Description of problem: I am trying to run puppet 4.6.2-2 standalone in a F26 alpha chroot environment but always got the following error message: /usr/share/ruby/vendor_ruby/puppet/util/monkey_patches.rb:104:in `<class:SSLContext>': undefined method `<<' for nil:NilClass (NoMethodError) from /usr/share/ruby/vendor_ruby/puppet/util/monkey_patches.rb:98:in `<top (required)>' from /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:55:in `require' from /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:55:in `require' from /usr/share/ruby/vendor_ruby/puppet/util.rb:16:in `<module:Util>' from /usr/share/ruby/vendor_ruby/puppet/util.rb:15:in `<module:Puppet>' from /usr/share/ruby/vendor_ruby/puppet/util.rb:14:in `<top (required)>' from /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:55:in `require' from /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:55:in `require' from /usr/share/ruby/vendor_ruby/puppet.rb:12:in `<top (required)>' from /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:55:in `require' from /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:55:in `require' from /usr/share/ruby/vendor_ruby/puppet/util/command_line.rb:12:in `<top (required)>' from /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:55:in `require' from /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:55:in `require' from /usr/bin/puppet:4:in `<main>'
This looks like an incompatibility of the Puppet monkey patch with Ruby 2.4 when using OpenSSL 1.1.0 or higher. Ruby 2.4 only sets a default ciphers list of its own on OpenSSL versions older than 1.1 (https://github.com/ruby/ruby/commit/c9dc016#diff-8406e11e4a42f9de6badcd0f6a6c4262R33), so this monkey patch is trying to modify an array that's no longer present. The Ruby OpenSSL commit (https://github.com/ruby/openssl/commit/b9aea27) that removed it suggest the cipher list in 1.1.0 is secure enough by default, and the list in the commit doesn't list any SSLv2 ciphers, which is what Puppet's trying to disable. I think the monkey patch could be removed or made conditional in Puppet in Fedora 26+, which uses OpenSSL 1.1.0.
Thanks for pointing that out. Sounds like a good idea to me. I just want to confirm that it not only occurs in chroot but also when simply trying to execute it on a F26 box.
Already tracked upstream at https://tickets.puppetlabs.com/browse/PUP-7383.
Fixed in https://github.com/puppetlabs/puppet/commit/578687a00195191185f44d8cb38f4b7716d99c31 (.patch)
puppet-4.6.2-4.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-b9b66117bb
puppet-4.6.2-4.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-b9b66117bb
puppet-4.6.2-4.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.