Page MenuHomePhabricator
Paste P11649

pontoon steps
ActivePublic

Authored by Kormat on Wed, Jun 24, 10:45 AM.
- create instance
- add role::puppetmaster::pontoon to horizon
- run-puppet-agent (x2)
- https://wikitech.wikimedia.org/wiki/Help:Standalone_puppetmaster#Push_using_a_single_branch
- push local pontoon branch to server
- add pontoon::stack: STACK to horizon
- add puppetmaster: MASTER_FQDN to horizon
- run puppet agent
- find /var/lib/puppet/ssl/ -type f -exec rm -v {} \;
- rm /var/lib/puppet/server/ssl/ca/signed/$(hostname -f).pem
- cp -v /var/lib/puppet/{server/,}ssl/private_keys/$(hostname -f).pem
- cp -v /var/lib/puppet/{server/,}ssl/certs/$(hostname -f).pem
- systemctl restart apache2
- run puppet agent

Event Timeline

Kormat created this paste.Wed, Jun 24, 10:45 AM

From the first puppet run:

Jun 24 10:41:41 af-kormat-pm puppet-master[29880]: Could not prepare for execution: The certificate retrieved from the master does not match the agent's private key. Did you forget to run as root?
Jun 24 10:41:41 af-kormat-pm puppet-master[29880]: Certificate fingerprint: 56:19:7E:97:7A:A4:69:CE:50:10:C6:9A:9F:BA:44:07:BC:AB:98:DE:0A:52:A4:C9:58:24:EB:89:43:0E:92:C3
Jun 24 10:41:41 af-kormat-pm puppet-master[29880]: To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certificate.
Jun 24 10:41:41 af-kormat-pm puppet-master[29880]: On the master:
Jun 24 10:41:41 af-kormat-pm puppet-master[29880]:   puppet cert clean af-kormat-pm.automation-framework.eqiad.wmflabs
Jun 24 10:41:41 af-kormat-pm puppet-master[29880]: On the agent:
Jun 24 10:41:41 af-kormat-pm puppet-master[29880]:   1a. On most platforms: find /var/lib/puppet/ssl -name af-kormat-pm.automation-framework.eqiad.wmflabs.pem -delete
Jun 24 10:41:41 af-kormat-pm puppet-master[29880]:   1b. On Windows: del "\var\lib\puppet\ssl\certs\af-kormat-pm.automation-framework.eqiad.wmflabs.pem" /f
Jun 24 10:41:41 af-kormat-pm puppet-master[29880]:   2. puppet agent -t
kormat@af-kormat-pm:~$ sudo run-puppet-agent
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain): [self signed certificate in certificate chain for /CN=Puppet CA: af-kormat-pm.automation-framework.eqiad.wmflabs]
Info: Retrieving pluginfacts
Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain): [self signed certificate in certificate chain for /CN=Puppet CA: af-kormat-pm.automation-framework.eqiad.wmflabs]
Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain): [self signed certificate in certificate chain for /CN=Puppet CA: af-kormat-pm.automation-framework.eqiad.wmflabs]
Info: Retrieving plugin
Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain): [self signed certificate in certificate chain for /CN=Puppet CA: af-kormat-pm.automation-framework.eqiad.wmflabs]
Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve file metadata for puppet:///plugins: SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain): [self signed certificate in certificate chain for /CN=Puppet CA: af-kormat-pm.automation-framework.eqiad.wmflabs]
Info: Loading facts
Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain): [self signed certificate in certificate chain for /CN=Puppet CA: af-kormat-pm.automation-framework.eqiad.wmflabs]
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain): [self signed certificate in certificate chain for /CN=Puppet CA: af-kormat-pm.automation-framework.eqiad.wmflabs]
Kormat edited the content of this paste. (Show Details)Wed, Jun 24, 12:19 PM
Kormat edited the content of this paste. (Show Details)Wed, Jun 24, 12:28 PM
root@af-kormat-pm:~# run-puppet-agent
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Loading facts
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Function lookup() did not find a value for the name 'profile::base::labs::clean_kernels' (file: /etc/puppet/modules/profile/manifests/base/labs.pp, line: 1) on node af-kormat-pm.automation-framework.eqiad.wmflabs
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, Evaluation Error: Error while evaluating a Function Call, Class[Profile::Puppetmaster::Pontoon]: parameter 'storeconfigs' expects a Boolean value, got String (file: /etc/puppet/modules/role/manifests/puppetmaster/pontoon.pp, line: 15, column: 5) on node af-kormat-pm.automation-framework.eqiad.wmflabs