On Tue, May 22, 2012 at 6:58 AM, Shiva <shivaraman.ramad...@gmail.com> wrote:
> I am installing puppet enterprise manager (master) on a RHEL box.
> Though the install itself succeeds without any issues, the first run
> of puppet when it tries to deploy the pe_mcollective module fails with
> the following error.
>
> Message:
> change from notrun to 0 failed: sh -c 'umask 077; keytool -
> importkeystore -deststorepass puppet -destkeypass puppet -destkeystore
> broker.ks -srckeystore broker.p12 -srcstorepass puppet -srcstoretype
> PKCS12 -alias puppet-master.xyz.com' returned 1 instead of one of [0]
> at /opt/puppet/share/puppet/modules/pe_mcollective/manifests/posix.pp:
> 138
For posterity, Shiva, Gary and I worked on this issue this afternoon
and found the root cause to be a problem with the fqdn fact and the
return value of the puppet cert command.
The fqdn fact was returning the empty string, which caused the
manifest to execute this command:
puppet cert --generate pe-internal-broker --dns_alt_names
'${pe_mcollective::stomp_server},${::fqdn},stomp'
Since $fqdn is the empty string, two consecutive commas were passed to
the dns_alt_names option. This, in turn caused puppet cert to fail
with an argument error. Even though it failed, the command returns an
exit status of 0 (which is a bug in Puppet). This caused Puppet to
think the command executed successfully and proceeded to try and
convert the PEM files into PKCS12 files.
So, even though the keytool command was failing the root cause was
actually the fqdn fact being empty.
If anyone else runs into this, chance if `facter fqdn` returns what
you expect. If it doesn't print anything out this may be the cause of
this error.
The solution was do add the line `domain foo.bar.com` to
/etc/resolv.conf which then caused `facter fqdn` to return the
expected value.
Hope this helps,
-Jeff
(Now to go fix puppet cert and facter fqdn ...)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
