Using certonly in webroot mode fails with "can't convert Enumerable::Enumerator into Array" about puppet-letsencrypt HOT 23 CLOSED

removing ".cycle" from letsencrypt certonly.pp and using a matching-size array of web roots makes this work... not sure why cycle() doesn't work the same way in puppet as it does in irb.

from puppet-letsencrypt.

I can +1 this issue with .cycle.

Master Puppet 3.7.5, Ruby 1.8.7
Agent Puppet 3.4.3, Ruby 2.1.5p273

from puppet-letsencrypt.

@akomakom just want to confirm: you're running 1.8.7 on the agent but 2.1.2 on the master? It would make sense with 1.8.7 on the master. This module isn't tested against 1.8.7 and, to be quite honest, I have no desire to support such an old Ruby version.

from puppet-letsencrypt.

@danzilio You are right, the master is using 1.8.7, even though I have 2.1.2 installed also, my mistake. Most of our infrastructure is running on Centos 6 and that's the ruby you get, so I'll stick with my hack until we can test newer ruby.

Thanks!

from puppet-letsencrypt.

@akomakom Can you make a fork with that workaround?

from puppet-letsencrypt.

@ways I made a fork: https://github.com/akomakom/puppet-letsencrypt , but it reduces functionality (The two arrays must always be the same size).

from puppet-letsencrypt.

@akomakom Ok. I made one at https://github.com/copyleft/puppet-letsencrypt/ with a new plugin called cli, which just allows you to specify everything via additional_args.

from puppet-letsencrypt.

@ways interesting. that's something I would consider merging. although I'd rather change the name from cli to something like none or manual to differentiate it from an actual letsencrypt plugin.

from puppet-letsencrypt.

@danzilio Cool. I'll be happy to change it. I started out calling it 'manual', but that can be confused with letsencrypts manual verification. 'none', 'noop' or 'ways_rulez!' sounds OK to me. Want a pull-request for one of those?

from puppet-letsencrypt.

@ways I'm starting to wonder if we have too much indirection/abstraction around the command that gets run. Thoughts?

from puppet-letsencrypt.

@danzilio Hm. Not sure what you mean. After inserting this hack? I don't see any problem with it. As long as the documentation is solid. I think it's a short-lived solution for us stuck with old setups, and most people can ignore it.

from puppet-letsencrypt.

@ways i'm just wondering if the more durable solution is to give the user more access to the command that gets run... Let me mull this over a bit!

from puppet-letsencrypt.

@danzilio Ah, understood. No rush.

from puppet-letsencrypt.

@danzilio Any progress?

from puppet-letsencrypt.

I opened #40 with a compatible equivalent of the existing #cycle call, though for my personal use of this module I'd also be happy removing cycle entirely and having a fixed domains -> webroot_paths list (per akomakom@bf99c26 which I'm currently using).

I like the existing abstraction over the webroot command, it makes writing wrappers much easier.

from puppet-letsencrypt.

Hmm...I feel like @akomakom's solution is cleaner. Is this the more intuitive solution?

from puppet-letsencrypt.

I agree having the array lengths match is the cleaner interface - the zipping behaviour might be useful for some, but I think it's a minority feature. The downside is that it's an API change, but since the module's 0.x, perhaps you're OK accepting it?

from puppet-letsencrypt.

but since the module's 0.x, perhaps you're OK accepting it?

Correction, it's 1.x now, so it'd probably be considered a major version change.

from puppet-letsencrypt.

I'm fine bumping the major version. There are some big changes coming in the next release, the major version bump will raise some awareness.

from puppet-letsencrypt.

The webroot_paths and domain array should not need to match. it's possible to specify one webroot path and multiple domains on the cli. This standard case should be reflected.

at least one-for-all and matching numbers should be supported. I don't know how mismatched lengths should be handled best. Just append the remaining domains with no webroot specified, perhaps? -w 1 -d 1 -w 2 -d 2 -d 3 -d 4

from puppet-letsencrypt.

@pgassmann ah nice, you're right - the CLI arguments don't need to match.

I don't know how mismatched lengths should be handled best. Just append the remaining domains with no webroot specified, perhaps? -w 1 -d 1 -w 2 -d 2 -d 3 -d 4

The docs show this format with mismatched lengths is supported, any additional domains use the last webroot path. The current behaviour of this module with the cycle is to repeat from the first webroot path, so we ought to just remove that and allow the regular certbot behaviour.

from puppet-letsencrypt.

master...domcleal:28-no-cycle for that last suggested change.

from puppet-letsencrypt.

@domcleal looks good to me! i'll pull this in

from puppet-letsencrypt.