Issue #21869 has been updated by Charlie Sharpsteen. Status changed from Unreviewed to Investigating Assignee set to Charlie Sharpsteen
Was able to re-produce this using 3.2.3 running with a master-agent pair running inside VMs. Looks like the agent is somehow stuck in a recursion loop that continues until it exhausts the stack space or misses a thread lock: <pre> ... loops from ssl/host.rb:194:in `certificate' until stack space exhausted or thread lock missed /usr/lib/ruby/site_ruby/1.8/puppet/network/authentication.rb:17:in `warn_if_near_expiration' /usr/lib/ruby/site_ruby/1.8/puppet/network/http/connection.rb:53:in `request' /usr/lib/ruby/site_ruby/1.8/puppet/network/http/connection.rb:28:in `get' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:83:in `send' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:83:in `http_request' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:62:in `http_get' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:96:in `find' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:168:in `do_request' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/request.rb:215:in `do_request' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:168:in `do_request' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:90:in `find' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/certificate/rest.rb:12:in `find' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:197:in `find' /usr/lib/ruby/site_ruby/1.8/puppet/ssl/host.rb:194:in `certificate' /usr/lib/ruby/site_ruby/1.8/puppet/ssl/host.rb:35:in `localhost' /usr/lib/ruby/site_ruby/1.8/puppet/network/authentication.rb:17:in `warn_if_near_expiration' /usr/lib/ruby/site_ruby/1.8/puppet/network/http/connection.rb:53:in `request' /usr/lib/ruby/site_ruby/1.8/puppet/network/http/connection.rb:28:in `get' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:83:in `send' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:83:in `http_request' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:62:in `http_get' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:96:in `find' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:168:in `do_request' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/request.rb:215:in `do_request' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:168:in `do_request' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:90:in `find' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/certificate/rest.rb:12:in `find' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:197:in `find' /usr/lib/ruby/site_ruby/1.8/puppet/ssl/host.rb:194:in `certificate' /usr/lib/ruby/site_ruby/1.8/puppet/ssl/host.rb:313:in `wait_for_cert' /usr/lib/ruby/site_ruby/1.8/puppet/application/agent.rb:413:in `setup_host' /usr/lib/ruby/site_ruby/1.8/puppet/application/agent.rb:431:in `setup_agent' /usr/lib/ruby/site_ruby/1.8/puppet/application/agent.rb:485:in `setup' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:362:in `run' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:456:in `plugin_hook' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:362:in `run' /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:504:in `exit_on_fail' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:362:in `run' /usr/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb:132:in `run' /usr/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb:86:in `execute' /usr/bin/puppet:4 </pre> ---------------------------------------- Bug #21869: another "Error: Could not request certificate: stack level too deep" https://projects.puppetlabs.com/issues/21869#change-95233 * Author: Ilkka Tengvall * Status: Investigating * Priority: Normal * Assignee: Charlie Sharpsteen * Category: * Target version: * Affected Puppet version: 3.2.3 * Keywords: * Branch: ---------------------------------------- There seems to others like this bug, but they are closed already and this still happens for me. In short: <pre>puppet agent -v -t -d|tee /home/ec2-user/perror.log <bunch of debug log attached separately> Error: Could not request certificate: stack level too deep Exiting; failed to retrieve certificate and waitforcert is disabled </pre> puppet is from puppetlabs repos yesterday: <pre>[root@puppet-client puppet]# rpm -q puppet puppet-3.2.3-1.el6.noarch [root@puppetmaster puppet-etc]# rpm -q puppet-server puppet-server-3.2.3-1.el6.noarch </pre> I am trying to create a generic machine cert for virtual machines built by Jenkins job. I want the machines with the given cert to be able to register to puppet-master automatically, and assing a profile for themselves. I was following this guide: https://gist.github.com/ahpook/1182243. The OS underneath the both puppet agent and master is RHEL 6.4. I attach the long debug log coming from the command above. I have both the master and the client in the cloud. ! 1. I setup the master with certname with public ip name separate to it's cloud private hostname. <pre>[master] node_name = facter certname = ospp-float2.hard.ware.fi </pre> ! 2. and create the keys for the client <pre> puppet cert --generate hattara.taivaalla.pilvi </pre> ! 3. copy them into place <pre> # private master:$ssldir/private_keys/hattara.taivaalla.pilvi.pem -> client:$ssldir/private_keys/hattara.taivaalla.pilvi.pem # public master:$ssldir/ca/signed/hattara.taivaalla.pilvi.pem -> client:$ssldir/certs/hattara.taivaalla.pilvi.pem </pre> ! 4. set the generic cert name for the client <pre> [agent] # let's get assign the node name from facter # and let the fact be fqdn atm, later PaaS profile # from /etc/cybercom-release.yaml certname = hattara.taivaalla.pilvi node_name = facter node_name_fact = fqdn server = ospp-float2.hard.ware.fi </pre> ! 5. start puppet master <pre>service puppetmaster restart</pre> ! 6. try the first command. The debug output is attached. <pre>puppet agent -v -t -d|tee /home/ec2-user/perror.log <bunch of debug log attached separately> Error: Could not request certificate: stack level too deep Exiting; failed to retrieve certificate and waitforcert is disabled </pre> And I see from master http log that the client tries to retrieve the cert. If I retry the command, it behaves differently, some locking problem <pre> Error: Could not request certificate: Thread(#<Thread:0x7f91023bc370 run>) not locked. Exiting; failed to retrieve certificate and waitforcert is disabled </pre> I can retrieve the cert manually by using curl just fine. <pre> curl --insecure -H 'Accept: s' https://ospp-float2.hard.ware.fi:8140/production/certificate/ca </pre> That's about it. Tried all different things for hours today. I suppose it's a bug. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/groups/opt_out.
