I am mostly using Puppet for Linux nodes, but I have started deploying it on a handful of Windows nodes, but seem to run into SSL problems every time on the initial deployment. I think I have hit this error on all three nodes so far, but currently two are working and one is not. All three nodes are virtually identical servers running Windows Server 2012 R2.
[0;36mDebug: Failed to load library 'syslog' for feature 'syslog' [0m
[0;36mDebug: Failed to load library 'selinux' for feature 'selinux' [0m
[0;36mDebug: Using settings: adding file resource 'confdir': 'File[C:/ProgramData/PuppetLabs/puppet/etc]{:path=>"C:/ProgramData/PuppetLabs/puppet/etc", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}' [0m
[0;36mDebug: Using settings: adding file resource 'vardir': 'File[C:/ProgramData/PuppetLabs/puppet/var]{:path=>"C:/ProgramData/PuppetLabs/puppet/var", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}' [0m
[0;36mDebug: Using settings: adding file resource 'logdir': 'File[C:/ProgramData/PuppetLabs/puppet/var/log]{:path=>"C:/ProgramData/PuppetLabs/puppet/var/log", :mode=>"750", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}' [0m
[0;36mDebug: Using settings: adding file resource 'statedir': 'File[C:/ProgramData/PuppetLabs/puppet/var/state]{:path=>"C:/ProgramData/PuppetLabs/puppet/var/state", :mode=>"1755", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}' [0m
[0;36mDebug: Using settings: adding file resource 'rundir': 'File[C:/ProgramData/PuppetLabs/puppet/var/run]{:path=>"C:/ProgramData/PuppetLabs/puppet/var/run", :mode=>"755", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}' [0m
[0;36mDebug: Using settings: adding file resource 'libdir': 'File[C:/ProgramData/PuppetLabs/puppet/var/lib]{:path=>"C:/ProgramData/PuppetLabs/puppet/var/lib", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}' [0m
[0;36mDebug: Using settings: adding file resource 'certdir': 'File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/certs]{:path=>"C:/ProgramData/PuppetLabs/puppet/etc/ssl/certs", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}' [0m
[0;36mDebug: Using settings: adding file resource 'ssldir': 'File[C:/ProgramData/PuppetLabs/puppet/etc/ssl]{:path=>"C:/ProgramData/PuppetLabs/puppet/etc/ssl", :mode=>"771", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}' [0m
[0;36mDebug: Using settings: adding file resource 'publickeydir': 'File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/public_keys]{:path=>"C:/ProgramData/PuppetLabs/puppet/etc/ssl/public_keys", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}' [0m
[0;36mDebug: Using settings: adding file resource 'requestdir': 'File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/certificate_requests]{:path=>"C:/ProgramData/PuppetLabs/puppet/etc/ssl/certificate_requests", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}' [0m
[0;36mDebug: Using settings: adding file resource 'privatekeydir': 'File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/private_keys]{:path=>"C:/ProgramData/PuppetLabs/puppet/etc/ssl/private_keys", :mode=>"750", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}' [0m
[0;36mDebug: Using settings: adding file resource 'privatedir': 'File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/private]{:path=>"C:/ProgramData/PuppetLabs/puppet/etc/ssl/private", :mode=>"750", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}' [0m
[0;36mDebug: Using settings: adding file resource 'hostprivkey': 'File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/private_keys/testnode1.pem]{:path=>"C:/ProgramData/PuppetLabs/puppet/etc/ssl/private_keys/testnode1.pem", :mode=>"600", :ensure=>:file, :loglevel=>:debug, :links=>:follow, :backup=>false}' [0m
[0;36mDebug: Using settings: adding file resource 'hostpubkey': 'File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/public_keys/testnode1.pem]{:path=>"C:/ProgramData/PuppetLabs/puppet/etc/ssl/public_keys/testnode1.pem", :mode=>"644", :ensure=>:file, :loglevel=>:debug, :links=>:follow, :backup=>false}' [0m
[0;36mDebug: Using settings: adding file resource 'localcacert': 'File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/certs/ca.pem]{:path=>"C:/ProgramData/PuppetLabs/puppet/etc/ssl/certs/ca.pem", :mode=>"644", :ensure=>:file, :loglevel=>:debug, :links=>:follow, :backup=>false}' [0m
