Jira (PUP-5422) Agent pidfile never removed in Solaris if there is no signed certificate
Title: Message Title Eric Thompson assigned an issue to Eric Thompson Puppet / PUP-5422 Agent pidfile never removed in Solaris if there is no signed certificate Change By: Eric Thompson Assignee: qa Eric Thompson Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5422) Agent pidfile never removed in Solaris if there is no signed certificate
Title: Message Title Eric Thompson assigned an issue to Unassigned Puppet / PUP-5422 Agent pidfile never removed in Solaris if there is no signed certificate Change By: Eric Thompson Assignee: Eric Thompson Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5422) Agent pidfile never removed in Solaris if there is no signed certificate
Title: Message Title Josh Cooper assigned an issue to Josh Cooper Puppet / PUP-5422 Agent pidfile never removed in Solaris if there is no signed certificate Change By: Josh Cooper Assignee: Josh Cooper Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5422) Agent pidfile never removed in Solaris if there is no signed certificate
Title: Message Title Michael Smith assigned an issue to qa Puppet / PUP-5422 Agent pidfile never removed in Solaris if there is no signed certificate Change By: Michael Smith Status: Ready for CI Test Assignee: Josh Cooper qa Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5422) Agent pidfile never removed in Solaris if there is no signed certificate
Title: Message Title Josh Cooper updated an issue Puppet / PUP-5422 Agent pidfile never removed in Solaris if there is no signed certificate Change By: Josh Cooper Release Notes Summary: If the daemonized agent was waiting for a cert to be issued, and the process was killed, e.g. SIGTERM or SIGINT, then the agent would exit ungracefully and leave its pid file behind. Now the agent gracefully exits and deletes its pid file. Release Notes: Bug Fix Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5422) Agent pidfile never removed in Solaris if there is no signed certificate
Title: Message Title Josh Cooper assigned an issue to Josh Cooper Puppet / PUP-5422 Agent pidfile never removed in Solaris if there is no signed certificate Change By: Josh Cooper Assignee: Josh Cooper Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5422) Agent pidfile never removed in Solaris if there is no signed certificate
Title: Message Title Josh Cooper commented on PUP-5422 Re: Agent pidfile never removed in Solaris if there is no signed certificate This issue is reproducible on all platforms if you run the agent daemonized, have autosigning disabled, forcing the agent to wait for the cert to be signed, and while it's daemonized, kill the process. In syslog, you'll see: Nov 5 15:42:34 arcturus puppet-agent[98771]: Could not run: SIGTERM While the agent pid file remains: $ bundle exec puppet agent $ cat /Users/josh/.puppetlabs/var/run/agent.pid 99933 $ cat /Users/josh/.puppetlabs/var/run/agent.pid 99933 With this fix, the agent registers its signal handlers before trying to wait for the cert, and gracefully exits: Nov 5 15:45:41 arcturus puppet-agent[99102]: Reopening log files
Jira (PUP-5422) Agent pidfile never removed in Solaris if there is no signed certificate
Title: Message Title William Hopper updated an issue Puppet / PUP-5422 Agent pidfile never removed in Solaris if there is no signed certificate Change By: William Hopper In Solaris, starting the puppet service with {{puppet resource service puppet ensure=running}} creates {{/var/run/puppetlabs/agent.pid}} with the PID of the daemonized process. However, stopping the service correctly kills the service but leaves the pidfile in place with the old PID.{noformat}-bash-3.2# puppet resource service puppet ensure=runningNotice: /Service[puppet]/ensure: ensure changed 'stopped' to 'running'service { 'puppet': ensure => 'running',}-bash-3.2# puppet resource service puppetservice { 'puppet': ensure => 'running', enable => 'true',}-bash-3.2# cat /var/run/puppetlabs/agent.pid1343-bash-3.2# ps -elf | grep 1343 0 S root 1343 1 0 40 20? 