Easy-RSA error: Use of '--vars=FILE init-pki' is prohibited, use '--pki-dir=DIR'
apiening opened this issue · 3 comments
Using current master (e97efb7) I get the following error on Debian 11:
TASK [nkakouros.easyrsa : Initiate PKI] ************************************************************************************************************************************************************************
Thursday 02 June 2022 14:24:45 +0200 (0:00:01.147) 0:00:40.501 *********
fatal: [example.com]: FAILED! => changed=true
cmd:
- easyrsa
- init-pki
delta: '0:00:00.005123'
end: '2022-06-02 14:24:46.114659'
msg: non-zero return code
rc: 1
start: '2022-06-02 14:24:46.109536'
stderr: |2-
Easy-RSA error:
Use of '--vars=FILE init-pki' is prohibited, use '--pki-dir=DIR'
stderr_lines: <omitted>
stdout: |2-
Version: dev | nix | Linux | /bin/zsh
stdout_lines: <omitted>
I receive the same error, when I try to execute easyrsa init-pki
on the commandline. I also tried to du easyrsa init-pki --pki-dir=/etc/easyrsa/pki
but it doesn't work either (same message).
Any idea why this is and how to fix this?
I was able to get around this issue by manually executing
/tmp/easy-rsa/easyrsa3/easyrsa --pki-dir=/etc/easyrsa/pki init-pki
After this, the playbook finished without any issues.
It looks to me as if there is a version of easyrsa
installed in /tmp/easy-rsa/
and another (newer) version in /tmp/easy-rsa/easyrsa3/easyrsa
. The later / newer version does not seem to support environment variables anymore, instead it expects a file which defines the variables. Also the required parameters are different.
It may be a possible fix to make sure that the init-pki
command is called with the fully qualified path and with the parameter --pki-dir=/etc/easyrsa/pki init-pki
, while the other easyrsa
commands (build ca etc.) would use the version of easyrsa
from the system path. But I'm not sure if this is the right and clean way to do it, since the two versions are confusing me.
Yes, this changed in easyrsa. I have a fix in the fixes branch of this role. You can either try that branch, or use the easyrsa_version variable of the role to use an older version of easyrsa. I will try to merge the fixes branch soon though.
I merged that branch. The role works ok now.