ERROR OpenSSL::SSL::SSLError: tlsv1 alert unknown ca
2,971 views
Skip to first unread message
Marek Dohojda
Nov 11, 2010, 7:56:41 PM11/11/10
to puppet...@googlegroups.com
Puppet 0.25.3-2
However I can't seem to get things working again. here is what I done
removed /var/lib/puppet/ssl on puppetmaster and on all guests
re-installed puppet and older version of ruby
checked certificates, hostname, time.
I am still getting following errors:
Could not retrieve catalog from remote server: Could not intern from pson: source did not contain any PSON!
and on puppetmaster:
ERROR OpenSSL::SSL::SSLError: tlsv1 alert unknown ca
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:44:in `accept'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:44:in `listen'
/usr/lib/ruby/1.8/webrick/server.rb:173:in `call'
/usr/lib/ruby/1.8/webrick/server.rb:173:in `start_thread'
/usr/lib/ruby/1.8/webrick/server.rb:162:in `start'
/usr/lib/ruby/1.8/webrick/server.rb:162:in `start_thread'
/usr/lib/ruby/1.8/webrick/server.rb:95:in `start'
/usr/lib/ruby/1.8/webrick/server.rb:92:in `each'
/usr/lib/ruby/1.8/webrick/server.rb:92:in `start'
/usr/lib/ruby/1.8/webrick/server.rb:23:in `start'
/usr/lib/ruby/1.8/webrick/server.rb:82:in `start'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:42:in `listen'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in `initialize'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in `new'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in `listen'
/usr/lib/ruby/1.8/thread.rb:135:in `synchronize'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:38:in `listen'
/usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:131:in `listen'
/usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:146:in `start'
/usr/lib/ruby/site_ruby/1.8/puppet/daemon.rb:128:in `start'
/usr/lib/ruby/site_ruby/1.8/puppet/application/puppetmasterd.rb:122:in `main'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in `send'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in `run_command'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:306:in `exit_on_fail'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in `run'
/usr/sbin/puppetmasterd:66
I am lost at the moment occasionally I am also getting following on client:
I accidentally removed puppet (didn't notice that removing ruby also removes puppet, yes stupid). And I re-installed. All the files are the same. That includes classes and configuration.
However I can't seem to get things working again. here is what I done
removed /var/lib/puppet/ssl on puppetmaster and on all guests
re-installed puppet and older version of ruby
checked certificates, hostname, time.
I am still getting following errors:
Could not retrieve catalog from remote server: Could not intern from pson: source did not contain any PSON!
and on puppetmaster:
ERROR OpenSSL::SSL::SSLError: tlsv1 alert unknown ca
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:44:in `accept'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:44:in `listen'
/usr/lib/ruby/1.8/webrick/server.rb:173:in `call'
/usr/lib/ruby/1.8/webrick/server.rb:173:in `start_thread'
/usr/lib/ruby/1.8/webrick/server.rb:162:in `start'
/usr/lib/ruby/1.8/webrick/server.rb:162:in `start_thread'
/usr/lib/ruby/1.8/webrick/server.rb:95:in `start'
/usr/lib/ruby/1.8/webrick/server.rb:92:in `each'
/usr/lib/ruby/1.8/webrick/server.rb:92:in `start'
/usr/lib/ruby/1.8/webrick/server.rb:23:in `start'
/usr/lib/ruby/1.8/webrick/server.rb:82:in `start'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:42:in `listen'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in `initialize'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in `new'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in `listen'
/usr/lib/ruby/1.8/thread.rb:135:in `synchronize'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:38:in `listen'
/usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:131:in `listen'
/usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:146:in `start'
/usr/lib/ruby/site_ruby/1.8/puppet/daemon.rb:128:in `start'
/usr/lib/ruby/site_ruby/1.8/puppet/application/puppetmasterd.rb:122:in `main'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in `send'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in `run_command'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:306:in `exit_on_fail'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in `run'
/usr/sbin/puppetmasterd:66
I am lost at the moment occasionally I am also getting following on client:
Teyo Tyree
Nov 11, 2010, 11:09:44 PM11/11/10
to puppet...@googlegroups.com
On Thu, Nov 11, 2010 at 4:56 PM, Marek Dohojda <chr...@gmail.com> wrote:
Puppet 0.25.3-2I accidentally removed puppet (didn't notice that removing ruby also removes puppet, yes stupid). And I re-installed. All the files are the same. That includes classes and configuration.