[0;36mDebug: Using settings: adding file resource 'clientyamldir': 'File[C:/ProgramData/PuppetLabs/puppet/var/client_yaml]{:path=>"C:/ProgramData/PuppetLabs/puppet/var/client_yaml", :mode=>"750", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}' [0m
[0;36mDebug: Using settings: adding file resource 'client_datadir': 'File[C:/ProgramData/PuppetLabs/puppet/var/client_data]{:path=>"C:/ProgramData/PuppetLabs/puppet/var/client_data", :mode=>"750", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}' [0m
[0;36mDebug: Using settings: adding file resource 'clientbucketdir': 'File[C:/ProgramData/PuppetLabs/puppet/var/clientbucket]{:path=>"C:/ProgramData/PuppetLabs/puppet/var/clientbucket", :mode=>"750", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}' [0m
[0;36mDebug: Using settings: adding file resource 'graphdir': 'File[C:/ProgramData/PuppetLabs/puppet/var/state/graphs]{:path=>"C:/ProgramData/PuppetLabs/puppet/var/state/graphs", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}' [0m
[0;36mDebug: Puppet::Type::File::ProviderPosix: feature posix is missing [0m
[0;36mDebug: Failed to load library 'shadow' for feature 'libshadow' [0m
[0;36mDebug: /File[C:/ProgramData/PuppetLabs/puppet/var/log]: Autorequiring File[C:/ProgramData/PuppetLabs/puppet/var] [0m
[0;36mDebug: /File[C:/ProgramData/PuppetLabs/puppet/var/state]: Autorequiring File[C:/ProgramData/PuppetLabs/puppet/var] [0m
[0;36mDebug: /File[C:/ProgramData/PuppetLabs/puppet/var/run]: Autorequiring File[C:/ProgramData/PuppetLabs/puppet/var] [0m
[0;36mDebug: /File[C:/ProgramData/PuppetLabs/puppet/var/lib]: Autorequiring File[C:/ProgramData/PuppetLabs/puppet/var] [0m
[0;36mDebug: /File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/certs]: Autorequiring File[C:/ProgramData/PuppetLabs/puppet/etc/ssl] [0m
[0;36mDebug: /File[C:/ProgramData/PuppetLabs/puppet/etc/ssl]: Autorequiring File[C:/ProgramData/PuppetLabs/puppet/etc] [0m
[0;36mDebug: /File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/public_keys]: Autorequiring File[C:/ProgramData/PuppetLabs/puppet/etc/ssl] [0m
[0;36mDebug: /File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/certificate_requests]: Autorequiring File[C:/ProgramData/PuppetLabs/puppet/etc/ssl] [0m
[0;36mDebug: /File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/private_keys]: Autorequiring File[C:/ProgramData/PuppetLabs/puppet/etc/ssl] [0m
[0;36mDebug: /File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/private]: Autorequiring File[C:/ProgramData/PuppetLabs/puppet/etc/ssl] [0m
[0;36mDebug: /File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/private_keys/testnode1.pem]: Autorequiring File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/private_keys] [0m
[0;36mDebug: /File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/public_keys/testnode1.pem]: Autorequiring File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/public_keys] [0m
[0;36mDebug: /File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/certs/ca.pem]: Autorequiring File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/certs] [0m
[0;36mDebug: /File[C:/ProgramData/PuppetLabs/puppet/var/client_yaml]: Autorequiring File[C:/ProgramData/PuppetLabs/puppet/var] [0m
[0;36mDebug: /File[C:/ProgramData/PuppetLabs/puppet/var/client_data]: Autorequiring File[C:/ProgramData/PuppetLabs/puppet/var] [0m
[0;36mDebug: /File[C:/ProgramData/PuppetLabs/puppet/var/clientbucket]: Autorequiring File[C:/ProgramData/PuppetLabs/puppet/var] [0m
[0;36mDebug: /File[C:/ProgramData/PuppetLabs/puppet/var/state/graphs]: Autorequiring File[C:/ProgramData/PuppetLabs/puppet/var/state] [0m
[0;36mDebug: Finishing transaction 36564120 [0m
[0;36mDebug: Using settings: adding file resource 'confdir': 'File[C:/ProgramData/PuppetLabs/puppet/etc]{:path=>"C:/ProgramData/PuppetLabs/puppet/etc", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}' [0m
[0;36mDebug: Using settings: adding file resource 'vardir': 'File[C:/ProgramData/PuppetLabs/puppet/var]{:path=>"C:/ProgramData/PuppetLabs/puppet/var", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}' [0m
