Issue #9145 has been updated by Ryan Conway.
Sure, I understand! My only suggestion then would be to just make the file handling more robust so it skips files it has trouble reading or processing, so at least it won't block the certificate authority from signing new requests completely, and of course your suggestion for more helpful error messages too. ---------------------------------------- Bug #9145: error message is not clear when puppet agent runs out of disk space during cert generation https://projects.puppetlabs.com/issues/9145 Author: Dan Bode Status: Accepted Priority: Normal Assignee: Category: SSL Target version: Affected Puppet version: Keywords: Branch: When certs generated by puppet agent fail b/c of disk space, the error message says that something is wrong with the ca headers: This was observed against puppet 2.6.9 <pre> root@ubuntu-1004-32-2:/etc/puppetlabs/puppet# puppet agent --test --debug --trace debug: Failed to load library 'selinux' for feature 'selinux' debug: Puppet::Type::User::ProviderPw: file pw does not exist debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does not exist debug: Puppet::Type::User::ProviderUser_role_add: file roledel does not exist debug: Puppet::Type::User::ProviderLdap: true value when expecting false debug: Puppet::Type::File::ProviderMicrosoft_windows: feature microsoft_windows is missing debug: /File[/etc/puppetlabs/puppet/puppet.conf]: Autorequiring File[/etc/puppetlabs/puppet] debug: /File[/etc/puppetlabs/puppet/ssl/certificate_requests]: Autorequiring File[/etc/puppetlabs/puppet/ssl] debug: /File[/etc/puppetlabs/puppet/ssl/private_keys]: Autorequiring File[/etc/puppetlabs/puppet/ssl] debug: /File[/var/opt/lib/pe-puppet/client_data]: Autorequiring File[/var/opt/lib/pe-puppet] debug: /File[/var/opt/lib/pe-puppet/client_yaml]: Autorequiring File[/var/opt/lib/pe-puppet] debug: /File[/var/opt/lib/pe-puppet/state/graphs]: Autorequiring File[/var/opt/lib/pe-puppet/state] debug: /File[/var/opt/lib/pe-puppet/lib]: Autorequiring File[/var/opt/lib/pe-puppet] debug: /File[/var/opt/lib/pe-puppet/state]: Autorequiring File[/var/opt/lib/pe-puppet] debug: /File[/var/opt/lib/pe-puppet/clientbucket]: Autorequiring File[/var/opt/lib/pe-puppet] debug: /File[/etc/puppetlabs/puppet/ssl/private]: Autorequiring File[/etc/puppetlabs/puppet/ssl] debug: /File[/var/run/pe-puppet/agent.pid]: Autorequiring File[/var/run/pe-puppet] debug: /File[/etc/puppetlabs/puppet/ssl/certs]: Autorequiring File[/etc/puppetlabs/puppet/ssl] debug: /File[/etc/puppetlabs/puppet/ssl/public_keys]: Autorequiring File[/etc/puppetlabs/puppet/ssl] debug: /File[/etc/puppetlabs/puppet/ssl]: Autorequiring File[/etc/puppetlabs/puppet] debug: /File[/var/opt/lib/pe-puppet/facts]: Autorequiring File[/var/opt/lib/pe-puppet] debug: /File[/etc/puppetlabs/puppet/ssl/public_keys]/ensure: created debug: /File[/etc/puppetlabs/puppet/ssl/certs]/ensure: created debug: /File[/etc/puppetlabs/puppet/ssl/private]/ensure: created debug: /File[/etc/puppetlabs/puppet/ssl/certificate_requests]/ensure: created debug: /File[/etc/puppetlabs/puppet/ssl/private_keys]/ensure: created debug: Finishing transaction -610347968 debug: /File[/etc/puppetlabs/puppet/ssl/public_keys]: Autorequiring File[/etc/puppetlabs/puppet/ssl] debug: /File[/etc/puppetlabs/puppet/ssl]: Autorequiring File[/etc/puppetlabs/puppet] debug: /File[/etc/puppetlabs/puppet/ssl/private_keys]: Autorequiring File[/etc/puppetlabs/puppet/ssl] debug: /File[/var/opt/lib/pe-puppet/facts]: Autorequiring File[/var/opt/lib/pe-puppet] debug: /File[/etc/puppetlabs/puppet/ssl/certificate_requests]: Autorequiring File[/etc/puppetlabs/puppet/ssl] debug: /File[/var/opt/lib/pe-puppet/state]: Autorequiring