Issue when trying to sign a certificate

[Jesús Oliván]

Hi!

i'm experimenting a weird issue at random times when some clients are trying to sign his certificate in their puppet masters. Here's the log lines where error is visible:

Info: Creating a new SSL key for pro-front-xxxx.xxx

Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for pro-front-xxxx.xxx
Info: Certificate Request fingerprint (SHA256): 8D:FD:25:92:06:09:D1:38:B0:74:40:28:A6:C3:5C:B4:39:6D:81:EC:97:90:67:6B:45:39:DD:7A:EC:E3:F5:F6
Error: Could not request certificate: Error 500 on SERVER: Internal Server Error: java.lang.NumberFormatException: For input string: ""

And this is the output on the same stage of another node that is working fine with the same role/config:

Info: Creating a new SSL key for pro-front-xxxx.xxx
Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for pro-front-xxxx.xxx

Info: Certificate Request fingerprint (SHA256): FD:FC:6F:D0:39:3B:78:24:2B:B9:5D:82:6E:E8:58:0B:37:63:AD:89:6F:D9:34:15:E6:D9:42:7F:AB:E5:EF:3BESC[0m
Info: Caching certificate for pro-front-xxxx.xxx

Info: Caching certificate for pro-frontend-xxxxx.xxx
Info: Using configured environment 'pro'
Info: Retrieving pluginfacts
Info: Retrieving plugin

It's happening a few times, but it's annoying because when it occurs is while launching several nodes to form a new cluster, so the cluster is never formed until this "puppet not signed host" is not signed manually. Can anyone give me some light about this, please? Specially, this line in the "not working" node is concerning me:

Error: Could not request certificate: Error 500 on SERVER: Internal Server Error: java.lang.NumberFormatException: For input string: ""

Thanks in advance!

[Justin Stoller]

Hi Jesus,

Can you look at the log for the server (on the server at /var/log/puppetlabs/puppetserver/puppetserver.log) and post that. I would expect a stacktrace at the time the 500 happened pointing out the culprit in the code.

The agent might be requesting a certificate with invalid values, or a bug in Puppet Server. My total wag would be that there's an issue with your serial file being zeroed out (its just a place, off the top of my head, where we read in a string and cast it to a number that could flap like you've described).

 - Justin

Thanks in advance!

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAKYJm92S6m8-ahS93X6%3DELA_a%3DgBbMxNjdKS%2BVW%2BdAy8QpdtkA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[MorSa]

Thanks for your response, Justin!

this is the only output i saw in puppetserver.log at same time as i received error i was referring:

2018-11-22 11:07:41,975 WARN  [qtp1232246461-35996] [puppetserver] Puppet Arguments to Re
source[] are all empty/undefined at /etc/puppetlabs/code/environments/pro/modules/profile
_sensu/manifests/checks/http/webserver.pp:36:28
2018-11-22 11:07:42,479 ERROR [qtp1232246461-35985] [p.r.core] Internal Server Error: jav
a.lang.NumberFormatException: For input string: ""

[MorSa]

FYI i'm running:

[puppetserver]# puppet master --version

4.8.2