On Monday, February 11, 2013 9:07:52 PM UTC+11, Andy Parker wrote:
Alex, what version of openssl is on the AIX 5.3 machine? If it is working
> on one version of AIX and not the other, I suspect it might be a version
> difference of the libraries that is causing problems. The PE team has been
> working on getting AIX support in puppet. Their work is currently being
> merged into the "aix" branch in the puppetlabs/puppet repo, you might
> consider taking a look at that to see if they have fixed this. The work is
> based on the 2.7.x branch, I believe, since they want to get it into PE,
> which is still using puppet 2.7. Once that have everything ready, I think
> the plan is to merge the changes forward into the master branch and not
> into the 2.7 branch. I could be wrong about that, though.
>
Your suggestion has led me to find a workaround - compile my own openssl -
not ideal. More below.
On the AIX 5.3 machines we have the same version of SSL as on the AIX 6.1
machines -
# rpm -qa |grep openssl
openssl-0.9.8r-1
I then tried upgrading the ssl version to a Bull Freeware version on the
AIX 5.3 host -
# rpm -qa |grep openssl
openssl-1.0.0d-2
same result. I also tried openssl-1.0.1c-1 from the AIX Toolbox, same
result.
However, despite the versions matching I did confirm that the AIX5.3 hosts
don't support SHA256 whereas the AIX6.1 hosts do.
openssl-1.0.0d-2. I also tried the latest from our copy of the AIX toolbox
which was openssl-1.0.1c-1. In all cases I did note the following -
# irb
irb(main):001:0> require 'openssl'
=> true
irb(main):002:0> OpenSSL::Digest.const_defined?('SHA256')
=> false
This returns true on AIX6.1.
I then tried recompiling Ruby using a higher version of openssl but still
no luck - and still got no SHA256. Again, though, I can't really see how
this SHA256 business can be the issue if it works on my HP-UX where SHA256
also doesn't exist. Of course, there's quite possibly some other
difference between the SSL on my AIX5.3 and 6.1 hosts.
Now this is interesting -
If I used openssl and ruby compiled according to Nick Bausch's blog -
http://t3chnick.blogspot.com.au/2012/01/32-bit-puppet-rpms-srpms-for-aix-howto.html
- now it has SHA256 and it also works.
This is less than ideal but it may be the way forward for me here.
--
You received this message because you are subscribed to the Google Groups
"Puppet Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/puppet-dev?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
