Puppet gives SSL error because master is not running?
- by Daniel Huger
I started with two clean machines this time.
My master is running 12.04
Version: 2.7.11-1ubuntu2
Depends: ruby1.8, puppetmaster-common (= 2.7.11-1ubuntu2)
My client is 10.04
Version: 2.6.3-0ubuntu1~lucid1
Depends: puppet-common (= 2.6.3-0ubuntu1~lucid1), ruby1.8
To setup Puppet tutorial: http://shapeshed.com/setting-up-puppet-on-ubuntu-10-04/
To connect master and client: http://shapeshed.com/connecting-clients-to-a-puppet-master/
The first time I tried to connect master to client failed with SSL_connect error. So I did rm -rf /etc/puppet/ssl/ to remove all the keys inside ssl folders.
It looked like it work.... BUT
client# puppet agent --server puppet --waitforce 60 --test
/usr/lib/ruby/1.8/facter/util/resolution.rb:46: warning: Insecure world writable dir /etc/condor in PATH, mode 040777
/usr/lib/ruby/1.8/puppet/defaults.rb:67: warning: Insecure world writable dir /etc/condor in PATH, mode 040777
info: Creating a new SSL key for giab10
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for mybox123
info: Certificate Request fingerprint (md5): XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for mybox123
err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
warning: Not using cache on failed catalog
It cached but then it couldn't retrieve it.
Let me stop here.... worrying I would mess something up. But let's check master's status.
* master is not running
WoW.... ???
master# service puppetmaster start
* Starting puppet master [OK]
master# service puppetmaster status
* master is not running
I think time is sync. Well, we are behind a firewall so the port to
sync time is disbaled. I checked with date and they seem okay.
What about master not running? Is that the cause?
Any help is appreciated. Thanks!
/var/lib/puppet/log/masterhttp.log
[2012-06-30 00:13:25] INFO WEBrick 1.3.1
[2012-06-30 00:13:25] INFO ruby 1.8.7 (2011-06-30) [x86_64-linux]
[2012-06-30 00:13:25] WARN TCPServer Error: Address already in use - bind(2)
[2012-06-30 00:19:40] INFO WEBrick 1.3.1
[2012-06-30 00:19:40] INFO ruby 1.8.7 (2011-06-30) [x86_64-linux]
[2012-06-30 00:19:40] WARN TCPServer Error: Address already in use - bind(2)
[2012-06-30 00:28:58] INFO WEBrick 1.3.1
[2012-06-30 00:28:58] INFO ruby 1.8.7 (2011-06-30) [x86_64-linux]
[2012-06-30 00:28:58] WARN TCPServer Error: Address already in use - bind(2)
[2012-06-30 15:31:25] INFO WEBrick 1.3.1
[2012-06-30 15:31:25] INFO ruby 1.8.7 (2011-06-30) [x86_64-linux]
[2012-06-30 15:31:25] WARN TCPServer Error: Address already in use - bind(2)
1 S puppet 5186 1 0 80 0 - 29410 poll_s 15:44 ? 00:00:00 /usr/bin/ruby1.8 /usr/bin/puppet master --masterport=8140
4 S root 5235 5005 0 80 0 - 2344 pipe_w 15:45 pts/0 00:00:00 grep --color=auto puppet
kill -9 5186
puppet master
service puppetmaster status
* master is not running
I always have this error, but I always ignored it. http://pastebin.com/exbpArjv
What could it mean? Time sync? Package not installed? Then how could we do puppetca in the first place?
