Re: [Puppet Users] Error 400 on SERVER: Could not write /var/lib/puppet/ssl/ca/requests/agent1.pem to csrdir: undefined method `exists?' for nil:NilClass
1,977 views
Skip to first unread message
Ashish Jaiswal
Aug 28, 2012, 12:14:58 PM8/28/12
to puppet...@googlegroups.com
Hi,
To me it seems to be permission issue on SSL directory on master .. can you let me what is the permission on SSL directory ..
This is just a wild guess..
Regards,
Ashish Jaiswal
On Aug 28, 2012 12:53 PM, "Edward Tuan" <duany...@gmail.com> wrote:
I've been confused by this question for near two days ...my puppet master version is 2.7.9-1.el6 and client versiong is 2.6.16-2.el5. This is what my command lines shows:
[root@agent1 ~]# puppet agent --server=edward --test --waitforce 30
info: Creating a new SSL key for agent1
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for agent1
info: Certificate Request fingerprint (md5): 4C:03:FE:BD:B8:68:4A:AB:F8:DC:BA:36:38:38:9C:8E
warning: peer certificate won't be verified in this SSL session
err: Could not request certificate: Error 400 on SERVER: Could not write /var/lib/puppet/ssl/ca/requests/agent1.pem to csrdir: undefined method `exists?' for nil:NilClass
then,I make run that with debug options and the result is :
[root@agent1 ~]# puppet agent --server=edward --debug --waitforce 30
debug: Failed to load library 'rubygems' for feature 'rubygems'
debug: Puppet::Type::User::ProviderPw: file pw does not exist
debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does not exist
debug: Puppet::Type::User::ProviderLdap: true value when expecting false
debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does not exist
debug: Puppet::Type::File::ProviderMicrosoft_windows: feature microsoft_windows is missing
debug: Failed to load library 'ldap' for feature 'ldap'
debug: /File[/var/lib/puppet/ssl/private_keys/agent1.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys]
debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet]
debug: /File[/var/lib/puppet/ssl/public_keys/agent1.pem]: Autorequiring File[/var/lib/puppet/ssl/public_keys]
debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/client_data]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/client_yaml]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/state/graphs]: Autorequiring File[/var/lib/puppet/state]
debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/clientbucket]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/var/lib/puppet/ssl/certs]
debug: /File[/var/lib/puppet/ssl/private_keys/agent1.pem]/mode: mode changed '640' to '600'
debug: /File[/var/lib/puppet/ssl/public_keys/agent1.pem]/mode: mode changed '640' to '644'
debug: Finishing transaction -606807388
Can somebody help me solve my problem?
Hope your response sinceryly!
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/plfJBjR9FPQJ.
To post to this group, send email to puppet...@googlegroups.com.
To unsubscribe from this group, send email to puppet-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Edward Tuan
Aug 28, 2012, 10:10:06 PM8/28/12
to puppet...@googlegroups.com
Much thanks for your reply. Is this your meaning:
[edward@edward ~]$ cd /var/lib/puppet/
[edward@edward puppet]$ ls
bucket clientbucket client_yaml lib rrd ssl yaml
classes.txt client_data facts reports server_data state
[edward@edward puppet]$ cd ssl
[edward@edward ssl]$ ls
ls: cannot open directory .: Permission denied
[edward@edward ssl]$
As a regular user I can't open this directory,otherwise I am a root user. I deleted this directory with rm -rf when I install puppet,then let it create a new ssl in a root. Is that question?How can I do?
在 2012年8月29日星期三UTC+8上午12时15分07秒,Ashish Jaiswal写道:
[edward@edward ~]$ cd /var/lib/puppet/
[edward@edward puppet]$ ls
bucket clientbucket client_yaml lib rrd ssl yaml
classes.txt client_data facts reports server_data state
[edward@edward puppet]$ cd ssl
[edward@edward ssl]$ ls
ls: cannot open directory .: Permission denied
[edward@edward ssl]$
As a regular user I can't open this directory,otherwise I am a root user. I deleted this directory with rm -rf when I install puppet,then let it create a new ssl in a root. Is that question?How can I do?