[0;36mDebug: Using settings: adding file resource 'logdir': 'File[C:/ProgramData/PuppetLabs/puppet/var/log]{:path=>"C:/ProgramData/PuppetLabs/puppet/var/log", :mode=>"750", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}' [0m
[0;36mDebug: Using settings: adding file resource 'statedir': 'File[C:/ProgramData/PuppetLabs/puppet/var/state]{:path=>"C:/ProgramData/PuppetLabs/puppet/var/state", :mode=>"1755", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}' [0m
[0;36mDebug: Using settings: adding file resource 'rundir': 'File[C:/ProgramData/PuppetLabs/puppet/var/run]{:path=>"C:/ProgramData/PuppetLabs/puppet/var/run", :mode=>"755", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}' [0m
[0;36mDebug: Using settings: adding file resource 'libdir': 'File[C:/ProgramData/PuppetLabs/puppet/var/lib]{:path=>"C:/ProgramData/PuppetLabs/puppet/var/lib", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}' [0m
[0;36mDebug: Using settings: adding file resource 'certdir': 'File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/certs]{:path=>"C:/ProgramData/PuppetLabs/puppet/etc/ssl/certs", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}' [0m
[0;36mDebug: Using settings: adding file resource 'ssldir': 'File[C:/ProgramData/PuppetLabs/puppet/etc/ssl]{:path=>"C:/ProgramData/PuppetLabs/puppet/etc/ssl", :mode=>"771", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}' [0m
[0;36mDebug: Using settings: adding file resource 'publickeydir': 'File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/public_keys]{:path=>"C:/ProgramData/PuppetLabs/puppet/etc/ssl/public_keys", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}' [0m
[0;36mDebug: Using settings: adding file resource 'requestdir': 'File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/certificate_requests]{:path=>"C:/ProgramData/PuppetLabs/puppet/etc/ssl/certificate_requests", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}' [0m
[0;36mDebug: Using settings: adding file resource 'privatekeydir': 'File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/private_keys]{:path=>"C:/ProgramData/PuppetLabs/puppet/etc/ssl/private_keys", :mode=>"750", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}' [0m
[0;36mDebug: Using settings: adding file resource 'privatedir': 'File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/private]{:path=>"C:/ProgramData/PuppetLabs/puppet/etc/ssl/private", :mode=>"750", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}' [0m
[0;36mDebug: Using settings: adding file resource 'hostprivkey': 'File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/private_keys/testnode1.pem]{:path=>"C:/ProgramData/PuppetLabs/puppet/etc/ssl/private_keys/testnode1.pem", :mode=>"600", :ensure=>:file, :loglevel=>:debug, :links=>:follow, :backup=>false}' [0m
[0;36mDebug: Using settings: adding file resource 'hostpubkey': 'File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/public_keys/testnode1.pem]{:path=>"C:/ProgramData/PuppetLabs/puppet/etc/ssl/public_keys/testnode1.pem", :mode=>"644", :ensure=>:file, :loglevel=>:debug, :links=>:follow, :backup=>false}' [0m
[0;36mDebug: Using settings: adding file resource 'localcacert': 'File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/certs/ca.pem]{:path=>"C:/ProgramData/PuppetLabs/puppet/etc/ssl/certs/ca.pem", :mode=>"644", :ensure=>:file, :loglevel=>:debug, :links=>:follow, :backup=>false}' [0m
[0;36mDebug: /File[C:/ProgramData/PuppetLabs/puppet/var/log]: Autorequiring File[C:/ProgramData/PuppetLabs/puppet/var] [0m
[0;36mDebug: /File[C:/ProgramData/PuppetLabs/puppet/var/state]: Autorequiring File[C:/ProgramData/PuppetLabs/puppet/var] [0m
[0;36mDebug: /File[C:/ProgramData/PuppetLabs/puppet/var/run]: Autorequiring File[C:/ProgramData/PuppetLabs/puppet/var] [0m
[0;36mDebug: /File[C:/ProgramData/PuppetLabs/puppet/var/lib]: Autorequiring File[C:/ProgramData/PuppetLabs/puppet/var] [0m
[0;36mDebug: /File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/certs]: Autorequiring File[C:/ProgramData/PuppetLabs/puppet/etc/ssl] [0m
[0;36mDebug: /File[C:/ProgramData/PuppetLabs/puppet/etc/ssl]: Autorequiring File[C:/ProgramData/PuppetLabs/puppet/etc] [0m