9011? 11:07:40 ? 0:00 /opt/puppetlabs/puppet/bin/ruby /op# Stopping the service-bash-3.2# puppet resource service puppet ensure=stoppedNotice: /Service[puppet]/ensure: ensure changed 'running' to 'stopped'service { 'puppet': ensure => 'stopped',}-bash-3.2# puppet resource service puppetservice { 'puppet': ensure => 'stopped', enable => 'false',}-bash-3.2# cat /var/run/puppetlabs/agent.pid1343-bash-3.2# ps -elf | grep puppet-bash-3.2# svcs puppetSTATE STIMEFMRIdisabled 11:08:31 svc:/network/puppet:default{noformat}Note: this *only* affects agents which don't have a signed certificate, and it only affects Solaris. This is due to the fact that our puppet service start script in Solaris ({{/lib/svc/method/puppet}}) only runs {{exec /opt/puppetlabs/bin/puppet agent}}, unlike other platforms which use the {{--no-daemonize}} option. This means that other platforms don't even have a pidfile to begin with, since the daemon itself is not running.The certificate aspect is due to the fact that when we can't find a cert, a we cycle and wait for it in {{ nil wait_for_cert }} propagates its way back up the stack and prevents {{Puppet::Daemon.stop}} from ever being called. Add Comment
Jira (PUP-5422) Agent pidfile never removed in Solaris if there is no signed certificate
Title: Message Title William Hopper updated an issue Puppet / PUP-5422 Agent pidfile never removed in Solaris if there is no signed certificate Change By: William Hopper In Solaris, starting the puppet service with {{puppet resource service puppet ensure=running}} creates {{/var/run/puppetlabs/agent.pid}} with the PID of the daemonized process. However, stopping the service correctly kills the service but leaves the pidfile in place with the old PID.{noformat}-bash-3.2# puppet resource service puppet ensure=runningNotice: /Service[puppet]/ensure: ensure changed 'stopped' to 'running'service { 'puppet': ensure => 'running',}-bash-3.2# puppet resource service puppetservice { 'puppet': ensure => 'running', enable => 'true',}-bash-3.2# cat /var/run/puppetlabs/agent.pid1343-bash-3.2# ps -elf | grep 1343 0 S root 1343 1 0 40 20? 9011? 11:07:40 ? 0:00 /opt/puppetlabs/puppet/bin/ruby /op# Stopping the service-bash-3.2# puppet resource service puppet ensure=stoppedNotice: /Service[puppet]/ensure: ensure changed 'running' to 'stopped'service { 'puppet': ensure => 'stopped',}-bash-3.2# puppet resource service puppetservice { 'puppet': ensure => 'stopped', enable => 'false',}-bash-3.2# cat /var/run/puppetlabs/agent.pid1343-bash-3.2# ps -elf | grep puppet-bash-3.2# svcs puppetSTATE STIMEFMRIdisabled 11:08:31 svc:/network/puppet:default{noformat}Note: this *only* affects agents which don't have a signed certificate, and it only affects Solaris. This is due to the fact that our puppet service start script in Solaris ({{/lib/svc/method/puppet}}) only runs {{exec /opt/puppetlabs/bin/puppet agent}}, unlike other platforms which use the {{--no-daemonize}} option. This means that other platforms don't even have a pidfile to begin with, since the daemon itself is not running.The certificate aspect is due to the fact that when we can't find a cert, we cycle and wait for it in {{ Puppet::SSL::Host. wait_for_cert}} and prevents eventually get hit with the stop signal. Something is preventing {{Puppet::Daemon.stop}} from ever being called , and thus the pidfile remains behind . Add Comment
Jira (PUP-5422) Agent pidfile never removed in Solaris if there is no signed certificate
Title: Message Title Michael Smith assigned an issue to Michael Smith Puppet / PUP-5422 Agent pidfile never removed in Solaris if there is no signed certificate Change By: Michael Smith Assignee: Michael Smith Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5422) Agent pidfile never removed in Solaris if there is no signed certificate
