Issue #13614 has been updated by Patrick Carlisle. Status changed from Unreviewed to Investigating Assignee set to Daniel Pittman
Daniel, does this look like any of the issues you fixed for 1.9.3 in master? If so, reasonable to backport? ---------------------------------------- Bug #13614: Puppet running ruby1.9 isn't working reliably https://projects.puppetlabs.com/issues/13614#change-59620 Author: Marc Richter Status: Investigating Priority: Normal Assignee: Daniel Pittman Category: ruby19 Target version: Affected Puppet version: 2.7.12 Keywords: Branch: I have a three-node scenario. It consists of : <pre> node1 = master node2 = agent node3 = agent node1 is running puppet 2.7.12 on ruby 1.9.3p125 (2012-02-16 revision 34643) as master. node2 is running puppet 2.7.11 on ruby 1.8.7 (2011-12-28 patchlevel 357) as agent. node3 is running puppet 2.7.12 on ruby 1.9.3p125 (2012-02-16 revision 34643) as agent. </pre> node2 could connect to the master, ask to sign it's ca and is running flawlessly. node3 couldn't. When you start "`puppet agent -d --no-daemonize -w 20 --server fqdn.tld`" you get the following: on node3: err: Could not request certificate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed. This is often because the time is out of sync on the server or client on node1 (master): ERROR OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=SSLv3 read client certificate A: tlsv1 alert unknown ca /usr/lib64/ruby/site_ruby/1.9.1/puppet/network/http/webrick.rb:44:in `accept' /usr/lib64/ruby/site_ruby/1.9.1/puppet/network/http/webrick.rb:44:in `block (3 levels) in listen' /usr/lib64/ruby/1.9.1/webrick/server.rb:191:in `call' /usr/lib64/ruby/1.9.1/webrick/server.rb:191:in `block in start_thread' I've deleted `/var/lib/puppet/ssl/*` on node3 recursively several times and retried with ensuring to 100% that the two clocks are in perfect sync, but it always lead to the same issues. As soon as I start puppet on node3 with ruby 1.8 by running "`/usr/bin/ruby18 /usr/bin/puppet agent -d --no-daemonize -w 20 --server fqdn.tld`", it works as expected: on node3: info: Creating a new SSL key for backup.web-factory.de warning: peer certificate won't be verified in this SSL session info: Caching certificate for ca warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session info: Creating a new SSL certificate request for backup.web-factory.de info: Certificate Request fingerprint (md5): 4D:9D:05:4F:59:A6:50:16:C3:AD:86:FC:7D:1C:60:25 warning: peer certificate won't be verified in this SSL session debug: Using cached certificate for ca warning: peer certificate won't be verified in this SSL session debug: Using cached certificate for ca warning: peer certificate won't be verified in this SSL session on node1 (master): DEBUG accept: 195.122.145.75:52963 DEBUG Puppet::Network::HTTP::WEBrickREST is invoked. backup.web-factory.de - - [04/Apr/2012:11:12:20 CEST] "GET /production/certificate/backup.web-factory.de? HTTP/1.1" 404 48 - -> /production/certificate/backup.web-factory.de? DEBUG close: 195.122.145.75:52963 I can list and sign the ca on the master, then without any issue. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
