Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Easy-RSA error: Use of '--vars=FILE init-pki' is prohibited, use '--pki-dir=DIR' #9

Closed
apiening opened this issue Jun 2, 2022 · 3 comments
Closed

Easy-RSA error: Use of '--vars=FILE init-pki' is prohibited, use '--pki-dir=DIR' #9

apiening opened this issue Jun 2, 2022 · 3 comments

Comments

@apiening
Copy link

apiening commented Jun 2, 2022

Using current master (e97efb7) I get the following error on Debian 11:

TASK [nkakouros.easyrsa : Initiate PKI] ************************************************************************************************************************************************************************
Thursday 02 June 2022  14:24:45 +0200 (0:00:01.147)       0:00:40.501 ********* 
fatal: [example.com]: FAILED! => changed=true 
  cmd:
  - easyrsa
  - init-pki
  delta: '0:00:00.005123'
  end: '2022-06-02 14:24:46.114659'
  msg: non-zero return code
  rc: 1
  start: '2022-06-02 14:24:46.109536'
  stderr: |2-
  
    Easy-RSA error:
  
    Use of '--vars=FILE init-pki' is prohibited, use '--pki-dir=DIR'
  stderr_lines: <omitted>
  stdout: |2-
  
    Version: dev | nix | Linux | /bin/zsh
  stdout_lines: <omitted>

I receive the same error, when I try to execute easyrsa init-pki on the commandline. I also tried to du easyrsa init-pki --pki-dir=/etc/easyrsa/pki but it doesn't work either (same message).

Any idea why this is and how to fix this?
@apiening
Copy link
Author

apiening commented Jun 2, 2022

I was able to get around this issue by manually executing

/tmp/easy-rsa/easyrsa3/easyrsa --pki-dir=/etc/easyrsa/pki init-pki

After this, the playbook finished without any issues.

It looks to me as if there is a version of easyrsa installed in /tmp/easy-rsa/ and another (newer) version in /tmp/easy-rsa/easyrsa3/easyrsa. The later / newer version does not seem to support environment variables anymore, instead it expects a file which defines the variables. Also the required parameters are different.

It may be a possible fix to make sure that the init-pki command is called with the fully qualified path and with the parameter --pki-dir=/etc/easyrsa/pki init-pki, while the other easyrsa commands (build ca etc.) would use the version of easyrsa from the system path. But I'm not sure if this is the right and clean way to do it, since the two versions are confusing me.

@nkakouros
Copy link
Contributor

Yes, this changed in easyrsa. I have a fix in the fixes branch of this role. You can either try that branch, or use the easyrsa_version variable of the role to use an older version of easyrsa. I will try to merge the fixes branch soon though.

@nkakouros
Copy link
Contributor

I merged that branch. The role works ok now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@apiening @nkakouros