File[/var/opt/lib/pe-puppet] debug: /File[/etc/puppetlabs/puppet/ssl/private]: Autorequiring File[/etc/puppetlabs/puppet/ssl] debug: /File[/var/opt/lib/pe-puppet/lib]: Autorequiring File[/var/opt/lib/pe-puppet] debug: /File[/etc/puppetlabs/puppet/ssl/certs]: Autorequiring File[/etc/puppetlabs/puppet/ssl] debug: Finishing transaction -611172438 info: Creating a new SSL key for ubuntu-1004-32-2 warning: peer certificate won't be verified in this SSL session info: Caching certificate for ca warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session info: Caching certificate_request for ubuntu-1004-32-2 /opt/puppet/lib/site_ruby/1.8/puppet/ssl/base.rb:42:in `initialize' /opt/puppet/lib/site_ruby/1.8/puppet/ssl/base.rb:42:in `new' /opt/puppet/lib/site_ruby/1.8/puppet/ssl/base.rb:42:in `read' /opt/puppet/lib/site_ruby/1.8/puppet/indirector/ssl_file.rb:86:in `find' /opt/puppet/lib/site_ruby/1.8/puppet/indirector/indirection.rb:214:in `find_in_cache' /opt/puppet/lib/site_ruby/1.8/puppet/indirector/indirection.rb:183:in `find' /opt/puppet/lib/site_ruby/1.8/puppet/indirector.rb:50:in `find' /opt/puppet/lib/site_ruby/1.8/puppet/ssl/host.rb:162:in `certificate' /opt/puppet/lib/site_ruby/1.8/puppet/ssl/host.rb:187:in `generate' /opt/puppet/lib/site_ruby/1.8/puppet/ssl/host.rb:228:in `wait_for_cert' /opt/puppet/lib/site_ruby/1.8/puppet/application/agent.rb:194:in `setup_host' /opt/puppet/lib/site_ruby/1.8/puppet/application/agent.rb:259:in `setup' /opt/puppet/lib/site_ruby/1.8/puppet/application.rb:304:in `run' /opt/puppet/lib/site_ruby/1.8/puppet/application.rb:420:in `hook' /opt/puppet/lib/site_ruby/1.8/puppet/application.rb:304:in `run' /opt/puppet/lib/site_ruby/1.8/puppet/application.rb:411:in `exit_on_fail' /opt/puppet/lib/site_ruby/1.8/puppet/application.rb:304:in `run' /opt/puppet/lib/site_ruby/1.8/puppet/util/command_line.rb:62:in `execute' /usr/local/bin/puppet:4 err: Cached certificate for ca failed: header too long warning: peer certificate won't be verified in this SSL session info: Caching certificate for ca warning: peer certificate won't be verified in this SSL session /opt/puppet/lib/site_ruby/1.8/puppet/ssl/base.rb:42:in `initialize' /opt/puppet/lib/site_ruby/1.8/puppet/ssl/base.rb:42:in `new' /opt/puppet/lib/site_ruby/1.8/puppet/ssl/base.rb:42:in `read' /opt/puppet/lib/site_ruby/1.8/puppet/indirector/ssl_file.rb:86:in `find' /opt/puppet/lib/site_ruby/1.8/puppet/indirector/indirection.rb:214:in `find_in_cache' /opt/puppet/lib/site_ruby/1.8/puppet/indirector/indirection.rb:183:in `find' /opt/puppet/lib/site_ruby/1.8/puppet/indirector.rb:50:in `find' /opt/puppet/lib/site_ruby/1.8/puppet/ssl/host.rb:162:in `certificate' /opt/puppet/lib/site_ruby/1.8/puppet/ssl/host.rb:229:in `wait_for_cert' /opt/puppet/lib/site_ruby/1.8/puppet/application/agent.rb:194:in `setup_host' /opt/puppet/lib/site_ruby/1.8/puppet/application/agent.rb:259:in `setup' /opt/puppet/lib/site_ruby/1.8/puppet/application.rb:304:in `run' /opt/puppet/lib/site_ruby/1.8/puppet/application.rb:420:in `hook' /opt/puppet/lib/site_ruby/1.8/puppet/application.rb:304:in `run' /opt/puppet/lib/site_ruby/1.8/puppet/application.rb:411:in `exit_on_fail' /opt/puppet/lib/site_ruby/1.8/puppet/application.rb:304:in `run' /opt/puppet/lib/site_ruby/1.8/puppet/util/command_line.rb:62:in `execute' /usr/local/bin/puppet:4 err: Cached certificate for ca failed: header too long warning: peer certificate won't be verified in this SSL session info: Caching certificate for ca warning: peer certificate won't be verified in this SSL session Exiting; no certificate found and waitforcert is disabled </pre> This results in empty public and private key files. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