Title: Message Title Michael Smith commented on PUP-5422 Re: Agent pidfile never removed in Solaris if there is no signed certificate Which test was related to this? I'm not getting the exception, possibly because I also get the error 2015-11-04 15:32:38 -0800 Puppet (err): Could not request certificate: Error 400 on SERVER: The environment must be purely alphanumeric, not 'puppet-ca'. Maybe I need a master to connect to. Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5422) Agent pidfile never removed in Solaris if there is no signed certificate
Title: Message Title William Hopper commented on PUP-5422 Re: Agent pidfile never removed in Solaris if there is no signed certificate Josh Cooper my understanding was that the reason we see this in Solaris is because we execute the puppet service as a daemon, unlike other platforms where we run with --no-daemonize. Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5422) Agent pidfile never removed in Solaris if there is no signed certificate
Title: Message Title Josh Cooper commented on PUP-5422 Re: Agent pidfile never removed in Solaris if there is no signed certificate The environment must be purely alphanumeric occurs when newer agents talk to older agents, and by default the agent will try to connect to puppet which happens to be resolvable for us... for reasons. I imagine that the failure is occurring because ruby knows it's been asked to quit, yet the main thread tries to sleep (to wait for the cert to be signed on the master). This makes me wonder if it's reproducible on other platforms, as I don't think there's any Solaris specific logic? Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5422) Agent pidfile never removed in Solaris if there is no signed certificate
Title: Message Title William Hopper commented on PUP-5422 Re: Agent pidfile never removed in Solaris if there is no signed certificate Michael Smith I was seeing that error in addition to the ones I described. This all happens specifically if you don't have a master, and the exception should pop up when you stop the service. Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5422) Agent pidfile never removed in Solaris if there is no signed certificate
Title: Message Title Michael Smith updated an issue Puppet / PUP-5422 Agent pidfile never removed in Solaris if there is no signed certificate Change By: Michael Smith In Solaris, starting the puppet service with {{puppet resource service puppet ensure=running}} creates {{/var/run/puppetlabs/agent.pid}} with the PID of the daemonized process. However, stopping the service correctly kills the service but leaves the pidfile in place with the old PID.{noformat}-bash-3.2# puppet resource service puppet ensure=runningNotice: /Service[puppet]/ensure: ensure changed 'stopped' to 'running'service { 'puppet': ensure => 'running',}-bash-3.2# puppet resource service puppetservice { 'puppet': ensure => 'running', enable => 'true',}-bash-3.2# cat /var/run/puppetlabs/agent.pid1343-bash-3.2# ps -elf | grep 1343 0 S root 1343 1 0 40 20? 9011? 11:07:40 ? 0:00 /opt/puppetlabs/puppet/bin/ruby /op# Stopping the service-bash-3.2# puppet resource service puppet ensure=stoppedNotice: /Service[puppet]/ensure: ensure changed 'running' to 'stopped'service { 'puppet': ensure => 'stopped',}-bash-3.2# puppet resource service puppetservice { 'puppet': ensure => 'stopped', enable => 'false',}-bash-3.2# cat /var/run/puppetlabs/agent.pid1343-bash-3.2# ps -elf | grep puppet-bash-3.2# svcs puppetSTATE STIMEFMRIdisabled 11:08:31 svc:/network/puppet:default{noformat}Note: this *only* affects agents which don't have a signed certificate, and it only affects Solaris. This is due to the fact that our puppet service start script in Solaris ({{/lib/svc/method/puppet}}) only runs {{exec /opt/puppetlabs/bin/puppet agent}}, unlike other platforms which use the {{--no-daemonize}} option. This means that other platforms don't even have a pidfile to begin with, since