.4.4/lib/ruby/gems/2.4.0/gems/cri-2.10.1/lib/cri/command.rb:287:in `run'
	from /opt/puppetlabs/pdk/private/ruby/2.4.4/lib/ruby/gems/2.4.0/gems/pdk-1.5.0/lib/pdk/cli.rb:18:in `run'
	from /opt/puppetlabs/pdk/private/ruby/2.4.4/lib/ruby/gems/2.4.0/gems/pdk-1.5.0/exe/pdk:6:in `<top (required)>'
	from /opt/puppetlabs/pdk/private/ruby/2.4.4/bin/pdk:23:in `load'
	from /opt/puppetlabs/pdk/private/ruby/2.4.4/bin/pdk:23:in `<main>'

This is very confusing, instead pdk should report there is an TLS issue here. Another point here is why not use the system ca-cert-bundle in the first place.

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Comments: 22 (14 by maintainers)

Most upvoted comments

Ah, yes it looks like PDK’s git is configured to look for system level config at /opt/puppetlabs/pdk/private/git/etc/gitconfig.

To me it seems like PDK should just use your system /etc/gitconfig if you have one, so we can modify the way we compile git to look there instead. @rodjek @glennsarti any reason why we shouldn’t just use /etc/gitconfig instead of /opt/puppetlabs/pdk/private/git/etc/gitconfig?

@reusch in the meantime, it looks like PDK’s git will look at ~/.gitconfig, can you try setting the http.sslCAInfo and/or http.sslCAPath settings at the user level and see if that helps?

+1
scotje on May 29, 2019

Our team is also experiencing this issue. During our testing we install modules from an internal repository. The workaround of adding our internal CA to the cert.pem file does resolve this issue, but using the system CA store would be preferred.

+1
msurato on Mar 1, 2019
Read more comments on GitHub
← puppeteer: Zombie Process problem.
pros-cli: Cannot upload binaries to V5 brain: couldn't find the response header in the device response →