Issue #13614 has been reported by Marc Richter.
----------------------------------------
Bug #13614: Puppet running ruby1.9 isn't working reliable
https://projects.puppetlabs.com/issues/13614
Author: Marc Richter
Status: Unreviewed
Priority: Normal
Assignee:
Category: ruby19
Target version:
Affected Puppet version: 2.7.12
Keywords:
Branch:
I have a three-node scenario. It consists of :
node1 = master
node2 = agent
node3 = agent
node1 is running puppet 2.7.12 on ruby 1.9.3p125 (2012-02-16 revision 34643) as
master.
node2 is running puppet 2.7.11 on ruby 1.8.7 (2011-12-28 patchlevel 357) as
agent.
node3 is running puppet 2.7.12 on ruby 1.9.3p125 (2012-02-16 revision 34643) as
agent.
node2 could connect to the master, ask to sign it's ca and is running
flawlessly.
node3 couldn't. When you start "puppet agent -d --no-daemonize -w 20 --server
fqdn.tld" you get the following:
on node3:
err: Could not request certificate: SSL_connect returned=1 errno=0 state=SSLv3
read server certificate B: certificate verify failed. This is often because
the time is out of sync on the server or client
on node1 (master):
ERROR OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=SSLv3 read
client certificate A: tlsv1 alert unknown ca
/usr/lib64/ruby/site_ruby/1.9.1/puppet/network/http/webrick.rb:44:in
`accept'
/usr/lib64/ruby/site_ruby/1.9.1/puppet/network/http/webrick.rb:44:in
`block (3 levels) in listen'
/usr/lib64/ruby/1.9.1/webrick/server.rb:191:in `call'
/usr/lib64/ruby/1.9.1/webrick/server.rb:191:in `block in start_thread'
I've deleted /var/lib/puppet/ssl/* on node3 recursively several times and
retried with ensuring to 100% that the two clocks are in perfect sync, but it
always lead to the same issues.
As soon as I start puppet on node3 with ruby 1.8 by running "/usr/bin/ruby18
/usr/bin/puppet agent -d --no-daemonize -w 20 --server fqdn.tld", it works as
expected:
on node3:
info: Creating a new SSL key for backup.web-factory.de
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for backup.web-factory.de
info: Certificate Request fingerprint (md5):
4D:9D:05:4F:59:A6:50:16:C3:AD:86:FC:7D:1C:60:25
warning: peer certificate won't be verified in this SSL session
debug: Using cached certificate for ca
warning: peer certificate won't be verified in this SSL session
debug: Using cached certificate for ca
warning: peer certificate won't be verified in this SSL session
on node1 (master):
DEBUG accept: 195.122.145.75:52963
DEBUG Puppet::Network::HTTP::WEBrickREST is invoked.
backup.web-factory.de - - [04/Apr/2012:11:12:20 CEST] "GET
/production/certificate/backup.web-factory.de? HTTP/1.1" 404 48
- -> /production/certificate/backup.web-factory.de?
DEBUG close: 195.122.145.75:52963
I can list and sign the ca on the master, then without any issue.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