the daemon itself is not running.The certificate aspect is due to the fact that when we can't find a cert, we cycle and wait for it in {{Puppet::SSL::Host.wait_for_cert}} and eventually get hit with the stop signal. Something is preventing {{Puppet::Daemon.stop}} from ever being called, and thus the pidfile remains behind. This fix will affect all daemonization code paths (master [--daemonize], master --no-daemonize, agent --onetime, agent --no-daemonize, agent [--daemonize]); we should verify all those modes still work, and when running as a service that shutdown cleans up correctly. See reproduction steps by [~whopper] below. Add Comment
Jira (PUP-5422) Agent pidfile never removed in Solaris if there is no signed certificate
Title: Message Title William Hopper commented on PUP-5422 Re: Agent pidfile never removed in Solaris if there is no signed certificate The following is a stack trace when stopping the puppet service with no signed cert: 2015-11-04 11:35:13 -0800 Puppet (err): Could not run: SIGTERM# <= from 2015-11-04 11:35:39 -0800 Puppet (notice): ## <== below comes from {{util.rb}}, in {{exit_on_fail} 2015-11-04 11:35:39 -0800 Puppet (notice): /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/ssl/host.rb:330:in `sleep' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/ssl/host.rb:330:in `rescue in wait_for_cert' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/ssl/host.rb:320:in `wait_for_cert' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/agent.rb:449:in `wait_for_certificates' /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/agent.rb:325:in `run_command'
Jira (PUP-5422) Agent pidfile never removed in Solaris if there is no signed certificate
Title: Message Title William Hopper updated an issue Puppet / PUP-5422 Agent pidfile never removed in Solaris if there is no signed certificate Change By: William Hopper In Solaris, starting the puppet service with {{puppet resource service puppet ensure=running}} creates {{/var/run/puppetlabs/agent.pid}} with the PID of the daemonized process. However, stopping the service correctly kills the service but leaves the pidfile in place with the old PID.{noformat}-bash-3.2# puppet resource service puppet ensure=runningNotice: /Service[puppet]/ensure: ensure changed 'stopped' to 'running'service { 'puppet': ensure => 'running',}-bash-3.2# puppet resource service puppetservice { 'puppet': ensure => 'running', enable => 'true',}-bash-3.2# cat /var/run/puppetlabs/agent.pid1343-bash-3.2# ps -elf | grep 1343 0 S root 1343 1 0 40 20? 9011? 11:07:40 ? 0:00 /opt/puppetlabs/puppet/bin/ruby /op# Stopping the service-bash-3.2# puppet resource service puppet ensure=stoppedNotice: /Service[puppet]/ensure: ensure changed 'running' to 'stopped'service { 'puppet': ensure => 'stopped',}-bash-3.2# puppet resource service puppetservice { 'puppet': ensure => 'stopped', enable => 'false',}-bash-3.2# cat /var/run/puppetlabs/agent.pid1343-bash-3.2# ps -elf | grep puppet-bash-3.2# svcs puppetSTATE STIMEFMRIdisabled 11:08:31 svc:/network/puppet:default{noformat} Note: this *only* affects agents which don't have a signed certificate, and it only affects Solaris. This is due to the fact that our puppet service start script in Solaris ({{/lib/svc/method/puppet}}) only runs {{exec /opt/puppetlabs/bin/puppet agent}}, unlike other platforms which use the {{--no-daemonize}} option. Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc)
Jira (PUP-5422) Agent pidfile never removed in Solaris if there is no signed certificate
Title: Message Title William Hopper updated an issue Puppet / PUP-5422 Agent pidfile never removed in Solaris if there is no signed certificate Change By: William Hopper Summary: Agent pidfile never removed in Solaris if there is no signed certificate Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5422) Agent pidfile never removed in Solaris if there is no signed certificate
