Issue #21682 has been updated by Charlie Sharpsteen. Description updated
Thanks for posting the agent backtrace. It definitely clarifies that file permissions may not be the immediate cause of the problem. What appears to be happening is that the agent is preparing to create configuration files and directories and calls up the "puppet user" `pe-puppet`: <pre> # puppet/settings.rb:713 user = Puppet::Type.type(:user).new :name => self[:user], :audit => :ensure @service_user_available = user.exists? </pre> However, it looks like the `user.exists?` call is failing because the provider for that user object is getting set to `nil` for some reason. Would it be possible for you to post the portion of the bootstrap script that is installing the PE 3 agent and running `puppet agent -t`? ---------------------------------------- Bug #21682: puppet agent --test fails when run before puppet daemon obtains signed cert from master https://projects.puppetlabs.com/issues/21682#change-95696 * Author: Raghavendra Rachamadugu * Status: Needs More Information * Priority: Urgent * Assignee: Raghavendra Rachamadugu * Category: * Target version: * Affected Puppet version: * Keywords: * Branch: ---------------------------------------- Repro steps (I’m trying to automate on-boarding of a new node to bring it under Puppet management) 1. Install PE agent on a new node, say node1 2. PE agent automatically checks in with master and submits a CSR 3. Sign the CSR on Puppet master for node1 (optionally set the desired state for this node) 4. Run ‘puppet agent —test’ on node1 (make sure this happens well under 2 minutes after step 3) It fails with exit code 1 with below output. <pre> [1;35merr: Could not create resources for managing Puppet's files and directories in sections [:main, :agent, :ssl]: undefined method `exists?' for nil:NilClass[0m [1;35merr: Could not create resources for managing Puppet's files and directories in sections [:main, :ssl]: undefined method `exists?' for nil:NilClass[0m [1;35merr: Could not create resources for managing Puppet's files and directories in sections [:main, :ssl]: undefined method `exists?' for nil:NilClass[0m [0;32minfo: Caching certificate for main-xyj345w6n6[0m [1;35merr: Could not request certificate: Could not write /etc/puppetlabs/puppet/ssl/certs/main-xyj345w6n6.pem to certdir: undefined method `exists?' for nil:NilClass[0m Exiting; failed to retrieve certificate and waitforcert is disabled </pre> I tested with both PE 2.8.1 and PE 3.0.0. Fails consistently. It looks like the —test starts to succeed after 2 minutes which is when agent daemon is perhaps getting signed cert from master. I’m fine if this is by design but it would help if you suggest a good way to automate the 4 steps needed to on-board a new agent. Few options I could think off are 1. Stop and start the puppet agent. This sounded flaky – stopping the agent right after PE installer returns might surprise agent with an abrupt stop leaving things in half-baked state? 2. Decrease the —waitforcert delay. Unfortunately PE installer doesn’t expose setting of this config parameter, so this can’t work? 3. Explicitly request agent daemon to immediately check with master to fetch the signed cert. Not sure if such a thing exists today. —waitforcert is documented to be applicable only when running agent in daemon mode. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/groups/opt_out.