[0;36mDebug: /File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/public_keys]: Autorequiring File[C:/ProgramData/PuppetLabs/puppet/etc/ssl] [0m
[0;36mDebug: /File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/certificate_requests]: Autorequiring File[C:/ProgramData/PuppetLabs/puppet/etc/ssl] [0m
[0;36mDebug: /File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/private_keys]: Autorequiring File[C:/ProgramData/PuppetLabs/puppet/etc/ssl] [0m
[0;36mDebug: /File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/private]: Autorequiring File[C:/ProgramData/PuppetLabs/puppet/etc/ssl] [0m
[0;36mDebug: /File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/private_keys/testnode1.pem]: Autorequiring File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/private_keys] [0m
[0;36mDebug: /File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/public_keys/testnode1.pem]: Autorequiring File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/public_keys] [0m
[0;36mDebug: /File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/certs/ca.pem]: Autorequiring File[C:/ProgramData/PuppetLabs/puppet/etc/ssl/certs] [0m
[0;36mDebug: Finishing transaction 37392876 [0m
[0;36mDebug: Using cached certificate for ca [0m
Exiting; failed to retrieve certificate and waitforcert is disabled
Error: Could not request certificate: SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A
The puppet master log shows:
[2013-12-05 10:12:08] ERROR RuntimeError: Client disconnected before connection could be established
/usr/lib64/ruby/vendor_ruby/1.8/puppet/network/http/webrick.rb:31:in `listen'
/usr/lib64/ruby/1.8/webrick/server.rb:173:in `call'
/usr/lib64/ruby/1.8/webrick/server.rb:173:in `start_thread'
/usr/lib64/ruby/1.8/webrick/server.rb:162:in `start'
/usr/lib64/ruby/1.8/webrick/server.rb:162:in `start_thread'
/usr/lib64/ruby/1.8/webrick/server.rb:95:in `start'
/usr/lib64/ruby/1.8/webrick/server.rb:92:in `each'
/usr/lib64/ruby/1.8/webrick/server.rb:92:in `start'
/usr/lib64/ruby/1.8/webrick/server.rb:23:in `start'
/usr/lib64/ruby/1.8/webrick/server.rb:82:in `start'
/usr/lib64/ruby/vendor_ruby/1.8/puppet/network/http/webrick.rb:30:in `listen'
/usr/lib64/ruby/vendor_ruby/1.8/puppet/network/http/webrick.rb:29:in `initialize'
/usr/lib64/ruby/vendor_ruby/1.8/puppet/network/http/webrick.rb:29:in `new'
/usr/lib64/ruby/vendor_ruby/1.8/puppet/network/http/webrick.rb:29:in `listen'
/usr/lib64/ruby/vendor_ruby/1.8/puppet/network/http/webrick.rb:26:in `synchronize'
/usr/lib64/ruby/vendor_ruby/1.8/puppet/network/http/webrick.rb:26:in `listen'
/usr/lib64/ruby/vendor_ruby/1.8/puppet/network/server.rb:92:in `listen'
/usr/lib64/ruby/vendor_ruby/1.8/puppet/network/server.rb:104:in `start'
/usr/lib64/ruby/vendor_ruby/1.8/puppet/daemon.rb:136:in `start'
/usr/lib64/ruby/vendor_ruby/1.8/puppet/application/master.rb:207:in `main'
/usr/lib64/ruby/vendor_ruby/1.8/puppet/application/master.rb:157:in `run_command'
/usr/lib64/ruby/vendor_ruby/1.8/puppet/application.rb:364:in `run'
/usr/lib64/ruby/vendor_ruby/1.8/puppet/application.rb:456:in `plugin_hook'
/usr/lib64/ruby/vendor_ruby/1.8/puppet/application.rb:364:in `run'
/usr/lib64/ruby/vendor_ruby/1.8/puppet/util.rb:504:in `exit_on_fail'
/usr/lib64/ruby/vendor_ruby/1.8/puppet/application.rb:364:in `run'
/usr/lib64/ruby/vendor_ruby/1.8/puppet/util/command_line.rb:132:in `run'
/usr/lib64/ruby/vendor_ruby/1.8/puppet/util/command_line.rb:86:in `execute'
/usr/bin/puppet:4
I suspected the time being out of sync was an issue, so I tried syncing the time on this server and I then renamed the hostname, uninstalled Puppet, deleted the data in C:\ProgramData, removed the certificate on the puppet master, and tried the whole process over again. I continue to get the exact same error. It does not go away after waiting a while like I have seen sometimes.
I've confirmed that there is no firewall issue here. It is able to connect to the puppet master.
Any idea on what is going on here? Or how to debug? I suppose I could try to debug with an openssl client, but I don't know how to replicate the exact environment that this puppet agent is using.
Thanks,
Dan