Title: Message Title William Hopper updated an issue Puppet / PUP-5422 Agent pidfile never removed in Solaris if there is no signed certificate Change By: William Hopper In Solaris, starting the puppet service with {{puppet resource service puppet ensure=running}} creates {{/var/run/puppetlabs/agent.pid}} with the PID of the daemonized process. However, stopping the service correctly kills the service but leaves the pidfile in place with the old PID.{noformat}-bash-3.2# puppet resource service puppet ensure=runningNotice: /Service[puppet]/ensure: ensure changed 'stopped' to 'running'service { 'puppet': ensure => 'running',}-bash-3.2# puppet resource service puppetservice { 'puppet': ensure => 'running', enable => 'true',}-bash-3.2# cat /var/run/puppetlabs/agent.pid1343-bash-3.2# ps -elf | grep 1343 0 S root 1343 1 0 40 20? 9011? 11:07:40 ? 0:00 /opt/puppetlabs/puppet/bin/ruby /op# Stopping the service-bash-3.2# puppet resource service puppet ensure=stoppedNotice: /Service[puppet]/ensure: ensure changed 'running' to 'stopped'service { 'puppet': ensure => 'stopped',}-bash-3.2# puppet resource service puppetservice { 'puppet': ensure => 'stopped', enable => 'false',}-bash-3.2# cat /var/run/puppetlabs/agent.pid1343-bash-3.2# ps -elf | grep puppet-bash-3.2# svcs puppetSTATE STIMEFMRIdisabled 11:08:31 svc:/network/puppet:default{noformat}Note: this *only* affects agents which don't have a signed certificate, and it only affects Solaris. This is due to the fact that our puppet service start script in Solaris ({{/lib/svc/method/puppet}}) only runs {{exec /opt/puppetlabs/bin/puppet agent}}, unlike other platforms which use the {{--no-daemonize}} option. This means that other platforms don't even have a pidfile to begin with, since the daemon itself is not running. The certificate aspect is due to the fact that when we can't find a cert, a {{nil}} propagates its way back up the stack and prevents {{Puppet::Daemon.stop}} from ever being called. Add Comment
Jira (PUP-5422) Agent pidfile never removed in Solaris if there is no signed certificate
Title: Message Title William Hopper updated an issue Puppet / PUP-5422 Agent pidfile never removed in Solaris if there is no signed certificate Change By: William Hopper In Solaris, starting the puppet service with {{puppet resource service puppet ensure=running}} creates {{/var/run/puppetlabs/agent.pid}} with the PID of the daemonized process. However, stopping the service correctly kills the service but leaves the pidfile in place with the old PID.{noformat}-bash-3.2# puppet resource service puppet ensure=runningNotice: /Service[puppet]/ensure: ensure changed 'stopped' to 'running'service { 'puppet': ensure => 'running',}-bash-3.2# puppet resource service puppetservice { 'puppet': ensure => 'running', enable => 'true',}-bash-3.2# cat /var/run/puppetlabs/agent.pid1343-bash-3.2# ps -elf | grep 1343 0 S root 1343 1 0 40 20? 9011? 11:07:40 ? 0:00 /opt/puppetlabs/puppet/bin/ruby /op# Stopping the service-bash-3.2# puppet resource service puppet ensure=stoppedNotice: /Service[puppet]/ensure: ensure changed 'running' to 'stopped'service { 'puppet': ensure => 'stopped',}-bash-3.2# puppet resource service puppetservice { 'puppet': ensure => 'stopped', enable => 'false',}-bash-3.2# cat /var/run/puppetlabs/agent.pid1343-bash-3.2# ps -elf | grep puppet-bash-3.2# svcs puppetSTATE STIMEFMRIdisabled 11:08:31 svc:/network/puppet:default{noformat}Note: this *only* affects agents which don't have a signed certificate, and it only affects Solaris. This is due to the fact that our puppet service start script in Solaris ({{/lib/svc/method/puppet}}) only runs {{exec /opt/puppetlabs/bin/puppet agent}}, unlike other platforms which use the {{--no-daemonize}} option. The certificate aspect is due to the fact that when we can't find a cert, a {{nil}} propagates its way back up the stack and prevents {{Puppet::Daemon.stop}} from ever being called. Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc)