Issue #21869 has been updated by Charlie Sharpsteen. Status changed from Accepted to In Topic Branch Pending Review Assignee deleted (Charlie Sharpsteen) Branch set to https://github.com/puppetlabs/puppet/pull/2090
Pull request submitted. ---------------------------------------- Bug #21869: another "Error: Could not request certificate: stack level too deep" https://projects.puppetlabs.com/issues/21869#change-100009 * Author: Ilkka Tengvall * Status: In Topic Branch Pending Review * Priority: High * Assignee: * Category: * Target version: 3.x * Affected Puppet version: 3.0.0 * Keywords: * Branch: https://github.com/puppetlabs/puppet/pull/2090 ---------------------------------------- There seems to others like this bug, but they are closed already and this still happens for me. In short: <pre>puppet agent -v -t -d|tee /home/ec2-user/perror.log <bunch of debug log attached separately> Error: Could not request certificate: stack level too deep Exiting; failed to retrieve certificate and waitforcert is disabled </pre> puppet is from puppetlabs repos yesterday: <pre>[root@puppet-client puppet]# rpm -q puppet puppet-3.2.3-1.el6.noarch [root@puppetmaster puppet-etc]# rpm -q puppet-server puppet-server-3.2.3-1.el6.noarch </pre> I am trying to create a generic machine cert for virtual machines built by Jenkins job. I want the machines with the given cert to be able to register to puppet-master automatically, and assing a profile for themselves. I was following this guide: https://gist.github.com/ahpook/1182243. The OS underneath the both puppet agent and master is RHEL 6.4. I attach the long debug log coming from the command above. I have both the master and the client in the cloud. ! 1. I setup the master with certname with public ip name separate to it's cloud private hostname. <pre>[master] node_name = facter certname = ospp-float2.hard.ware.fi </pre> ! 2. and create the keys for the client <pre> puppet cert --generate hattara.taivaalla.pilvi </pre> ! 3. copy them into place <pre> # private master:$ssldir/private_keys/hattara.taivaalla.pilvi.pem -> client:$ssldir/private_keys/hattara.taivaalla.pilvi.pem # public master:$ssldir/ca/signed/hattara.taivaalla.pilvi.pem -> client:$ssldir/certs/hattara.taivaalla.pilvi.pem </pre> ! 4. set the generic cert name for the client <pre> [agent] # let's get assign the node name from facter # and let the fact be fqdn atm, later PaaS profile # from /etc/cybercom-release.yaml certname = hattara.taivaalla.pilvi node_name = facter node_name_fact = fqdn server = ospp-float2.hard.ware.fi </pre> ! 5. start puppet master <pre>service puppetmaster restart</pre> ! 6. try the first command. The debug output is attached. <pre>puppet agent -v -t -d|tee /home/ec2-user/perror.log <bunch of debug log attached separately> Error: Could not request certificate: stack level too deep Exiting; failed to retrieve certificate and waitforcert is disabled </pre> And I see from master http log that the client tries to retrieve the cert. If I retry the command, it behaves differently, some locking problem <pre> Error: Could not request certificate: Thread(#<Thread:0x7f91023bc370 run>) not locked. Exiting; failed to retrieve certificate and waitforcert is disabled </pre> I can retrieve the cert manually by using curl just fine. <pre> curl --insecure -H 'Accept: s' https://ospp-float2.hard.ware.fi:8140/production/certificate/ca </pre> That's about it. Tried all different things for hours today. I suppose it's a bug. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/groups/opt_out.
