Foreman-Puppet issue.

[Balasekhar Nelli]

Hi there,

I have been struggling with the bug that  Puppet Master on Foreman unable to communicate with the newly provisioning instance and thereby Puppet Modules are not installing on the newly provisioned instance.

Please look through the screenshot for the errors.

And please look through the log of /var/log/messages:

Apr 23 09:32:55 ip-172-31-52-219 puppet-agent[1277]: Could not request certificate: The certificate retrieved from the master does not match the agent's private key.

Apr 23 09:32:55 ip-172-31-52-219 puppet-agent[1277]: Certificate fingerprint: 3F:D7:22:8C:64:45:A4:95:75:F3:DB:D3:2E:86:E5:4F:59:5F:FC:0B:5A:72:8A:54:BA:AF:FE:F0:A3:77:EC:84

Apr 23 09:32:55 ip-172-31-52-219 puppet-agent[1277]: To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate.

Apr 23 09:32:55 ip-172-31-52-219 puppet-agent[1277]: On the master:

Apr 23 09:32:55 ip-172-31-52-219 puppet-agent[1277]:   puppet cert clean aquaries.ec2.internal

Apr 23 09:32:55 ip-172-31-52-219 puppet-agent[1277]: On the agent:

Apr 23 09:32:55 ip-172-31-52-219 puppet-agent[1277]:   rm -f /var/lib/puppet/ssl/certs/aquaries.ec2.internal.pem

Apr 23 09:32:55 ip-172-31-52-219 puppet-agent[1277]:   puppet agent -t

Apr 23 09:34:56 ip-172-31-52-219 puppet-agent[1277]: Starting Puppet client version 3.6.2

Apr 23 09:34:56 ip-172-31-52-219 puppet-agent[1787]: Unable to fetch my node definition, but the agent run will continue:

Apr 23 09:34:56 ip-172-31-52-219 puppet-agent[1787]: SSL_CTX_use_PrivateKey:: key values mismatch

Apr 23 09:34:57 ip-172-31-52-219 puppet-agent[1787]: (/File[/var/lib/puppet/lib]) Failed to generate additional resources using 'eval_generate': SSL_CTX_use_PrivateKey:: key values mismatch

Apr 23 09:34:57 ip-172-31-52-219 puppet-agent[1787]: (/File[/var/lib/puppet/lib]) Could not evaluate: Could not retrieve file metadata for puppet://ip-172-31-48-207.ec2.internal/plugins: SSL_CTX_use_PrivateKey:: key values mismatch

Apr 23 09:34:57 ip-172-31-52-219 puppet-agent[1787]: (/File[/var/lib/puppet/lib]) Wrapped exception:

Apr 23 09:34:57 ip-172-31-52-219 puppet-agent[1787]: (/File[/var/lib/puppet/lib]) SSL_CTX_use_PrivateKey:: key values mismatch

Apr 23 09:34:57 ip-172-31-52-219 puppet-agent[1787]: Could not retrieve catalog from remote server: SSL_CTX_use_PrivateKey:: key values mismatch

Apr 23 09:34:57 ip-172-31-52-219 puppet-agent[1787]: Using cached catalog

Apr 23 09:34:57 ip-172-31-52-219 puppet-agent[1787]: Could not retrieve catalog; skipping run

Apr 23 09:34:57 ip-172-31-52-219 puppet-agent[1787]: Could not send report: SSL_CTX_use_PrivateKey:: key values mismatch

Apr 23 09:56:55 ip-172-31-52-219 dhclient[760]: DHCPREQUEST on eth0 to 172.31.48.1 port 67 (xid=0x4d0c3d3f)

Apr 23 09:56:55 ip-172-31-52-219 dhclient[760]: DHCPACK from 172.31.48.1 (xid=0x4d0c3d3f)

Apr 23 09:56:57 ip-172-31-52-219 dhclient[760]: bound to 172.31.52.219 -- renewal in 1492 seconds.

Thanks,
Balasekhar Nelli 

The information in this message may be proprietary and/or confidential, and protected from disclosure. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify ATMECS and delete it from your computer.

[lupin...@gmail.com]

Hello,

 Have you done what's been suggested on the logs? Clean and remove? Also make sure you agent node has time syncing with your master.

Hth,
Lupin