simp bootstrap failure

[Paul Eddie]

After doing the 'simp config'  I ran the 'simp bootstrap'

The output is as follows:

...snipped...

Track => #### Done!

... with tag 'group'

Track => #### Done!

Relabeling filesystem for selinux...

Cleaning out /tmp

*** Running Puppet Finalization ***

Track => ########### Done!

Waiting for Puppet Server to Start  @

The Puppet Server did not start within 5 minutes. Please start puppetserver by hand and inspect any issues.

/usr/lib/ruby/gems/1.8/gems/simp-cli-1.0.6/lib/simp/cli/commands/bootstrap.rb:63:in `ensure_running'

/usr/lib/ruby/gems/1.8/gems/simp-cli-1.0.6/lib/simp/cli/commands/bootstrap.rb:71:in `track_output'

/usr/lib/ruby/gems/1.8/gems/simp-cli-1.0.6/lib/simp/cli/commands/bootstrap.rb:197:in `run'

/usr/lib/ruby/gems/1.8/gems/simp-cli-1.0.6/lib/simp/cli.rb:81:in `start'

/usr/lib/ruby/gems/1.8/gems/simp-cli-1.0.6/bin/simp:5

/usr/bin/simp:19:in `load'

/usr/bin/simp:19

However when I ran the following command, it is alive:

service --status-all |grep puppetserver

puppetserver (pid  2509) is running...

And when I took a look at the bootstrap.rb file, line 63 is the failure message, referring to line 51 where it does this:

running = (%x{/usr/bin/curl -sS --cert /var/lib/puppet/ssl/certs/`hostname`.pem --key /var/lib/puppet/ssl/private_keys/`hostname`.pem -k -H "Accept: s" https://localhost:#{port}/production/certificate_revocation_list/ca 2>&1} =~ /CRL/)

I ran the curl command by itself and it is fine:

[root@puppet ~]# /usr/bin/curl -sS --cert /var/lib/puppet/ssl/certs/puppet.localdomain.pem --key /var/lib/puppet/ssl/private_keys/puppet.localdomain.pem -k -H "Accept: s" https://localhost:8150/production/certificate_revocation_list/ca

-----BEGIN X509 CRL-----

MIICojCBiwIBATANBgkqhkiG9w0BAQsFADAoMSYwJAYDVQQDDB1QdXBwZXQgQ0E6

IHB1cHBldC5sb2NhbGRvbWFpbhcNMTUwOTI1MTUxNDQ5WhcNMjAwOTI1MTUxNDQ5

...snipped...

S1mGISDfUnrYukYUJ6gckR7U8xiCL1L9bwkFbrZWe1KTcvkX/DIUCk2egkSPmLX3

vQN4Yqko3MsDgX0+vzsqJag/FtSvhVRLY3z0AK0emvVvUtI5pu07e11CUGO4HtDt

+BvVYCId

-----END X509 CRL-----

[root@puppet ~]#

So I am unsure why this fails after 5 minutes when puppetserver is actually alive and well.

I am pretty sure there are more steps that the simp script was going to run after the 'Running Puppet Finalization' step.  Rebooting the simp server machine and rerunning the 'simp bootstrap' doesn't resolve this.

I also attach the simp_bootstrap.log file.

[Trevor Vaughan]

This may be due to either FIPS issues or that your memory is set too low.

Do you have 2.2G of RAM? Also, try turning FIPS off and rebooting. To do this, remove 'fips=1' from the boot line in Grub.

Thanks,

Trevor

[Paul Eddie]

Yes, I have 8 gb of RAM on the machine. 

I added a debug line to the following file /usr/lib/ruby/gems/1.8/gems/simp-cli-1.0.6/lib/simp/cli/commands/bootstrap.rb at line 54 (function self.ensure_running) from:

print "Waiting for Puppet Server to Start " + x + "\r"

to:

print "Waiting for Puppet Server to Start " + port +"  " + x + "\r"

So that it can show the port that the bootstrap is waiting for.

