Random error in the recovery catalog

[ji...@goffaux.fr]

Hello,

I randomly errors like this:

Fri Jul 22 09:01:41 +0000 2011 //SERVER.fqdn/Puppet (err): Could not
retrieve catalog from remote server: end of file reached
Fri Jul 22 09:01:41 +0000 2011 //SERVER.fqdn/Puppet (notice): Using
cached catalog
Fri Jul 22 09:01:41 +0000 2011 //SERVER.fqdn/Puppet (err): Could not
retrieve catalog; skipping run


Here are the versions:

puppetmaster 2.6.2-4~bpo50+1
puppet 2.6.2-4 => Squeeze
puppet 2.6.2-4~bpo50+1 => lenny

I have about 130 customer puppet.
I left the default time interval.

Someone managed to solve this problem?

[Peter Meier]

> I have about 130 customer puppet.
> I left the default time interval.

Are you still running with default webrick on the puppetmaster? (If you
didn't change anything, then yes you are).

If yes, it's time to scale out and use either a Mongrel or
Passenger-based Setup:
http://projects.puppetlabs.com/projects/puppet/wiki/Using_Passenger

~pete

[ji...@goffaux.fr]

Passenger is already installed, but was not configured to Puppet.
I will do the migration and I will return here.

Thank you!

[ji...@goffaux.fr]

Hello,

I just set up Puppet / Passenger by following the documentation.
For servers already authenticated key I do not encounter problems, but
for new I have these errors:

<-->
root@server2:~# puppetd --test --no-daemonize
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for server2.fqdn
info: Certificate Request fingerprint (md5):
F1:2E:F6:D6:8C:B3:F6:6B:D2:4B:C4:72:1C:E4:24:D9
warning: peer certificate won't be verified in this SSL session
err: Could not request certificate: Error 405 on SERVER: <!DOCTYPE
HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>405 Method Not Allowed</
title>
</
head><body>
<h1>Method Not Allowed</
h1>
<p>The requested method PUT is not allowed for the URL /production/
certificate_request/server2.fqdn.</
p>
<hr>
<address>Apache/2.2.9 (Debian) DAV/2 SVN/1.5.1 Phusion_Passenger/3.0.7
mod_ssl/2.2.9 OpenSSL/0.9.8g Server at puppetmaster.fqdn Port 8140</
address>
</body></
html>

Exiting; failed to retrieve certificate and waitforcert is disabled
root@server2:~#
<--->

Also, I get a new type of error by mail:

<--->
Tue Aug 16 15:52:08 +0200 2011 //server1.fqdn/Puppet (err): Could not
retrieve catalog from remote server: Error 414 on SERVER: <!DOCTYPE
HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>414 Request-URI Too Large</title>
</head><body>
<h1>Request-URI Too Large</h1>
<p>The requested URL's length exceeds the capacity
limit for this server.<br />
</p>
<hr>
<address>Apache/2.2.9 (Debian) DAV/2 SVN/1.5.1 Phusion_Passenger/3.0.7
mod_ssl/2.2.9 OpenSSL/0.9.8g Server at PUPPETMASTER.fqdn Port 8140</
address>
</body></html>

Tue Aug 16 15:52:08 +0200 2011 //server1.fqdn/Puppet (notice): Using
cached catalog
Tue Aug 16 15:52:08 +0200 2011 //server1.fqdn/Puppet (err): Could not
retrieve catalog; skipping run

<---->

I have set the variable:
<--->
PassengerMaxRequests 10000
<--->

But I doubt that this impact on this error.

Again, thank you!
Jimmy

[ji...@goffaux.fr]

Does anyone have an idea?

Thanks you

[Antoine Benkemoun]

I'm not going to be of much help but I also get your first error message from time to time and it goes away without having me do anything.

I'm talking about this one :

err: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect
returned=1 errno=0 state=SSLv3 read server certificate B: certificate
verify failed Could not retrieve file metadata for puppet://PUPPETMASTER.fqdn/plugins:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B:
certificate verify failed

I think this may be due to the fact that by default Puppet runs with webrick (please correct me if I'm wrong) or something similar which can only process requests one at a time. Kind of like if this was some sort of disguised timeout. I have not tried to run Puppet with Passenger so I can't confirm this.

Antoine

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To post to this group, send email to puppet...@googlegroups.com.
To unsubscribe from this group, send email to puppet-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

[Denmat]

Hi,

Have you made any changes to your auth.conf? Are you auto signing your certs? How have you configured apache and passenger?

Here's what you can do as a test. Remove the apache passenger vhost and run puppet using webrick (puppetmasterd). If your client cant connect then your puppet conf needs checking. If it works, then the problem is in your apache configs.

Cheers,

Den

[denmat]

Funny thing.. I just set up apache passenger on my desktop (as opposed
to my normal apache/passenger puppetmasters) and have the same issue.

Looking through the apache logs it is showing that it is trying to PUT
to a directory that doesn't exist on the filesystem.

<title>405 Method Not Allowed</title>

</head><body>

<h1>Method Not Allowed</h1>

Digging a little further the difference between my desktop and the
servers funnily enough is SELinux. Looking at the audit.log I noticed
that httpd was not allowed to run the passenger app.

A lot of trial and audit2allow's later I have it working (kinda).
Could this be your problem too?

Cheers,
Den

On Aug 25, 8:20 am, Denmat <tu2bg...@gmail.com> wrote:
> Hi,
>
> Have you made any changes to your auth.conf? Are you auto signing your certs? How have you configured apache and passenger?
>
> Here's what you can do as a test. Remove the apache passenger vhost and run puppet using webrick (puppetmasterd). If your client cant connect then your puppet conf needs checking. If it works, then the problem is in your apache configs.
>
> Cheers,
> Den
>

> > For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en.

[ji...@goffaux.fr]

Hello,

I'm resolv all problems after installation Apache / Passenger !!

Thanks !!