However I can't seem to get things working again. here is what I done
removed /var/lib/puppet/ssl on puppetmaster and on all guests
Does /var/lib/puppet/ssl/ca exist? If not, restart the puppetmaster. A new CA should be created.
--
Teyo Tyree :: www.puppetlabs.com:: +1.503.208.4475
Marek Dohojda
Nov 11, 2010, 11:21:05 PM11/11/10
to puppet...@googlegroups.com
new SSL has been created I confirmed it and tested
it.
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To post to this group, send email to puppet...@googlegroups.com.
To unsubscribe from this group, send email to puppet-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To post to this group, send email to puppet...@googlegroups.com.
To unsubscribe from this group, send email to puppet-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Marek Dohojda
Nov 13, 2010, 7:48:48 PM11/13/10
to puppet...@googlegroups.com
further research on this:
I think the issue is with the certificates. Although I have no idea what. I removed /var/lib/puppet/ssl directory and recreated it. When a client tries to get catalog I get the following error:
[2010-11-13 19:31:22] ERROR OpenSSL::SSL::SSLError: tlsv1 alert unknown caI am hitting my head against the wall. I have no clue what I am missing. I removed everything, and recreated everything from scratch and still nothing.
I think the issue is with the certificates. Although I have no idea what. I removed /var/lib/puppet/ssl directory and recreated it. When a client tries to get catalog I get the following error:
[2010-11-13 19:31:22] ERROR OpenSSL::SSL::SSLError: tlsv1 alert unknown ca
Patrick
Nov 13, 2010, 8:31:18 PM11/13/10
to puppet...@googlegroups.com
It looks to me like you didn't wipe the client's directory. I'm guessing that the ca is still cached on the client at /var/lib/puppet/ssl/ca.pem (I think that's the right place)
Marek Dohojda
Nov 13, 2010, 9:07:08 PM11/13/10
to puppet...@googlegroups.com
Drat! you are right of course, I did remove the ssl
from the client I am testing but I forgot about all the other hosts which of
course can't verify the certificate. D'OH I been working on this far too
long. Ok so this takes care of this issue, I am back to the:
"Could not intern from pson: source did not contain
any PSON!"
Any ideas on what that means? Google isn't being
helpful for once.
Marek Dohojda
Nov 13, 2010, 10:45:51 PM11/13/10
to puppet...@googlegroups.com
OK I figured this out. The issue appeared to
be with one of the classes. Somehow there was a bad character. What
is amazing is that all I did is open it and close it, so ahm yeah no clue how
that fixed things, but it did.
Martin Willemsma
Nov 19, 2010, 5:51:43 AM11/19/10
to puppet...@googlegroups.com
Hi Marek,
I do have this same issue on one of my test clients.
Nov 19 11:43:52 ***** puppet-agent[15088]: Could not retrieve catalog from remote server: Could not intern from pson: source did not contain any PSON!
Can you point out where you found your 'bad character' and what it was.
I recently upgraded my test environment from 2.6.1 to 2.6.3 installed from gems.
Client
CentOS release 5.2 (Final)
ruby 1.8.5 (2006-08-25) [x86_64-linux]
Puppet: 2.6.3
Gem: 1.3.1
Martin
I do have this same issue on one of my test clients.
Nov 19 11:43:52 ***** puppet-agent[15088]: Could not retrieve catalog from remote server: Could not intern from pson: source did not contain any PSON!
Can you point out where you found your 'bad character' and what it was.
I recently upgraded my test environment from 2.6.1 to 2.6.3 installed from gems.
Client
CentOS release 5.2 (Final)
ruby 1.8.5 (2006-08-25) [x86_64-linux]
Puppet: 2.6.3
Gem: 1.3.1
Martin
2010/11/14 Marek Dohojda <chr...@gmail.com>
Reply all
Reply to author
Forward
0 new messages