Issue #6672 has been updated by Ben Hughes. Status changed from Unreviewed to Closed
Ah cool. Thank you for letting us know. Passenger/apache scales much better anyway. ---------------------------------------- Bug #6672: SSL error while processing the catalog on the client https://projects.puppetlabs.com/issues/6672 Author: Dom Rivard Status: Closed Priority: Normal Assignee: Category: SSL Target version: Affected Puppet version: 2.6.4 Keywords: SSL connect 'eval_generate': SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A Branch: Hi, I am looking for some help, here is my issue and I hope I will give enough details. I am having weird SSL_connect error, on a fresh puppet install version 2.6.4. Here are the steps: launch first time the puppet client On the puppet client: puppetd --verbose --no-daemonize info: Creating a new SSL key for puppetclientserver warning: peer certificate won't be verified in this SSL session info: Caching certificate for ca warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session info: Creating a new SSL certificate request for puppetclientserver info: Certificate Request fingerprint (md5): 90:5F:9B:60:CA:53:74:64:AA:63:DF:17:0B:6B:3C:61 warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session Cancelling startup On the puppet master puppetca --sign --all notice: Signed certificate request for puppetclientserver notice: Removing file Puppet::SSL::CertificateRequest puppetclientserver at '/etc/puppet/ssl/ca/requests/puppetclientserver.pem' then I relaunch the puppet client puppetd --verbose --no-daemonize warning: peer certificate won't be verified in this SSL session info: Caching certificate for puppetclientserver notice: Starting Puppet client version 2.6.4 info: Caching certificate_revocation_list for ca info: Caching catalog for puppetclientserver info: Applying configuration version '1299769032' notice: /Stage[main]/Dvdns::Init/Exec[generates-utf-8-en_ca]/returns: executed successfully notice: /Stage[main]/Dvdns::Packages::Slave/Package[dnsutils]/ensure: ensure changed 'purged' to 'latest' notice: /Stage[main]/Dvdns::Packages::Slave/Service[bind9]/enable: enable changed 'true' to 'false' err: /Stage[main]/Dvdns::Postgresql::Slave/Dvdns::Postgresql::Pgsqldb[dvdns]/File[/usr/local/pgsql/datadb/postgresql.conf]: Could not evaluate: SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A Could not retrieve file metadata for puppet://puppet/files/system/slave/config/postgresql-data.conf: SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A at /etc/puppet/manifests/classes/dvdns-postgresql.pp:65 Then it continues the processing until it somewhere requires the file with the error (fail dependencies) and I get these errors 3-4 times while processing the catalog. But it is able to download other files from the master from the same run. Example of this : notice: /Stage[main]/Dvdns::Postgresql::Slave/Dvdns::Postgresql::Pgsqldb[dvdns]/File[/var/run/postgresql/.s.PGSQL.5432]: Dependency File[/var/lib/dv-packages/postgresql_9.0.2-1_i386.deb] has failures: true This is a file downloaded from the file bucket from the master to the client while the other file returned a SSL connect errror. If I re-run the puppet client it can download the file that had the error correctly but it can failed somewhere else. Both puppet server and client are running on Ubuntu 10.04, with puppet 2.6.4, facter 1.5.8. The puppet client installation is done this way through a bash script: apt-get install libruby libopenssl-ruby libxmlrpc-ruby subversion build-essential rubygems1.8 ruby1.8 ruby1.8-dev augeas-lenses libaugeas-ruby1.8 libaugeas0 libpci3 libshadow-ruby1.8 pciutils rdoc python-setuptools --yes ln -sf /usr/bin/ruby1.8 /usr/bin/ruby # Installing Ruby Gems 1.5.0 gem install rubygems-update -v 1.5.0 ruby /var/lib/gems/1.8/gems/rubygems-update-1.5.0/setup.rb all # Install Facter 1.5.8 echo " "; echo "Installing Facter"; cd wget http://www.puppetlabs.com/downloads/facter/facter-1.5.8.tar.gz tar -zxvf facter-1.5.8.tar.gz cd facter-1.5.8 /usr/bin/ruby install.rb # Installing Puppet 2.6.4 echo " "; echo "Installing Puppet"; cd wget http://puppetlabs.com/downloads/puppet/puppet-2.6.4.tar.gz tar -zxvf puppet-2.6.4.tar.gz cd puppet-2.6.4 /usr/bin/ruby install.rb The puppetmaster server is running under webrick /usr/bin/ruby /usr/sbin/puppetmasterd The client is running as mention above puppetd --verbose --no-daemonize for now until I find a solution. The only thing I notice is that it start happening when I switch from a local DNS server that I cannot access in production to a public one like 4.2.2.2, 8.8.8.8, 8.8.4.4. Before that I was on a test environment and I wasn't having these issues. But it remains that the client can connect to the master 85% of the times. If you have any idea or solution they will be greatly appreciated. Thank you! Dominick -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
