我们的puppetmaster
服务器已升级到 RHEL6 上的最新版本 ( puppet-2.7.25-2.el6.noarch
)。我们现在在主服务器上收到如下错误:
Aug 26 11:36:59 master1 puppet-master[5555]: Could not intern from yaml: instance of IO needed
在运行 RHEL4 0.25.6 的客户端上如下:
Aug 26 11:36:59 foo1 Puppet (err): Could not retrieve catalog from remote server: Error 400 on SERVER: Could not intern from yaml: instance of IO needed
服务器使用 Apache 和 Passenger 运行,对此我并不熟悉。有什么方法可以解决此问题吗?
更新
根据@FelixFrank,停止httpd
服务后,运行以下命令:
$ sudo puppet master --no-daemonize --verbose --trace
当 Puppet 客户端尝试检索其目录后,这为我提供了以下回溯:
err: /usr/lib/ruby/1.8/yaml.rb:176:in `load'
/usr/lib/ruby/1.8/yaml.rb:176:in `parse'
/usr/lib/ruby/site_ruby/1.8/puppet/vendor/safe_yaml/lib/safe_yaml.rb:201:in `safe_load'
/usr/lib/ruby/site_ruby/1.8/puppet/vendor/safe_yaml/lib/safe_yaml.rb:141:in `load'
/usr/lib/ruby/site_ruby/1.8/puppet/network/formats.rb:6:in `intern'
/usr/lib/ruby/site_ruby/1.8/puppet/network/format_handler.rb:12:in `send'
/usr/lib/ruby/site_ruby/1.8/puppet/network/format_handler.rb:12:in `protect'
/usr/lib/ruby/site_ruby/1.8/puppet/network/format_handler.rb:26:in `intern'
/usr/lib/ruby/site_ruby/1.8/puppet/network/format_handler.rb:108:in `convert_from'
/usr/lib/ruby/site_ruby/1.8/puppet/indirector/catalog/compiler.rb:25:in `extract_facts_from_request'
/usr/lib/ruby/site_ruby/1.8/puppet/indirector/catalog/compiler.rb:38:in `find'
/usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:195:in `find'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/handler.rb:111:in `do_find'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/handler.rb:68:in `send'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/handler.rb:68:in `process'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick/rest.rb:24:in `service'
/usr/lib/ruby/1.8/webrick/httpserver.rb:104:in `service'
/usr/lib/ruby/1.8/webrick/httpserver.rb:65:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:45:in `listen'
/usr/lib/ruby/1.8/webrick/server.rb:173:in `call'
/usr/lib/ruby/1.8/webrick/server.rb:173:in `start_thread'
/usr/lib/ruby/1.8/webrick/server.rb:162:in `start'
/usr/lib/ruby/1.8/webrick/server.rb:162:in `start_thread'
/usr/lib/ruby/1.8/webrick/server.rb:95:in `start'
/usr/lib/ruby/1.8/webrick/server.rb:92:in `each'
/usr/lib/ruby/1.8/webrick/server.rb:92:in `start'
/usr/lib/ruby/1.8/webrick/server.rb:23:in `start'
/usr/lib/ruby/1.8/webrick/server.rb:82:in `start'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:42:in `listen'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in `initialize'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in `new'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in `listen'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:38:in `synchronize'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:38:in `listen'
/usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:126:in `listen'
/usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:141:in `start'
/usr/lib/ruby/site_ruby/1.8/puppet/daemon.rb:124:in `start'
/usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:202:in `main'
/usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:146:in `run_command'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:309:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:416:in `hook'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:309:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:407:in `exit_on_fail'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:309:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb:69:in `execute'
/usr/bin/puppet:4
err: Could not intern from yaml: instance of IO needed
关于下一步该尝试什么,有什么想法吗?
答案1
根据Puppet 更新日志2.7.22 包含了有关 YAML 处理方式的更改:
在 Puppet 中发现了一个严重漏洞,Puppet Master 可以通过 REST API 从不受信任的客户端获取 YAML。此 YAML 可以被反序列化以构造包含任意代码的对象。
这是由于安全漏洞。为了暂时缓解该问题,我从 PuppetLabs 的 repo 降级到早期版本并puppet-server
通过 锁定了该包yum versionlock
。