Vagrant Puppetmaster Cert
90 views
Skip to first unread message
Drew
Jan 2, 2015, 2:39:28 PM1/2/15
to puppet...@googlegroups.com
Hey,
I hope someone here can point me in the right direction. I've been struggling with this for a few days and I can't seem to figure out what the issue is. It's really strange. I have a vagrant configuration that spins up a puppetmaster and a target machine that runs the agent. When I initially do the 'vagrant up' all comes up and the agent is configured. If I halt the puppetmaster and bring it back up, the agent fails to connect to the puppetmaster due to a certificate error. If I simply restart the puppetmaster service, it connects without issue.
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: puppetmaster.domain.com]
Info: Retrieving plugin
Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: puppetmaster.domain.com]
Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve file metadata for puppet://puppetmaster.domain.com/plugins: SSL_connect returned =1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [se lf signed certificate in certificate chain for /CN=Puppet CA: puppetmaster.domain.com]
Wrapped exception:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: puppetmaster.domain.com]
Info: Loading facts
Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: puppetmaster.domain.com]
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: puppetmaster.domain.com]
The puppetmaster is just running the webrick, since I have a single target there isn't any need for me to set up anything more elaborate. I'm struggling with this and could really use some help.
Thanks!
Felix Frank
Jan 6, 2015, 6:21:14 PM1/6/15
to puppet...@googlegroups.com
Hi,
so are you saying that after SSL breaks, you can fix it by restarting
the service?
so are you saying that after SSL breaks, you can fix it by restarting
the service?
Drew
Jan 8, 2015, 2:28:29 PM1/8/15
to puppet...@googlegroups.com
Yep, that's exactly what I'm saying. Like I said, it's weird. Maybe something with the time?
Thanks!
Felix Frank
Jan 11, 2015, 6:52:01 PM1/11/15
to puppet...@googlegroups.com
It sounds as if your master is doing
Something Weird when it is launched during startup of you Vagrant
instance. What that is exactly is hard to tell.
Try and manipulate the init (or whatever) script to enable some debug logging. See if you can find out the cause for the failures.
If you cannot determine the root cause, consider a workaround such as a
@reboot service puppetmaster restart
cron job.
HTH,
Felix
Try and manipulate the init (or whatever) script to enable some debug logging. See if you can find out the cause for the failures.
If you cannot determine the root cause, consider a workaround such as a
@reboot service puppetmaster restart
cron job.
HTH,
Felix
Drew
Jan 12, 2015, 7:47:54 AM1/12/15
to puppet...@googlegroups.com
Thanks, Felix. I'm working on that now. I'll stick more information in here if I come up with something.
Reply all
Reply to author
Forward
0 new messages