在 2012年8月29日星期三UTC+8上午12时15分07秒,Ashish Jaiswal写道:
Ashish
Aug 28, 2012, 10:22:25 PM8/28/12
to puppet...@googlegroups.com, Edward Tuan
Hi Edward,
You won't be able to access as normal user, you need to be root for
that.
If you have deleted your ssl directory, nothing much to worry it will
generate again, what I was asking the permission on ssl directory.?
On my server it has something like this
# ls
drwxrwx--x 8 puppet root 4096 2012-05-15 01:08 ssl/
You can refer to this link
http://projects.puppetlabs.com/projects/1/wiki/certificates_and_security
-Ashish
On Wednesday 29 August 2012 07:40:06 AM IST, Edward Tuan wrote:
> Much thanks for your reply. Is this your meaning:
> [edward@edward ~]$*cd /var/lib/puppet/*
> ls: cannot open directory .: Permission denied*
> --waitforce 30*
> --waitforce 30*
> <https://groups.google.com/d/msg/puppet-users/-/plfJBjR9FPQJ>.
> <http://groups.google.com/group/puppet-users?hl=en>.
You won't be able to access as normal user, you need to be root for
that.
If you have deleted your ssl directory, nothing much to worry it will
generate again, what I was asking the permission on ssl directory.?
On my server it has something like this
# ls
drwxrwx--x 8 puppet root 4096 2012-05-15 01:08 ssl/
You can refer to this link
http://projects.puppetlabs.com/projects/1/wiki/certificates_and_security
-Ashish
On Wednesday 29 August 2012 07:40:06 AM IST, Edward Tuan wrote:
> Much thanks for your reply. Is this your meaning:
> [edward@edward puppet]$ ls
> bucket clientbucket client_yaml lib rrd ssl yaml
> classes.txt client_data facts reports server_data state
> [edward@edward puppet]$ cd ssl
> *[edward@edward ssl]$ ls
> bucket clientbucket client_yaml lib rrd ssl yaml
> classes.txt client_data facts reports server_data state
> [edward@edward puppet]$ cd ssl
> ls: cannot open directory .: Permission denied*
> [edward@edward ssl]$
>
> As a regular user I can't open this directory,otherwise I am a root
> user. I deleted this directory with rm -rf when I install puppet,then
> let it create a new ssl in a root. Is that question?How can I do?
>
> 在 2012年8月29日星期三UTC+8上午12时15分07秒,Ashish Jaiswal写道:
>
> Hi,
>
> To me it seems to be permission issue on SSL directory on master
> .. can you let me what is the permission on SSL directory ..
>
> This is just a wild guess..
>
> Regards,
> Ashish Jaiswal
>
> On Aug 28, 2012 12:53 PM, "Edward Tuan" <duany...@gmail.com
>
> As a regular user I can't open this directory,otherwise I am a root
> user. I deleted this directory with rm -rf when I install puppet,then
> let it create a new ssl in a root. Is that question?How can I do?
>
> 在 2012年8月29日星期三UTC+8上午12时15分07秒,Ashish Jaiswal写道:
>
> Hi,
>
> To me it seems to be permission issue on SSL directory on master
> .. can you let me what is the permission on SSL directory ..
>
> This is just a wild guess..
