Issue #6672 has been reported by Dom Rivard.
----------------------------------------
Bug #6672: SSL error while processing the catalog on the client
https://projects.puppetlabs.com/issues/6672
Author: Dom Rivard
Status: Unreviewed
Priority: Normal
Assignee:
Category: SSL
Target version:
Affected Puppet version: 2.6.4
Keywords: SSL connect 'eval_generate': SSL_connect SYSCALL returned=5 errno=0
state=SSLv2/v3 read server hello A
Branch:
Hi,
I am looking for some help, here is my issue and I hope I will give enough
details.
I am having weird SSL_connect error, on a fresh puppet install version 2.6.4.
Here are the steps:
launch first time the puppet client
On the puppet client:
puppetd --verbose --no-daemonize
info: Creating a new SSL key for puppetclientserver
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for puppetclientserver
info: Certificate Request fingerprint (md5):
90:5F:9B:60:CA:53:74:64:AA:63:DF:17:0B:6B:3C:61
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
Cancelling startup
On the puppet master
puppetca --sign --all
notice: Signed certificate request for puppetclientserver
notice: Removing file Puppet::SSL::CertificateRequest
puppetclientserver at '/etc/puppet/ssl/ca/requests/puppetclientserver.pem'
then I relaunch the puppet client
puppetd --verbose --no-daemonize
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for puppetclientserver
notice: Starting Puppet client version 2.6.4
info: Caching certificate_revocation_list for ca
info: Caching catalog for puppetclientserver
info: Applying configuration version '1299769032'
notice: /Stage[main]/Dvdns::Init/Exec[generates-utf-8-en_ca]/returns:
executed successfully
notice: /Stage[main]/Dvdns::Packages::Slave/Package[dnsutils]/ensure:
ensure changed 'purged' to 'latest'
notice: /Stage[main]/Dvdns::Packages::Slave/Service[bind9]/enable:
enable changed 'true' to 'false'
err:
/Stage[main]/Dvdns::Postgresql::Slave/Dvdns::Postgresql::Pgsqldb[dvdns]/File[/usr/local/pgsql/datadb/postgresql.conf]:
Could not evaluate: SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read
server hello A Could not retrieve file metadata for
puppet://puppet/files/system/slave/config/postgresql-data.conf: SSL_connect
SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A at
/etc/puppet/manifests/classes/dvdns-postgresql.pp:65
Then it continues the processing until it somewhere requires the file with the
error (fail dependencies) and I get these errors 3-4 times while processing the
catalog.
But it is able to download other files from the master from the same run.
Example of this :
notice:
/Stage[main]/Dvdns::Postgresql::Slave/Dvdns::Postgresql::Pgsqldb[dvdns]/File[/var/run/postgresql/.s.PGSQL.5432]:
Dependency File[/var/lib/dv-packages/postgresql_9.0.2-1_i386.deb] has
failures: true
This is a file downloaded from the file bucket from the master to the client
while the other file returned a SSL connect errror.
If I re-run the puppet client it can download the file that had the error
correctly but it can failed somewhere else.
Both puppet server and client are running on Ubuntu 10.04, with puppet 2.6.4,
facter 1.5.8.
The puppet client installation is done this way through a bash script:
apt-get install libruby libopenssl-ruby libxmlrpc-ruby subversion
build-essential rubygems1.8 ruby1.8 ruby1.8-dev augeas-lenses libaugeas-ruby1.8
libaugeas0 libpci3 libshadow-ruby1.8 pciutils rdoc python-setuptools --yes
ln -sf /usr/bin/ruby1.8 /usr/bin/ruby
# Installing Ruby Gems 1.5.0
gem install rubygems-update -v 1.5.0
ruby /var/lib/gems/1.8/gems/rubygems-update-1.5.0/setup.rb all
# Install Facter 1.5.8
echo " ";
echo "Installing Facter";
cd
wget http://www.puppetlabs.com/downloads/facter/facter-1.5.8.tar.gz
tar -zxvf facter-1.5.8.tar.gz
cd facter-1.5.8
/usr/bin/ruby install.rb
# Installing Puppet 2.6.4
echo " ";
echo "Installing Puppet";
cd
wget http://puppetlabs.com/downloads/puppet/puppet-2.6.4.tar.gz
tar -zxvf puppet-2.6.4.tar.gz
cd puppet-2.6.4
/usr/bin/ruby install.rb
The puppetmaster server is running under webrick
/usr/bin/ruby /usr/sbin/puppetmasterd
The client is running as mention above puppetd --verbose --no-daemonize for now
until I find a solution.
The only thing I notice is that it start happening when I switch from a local
DNS server that I cannot access in production to a public one like 4.2.2.2,
8.8.8.8, 8.8.4.4.
Before that I was on a test environment and I wasn't having these issues.
But it remains that the client can connect to the master 85% of the times.
If you have any idea or solution they will be greatly appreciated.
Thank you!
Dominick
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
