Issue #13614 has been updated by Bernhard Schmidt.
I think this is a dupe of Issue #9084. There is a workaround described in this bug. ---------------------------------------- Bug #13614: Puppet running ruby1.9 isn't working reliably https://projects.puppetlabs.com/issues/13614#change-65054 Author: Marc Richter Status: Investigating Priority: Normal Assignee: Daniel Pittman Category: ruby19 Target version: Affected Puppet version: 2.7.12 Keywords: Branch: I have a three-node scenario. It consists of : <pre> node1 = master node2 = agent node3 = agent node1 is running puppet 2.7.12 on ruby 1.9.3p125 (2012-02-16 revision 34643) as master. node2 is running puppet 2.7.11 on ruby 1.8.7 (2011-12-28 patchlevel 357) as agent. node3 is running puppet 2.7.12 on ruby 1.9.3p125 (2012-02-16 revision 34643) as agent. </pre> node2 could connect to the master, ask to sign it's ca and is running flawlessly. node3 couldn't. When you start "`puppet agent -d --no-daemonize -w 20 --server fqdn.tld`" you get the following: on node3: err: Could not request certificate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed. This is often because the time is out of sync on the server or client on node1 (master): ERROR OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=SSLv3 read client certificate A: tlsv1 alert unknown ca /usr/lib64/ruby/site_ruby/1.9.1/puppet/network/http/webrick.rb:44:in `accept' /usr/lib64/ruby/site_ruby/1.9.1/puppet/network/http/webrick.rb:44:in `block (3 levels) in listen' /usr/lib64/ruby/1.9.1/webrick/server.rb:191:in `call' /usr/lib64/ruby/1.9.1/webrick/server.rb:191:in `block in start_thread' I've deleted `/var/lib/puppet/ssl/*` on node3 recursively several times and retried with ensuring to 100% that the two clocks are in perfect sync, but it always lead to the same issues. As soon as I start puppet on node3 with ruby 1.8 by running "`/usr/bin/ruby18 /usr/bin/puppet agent -d --no-daemonize -w 20 --server fqdn.tld`", it works as expected: on node3: info: Creating a new SSL key for backup.web-factory.de warning: peer certificate won't be verified in this SSL session info: Caching certificate for ca warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session info: Creating a new SSL certificate request for backup.web-factory.de info: Certificate Request fingerprint (md5): 4D:9D:05:4F:59:A6:50:16:C3:AD:86:FC:7D:1C:60:25 warning: peer certificate won't be verified in this SSL session debug: Using cached certificate for ca warning: peer certificate won't be verified in this SSL session debug: Using cached certificate for ca warning: peer certificate won't be verified in this SSL session on node1 (master): DEBUG accept: 195.122.145.75:52963 DEBUG Puppet::Network::HTTP::WEBrickREST is invoked. backup.web-factory.de - - [04/Apr/2012:11:12:20 CEST] "GET /production/certificate/backup.web-factory.de? HTTP/1.1" 404 48 - -> /production/certificate/backup.web-factory.de? DEBUG close: 195.122.145.75:52963 I can list and sign the ca on the master, then without any issue. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