>
> Regards,
> Ashish Jaiswal
>
> On Aug 28, 2012 12:53 PM, "Edward Tuan" <duany...@gmail.com
> <javascript:>> wrote:
>
> I've been confused by this question for near two days ...my
> puppet master version is 2.7.9-1.el6 and client versiong is
> 2.6.16-2.el5. This is what my command lines shows:
>
>
> *[root@agent1 ~]# puppet agent --server=edward --test
>
> I've been confused by this question for near two days ...my
> puppet master version is 2.7.9-1.el6 and client versiong is
> 2.6.16-2.el5. This is what my command lines shows:
>
>
> --waitforce 30*
> info: Creating a new SSL key for agent1
> warning: peer certificate won't be verified in this SSL session
> info: Caching certificate for ca
> warning: peer certificate won't be verified in this SSL session
> warning: peer certificate won't be verified in this SSL session
> info: Creating a new SSL certificate request for agent1
> info: Certificate Request fingerprint (md5):
> 4C:03:FE:BD:B8:68:4A:AB:F8:DC:BA:36:38:38:9C:8E
> warning: peer certificate won't be verified in this SSL session
> err: Could not request certificate: Error 400 on SERVER: Could
> not write /var/lib/puppet/ssl/ca/requests/agent1.pem to
> csrdir: undefined method `exists?' for nil:NilClass
>
> then,I make run that with debug options and the result is :
>
> *[root@agent1 ~]# puppet agent --server=edward --debug
> warning: peer certificate won't be verified in this SSL session
> info: Caching certificate for ca
> warning: peer certificate won't be verified in this SSL session
> warning: peer certificate won't be verified in this SSL session
> info: Creating a new SSL certificate request for agent1
> info: Certificate Request fingerprint (md5):
> 4C:03:FE:BD:B8:68:4A:AB:F8:DC:BA:36:38:38:9C:8E
> warning: peer certificate won't be verified in this SSL session
> err: Could not request certificate: Error 400 on SERVER: Could
> not write /var/lib/puppet/ssl/ca/requests/agent1.pem to
> csrdir: undefined method `exists?' for nil:NilClass
>
> then,I make run that with debug options and the result is :
>
> --waitforce 30*
> To post to this group, send email to
> puppet...@googlegroups.com <javascript:>.
> To unsubscribe from this group, send email to
> puppet-users...@googlegroups.com <javascript:>.
> <http://groups.google.com/group/puppet-users?hl=en>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/KCLcnqxmvHcJ.
> --
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To view this discussion on the web visit
Edward Tuan
Aug 28, 2012, 11:27:00 PM8/28/12
to puppet...@googlegroups.com, Edward Tuan
Hi Ashish,
1st, what on my server is this:
[root@edward ~]# ls -ld /var/lib/puppet/ssl/
drwxrwx--x. 8 puppet root 4096 Aug 27 17:21 /var/lib/puppet/ssl/
[root@edward ~]#
2nd, I debug on my server with puppet cert --list --debug, and the result is(not far only this,I just show 5 lines):
debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does not exist
debug: Puppet::Type::User::ProviderLdap: true value when expecting false
3rd, I read what you have linked to me: there is one sentence(under theCertificates):
You can manually copy the master certificate through a secure
channel to the client if you want to,
does I do that can solve my question? How can I do?
--Edward.
在 2012年8月29日星期三UTC+8上午10时22分41秒,Ashish Jaiswal写道:
1st, what on my server is this:
[root@edward ~]# ls -ld /var/lib/puppet/ssl/
drwxrwx--x. 8 puppet root 4096 Aug 27 17:21 /var/lib/puppet/ssl/
[root@edward ~]#
2nd, I debug on my server with puppet cert --list --debug, and the result is(not far only this,I just show 5 lines):
debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does not exist
debug: Puppet::Type::User::ProviderLdap: true value when expecting false
debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does not exist
debug: Puppet::Type::User::ProviderPw: file pw does not exist
debug: /File[/var/lib/puppet/ssl/ca/requests]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl/ca/requestsdebug: Puppet::Type::User::ProviderPw: file pw does not exist
3rd, I read what you have linked to me: there is one sentence(under the
Certificates):
You can manually copy the master certificate through a secure
channel to the client if you want to,does I do that can solve my question? How can I do?
--Edward.
在 2012年8月29日星期三UTC+8上午10时22分41秒,Ashish Jaiswal写道:
Reply all
Reply to author
Forward
0 new messages