On Tue, May 22, 2012 at 6:58 AM, Shiva <shivaraman.ramad...@gmail.com> wrote: > I am installing puppet enterprise manager (master) on a RHEL box. > Though the install itself succeeds without any issues, the first run > of puppet when it tries to deploy the pe_mcollective module fails with > the following error. > > Message: > change from notrun to 0 failed: sh -c 'umask 077; keytool - > importkeystore -deststorepass puppet -destkeypass puppet -destkeystore > broker.ks -srckeystore broker.p12 -srcstorepass puppet -srcstoretype > PKCS12 -alias puppet-master.xyz.com' returned 1 instead of one of [0] > at /opt/puppet/share/puppet/modules/pe_mcollective/manifests/posix.pp: > 138
For posterity, Shiva, Gary and I worked on this issue this afternoon and found the root cause to be a problem with the fqdn fact and the return value of the puppet cert command. The fqdn fact was returning the empty string, which caused the manifest to execute this command: puppet cert --generate pe-internal-broker --dns_alt_names '${pe_mcollective::stomp_server},${::fqdn},stomp' Since $fqdn is the empty string, two consecutive commas were passed to the dns_alt_names option. This, in turn caused puppet cert to fail with an argument error. Even though it failed, the command returns an exit status of 0 (which is a bug in Puppet). This caused Puppet to think the command executed successfully and proceeded to try and convert the PEM files into PKCS12 files. So, even though the keytool command was failing the root cause was actually the fqdn fact being empty. If anyone else runs into this, chance if `facter fqdn` returns what you expect. If it doesn't print anything out this may be the cause of this error. The solution was do add the line `domain foo.bar.com` to /etc/resolv.conf which then caused `facter fqdn` to return the expected value. Hope this helps, -Jeff (Now to go fix puppet cert and facter fqdn ...) -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.