Here is the entire output with my debugging line when I ran 'simp bootstrap':

*** Starting SIMP Bootstrap ***

   If this runs quickly, something wrong happened. To debug the problem,

   run 'puppet agent --test' by hand or read the log. The log can be found

   at '/root/.simp/simp_bootstrap.log'.

*** Starting the Puppetmaster ***

Beginning Puppet agent runs ...

... with tags 'pki,stunnel,concat'

Waiting for Puppet Server to Start 8150  *

Track => ########################################################################################################################################################################################################################################################################################################################################################################################################################################################## Done!

... with tags 'firstrun,concat'

Track => #### Done!

... with tags 'rsync,concat,apache,iptables'

Track => #### Done!

... with tag 'user'

Track => #### Done!

... with tag 'group'

Track => #### Done!

Relabeling filesystem for selinux...

Cleaning out /tmp

*** Running Puppet Finalization ***

Track => ####### Done!

Waiting for Puppet Server to Start 8140  *

Track => ####### Done!

Track => ####### Done!

Track => ####### Done!

Track => ####### Done!

Track => ####### Done!

Track => ####### Done!

   Warning: Could not find the administrators group.

   Please check your configuration.

Puppet Finalization - Done!

*** SIMP Bootstrap Complete! ***

   Warning: Primitive checks indicate there may have been issues.

   Check '/root/.simp/simp_bootstrap.log' for details.

   Please run 'puppet agent -t' by hand to debug your configuration.

Note that the puppet master initially started at port 8150, and then it switched to port 8140 later.  I opened a new terminal (at this point in bold in the output above), and stopped the puppet server 'sudo service puppetserver stop' and just ran this 'puppet master --masterport 8140' to use the new port, and the bootstrap utility was able to continue.

[Trevor Vaughan]

Hi Paul,

We found a bug earlier today that was causing something like this when using FIPS mode (the new default).

First, please ensure that you have the latest code by, at the top of the simp-core tree. To do this, you can do a 'git pull origin 4.2.X' followed by 'rake git:submodules:reset'.

Then, please attempt to build again.

Once you get the image running, do the following *before* running 'simp config':

$ puppet config set digest_algorithm sha256

Once this is done, the system should run properly.

Thanks,

Trevor

[Paul Eddie]

Trevor,

Instead of 'git pull origin 4.2.X', I ran this 'git clone https://github.com/simp/simp-core.git --branch 4.2.X'   -- both commands accomplish the same task, no?

After that, I ran the following to build an ISO:

  rake git:submodules:reset

  vi ~/simp-core/src/DVD/ks/dvd/include/min_ks_base  (fix FIPS)

  rake tar:build[epel-6-x86_64,dev,false]

  rake build:yum:sync[CentOS,6.7,4.2.0,x86_64]

  cd ~/Downloads/4.2.X

  BUNDLE_GEMFILE=~/simp-core/Gemfile rake -f ~/simp-core/Rakefile iso:build["~/simp-core/build/DVD_Overlay/SIMP-DVD-CentOS-4.2.0-Beta.tar.gz"] 

I had to fix the fips in the min_ks_base since I want both a simp server and a simp client (without using PXE based on your responses in other topics in this SIMP group).  I just match up the fips values from the 'simp' bootmenu option to the 'min_linux' bootmenu option.

After I ran all the commands, I have a ISO.  I ran the ISO onto a VM with 4 gb of RAM, and 70 gb of space.   The boot process ran somewhat smoothly, and after I logged into the simp server machine, I ran your command 'puppet config set digest_algorithm sha256' as requested. 

I will keep you posted as I go through the 'simp config' and 'simp bootstrap' as directed in the Server Installation.

[Paul Eddie]

Trevor,

Will this step, see below, be needed for the upcoming release?  If yes, it should be documented someplace.

[Trevor Vaughan]

I believe that this has been taken care of in 'simp config' for the upcoming release.

--
You received this message because you are subscribed to the Google Groups "SIMP Q&A Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to simp+uns...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/simp/09da2848-b872-4c5a-a4cd-6d9cd7cffd95%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Trevor Vaughan
Vice President, Onyx Point, Inc
(410) 541-6699

-- This account not approved for unencrypted proprietary information --