Page MenuHomePhabricator
Paste P7162

Connecting deployment-webperf01 to puppet
ActivePublic

Authored by Krenair on May 27 2018, 8:00 PM.
root@deployment-webperf01:~# puppet agent -tv
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: deployment-puppetmaster03.deployment-prep.eqiad.wmflabs]
Info: Retrieving pluginfacts
Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: deployment-puppetmaster03.deployment-prep.eqiad.wmflabs]
Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: deployment-puppetmaster03.deployment-prep.eqiad.wmflabs]
Info: Retrieving plugin
Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: deployment-puppetmaster03.deployment-prep.eqiad.wmflabs]
Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve file metadata for puppet:///plugins: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: deployment-puppetmaster03.deployment-prep.eqiad.wmflabs]
Info: Loading facts
Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: deployment-puppetmaster03.deployment-prep.eqiad.wmflabs]
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: deployment-puppetmaster03.deployment-prep.eqiad.wmflabs]
root@deployment-webperf01:~# cd /var/lib/puppet; mv ssl ssl_old; rm /usr/local/share/ca-certificates/Puppet_Internal_CA.crt; sudo nano /usr/local/share/ca-certificates/Puppet_Internal_CA.crt; update-ca-certificates --fresh; puppet agent -tv
Clearing symlinks in /etc/ssl/certs...
done.
Updating certificates in /etc/ssl/certs...
172 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
Info: Creating a new SSL key for deployment-webperf01.deployment-prep.eqiad.wmflabs
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for deployment-webperf01.deployment-prep.eqiad.wmflabs
Info: Certificate Request fingerprint (SHA256): 21:3F:9A:C1:6C:65:E4:8D:FB:DB:36:4C:40:9E:CE:EE:AD:9E:77:86:51:C0:9A:1F:03:AE:75:62:88:68:6C:2C
Info: Caching certificate for ca
Exiting; no certificate found and waitforcert is disabled
#################### at this point you swap to the puppetmaster briefly:
#root@deployment-puppetmaster03:/var/lib/git/operations/puppet# puppet cert sign deployment-webperf01.deployment-prep.eqiad.wmflabs
#Signing Certificate Request for:
# "deployment-webperf01.deployment-prep.eqiad.wmflabs" (SHA256) #21:3F:9A:C1:6C:65:E4:8D:FB:DB:36:4C:40:9E:CE:EE:AD:9E:77:86:51:C0:9A:1F:03:AE:75:62:88:68:6C:2C
#Notice: Signed certificate request for deployment-webperf01.deployment-prep.eqiad.wmflabs
#Notice: Removing file Puppet::SSL::CertificateRequest deployment-webperf01.deployment-prep.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/deployment-webperf01.deployment-prep.eqiad.wmflabs.pem'
####################
root@deployment-webperf01:/var/lib/puppet# puppet agent -tv
Info: Caching certificate for deployment-webperf01.deployment-prep.eqiad.wmflabs
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for deployment-webperf01.deployment-prep.eqiad.wmflabs
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Notice: /File[/var/lib/puppet/lib/facter/net_driver.rb]/content:
--- /var/lib/puppet/lib/facter/net_driver.rb 2018-05-22 17:03:07.846650000 +0000
+++ /tmp/puppet-file20180527-16295-ay19ll 2018-05-27 19:55:53.785272969 +0000
@@ -7,6 +7,10 @@
# when using certain classes of network hardware. The driver name is a common
# case used to differentiate this, e.g. currently some optimizations we've only
# factored out to work correctly on 'bnx2x' -driven cards.
+# The interface speed and duplex are also reported.
+#
+# The returned fact is a hash of hashes of the form:
+# {"eth0"=>{"driver"=>"bnx2x", "speed"=>10000, "duplex"=>"full"}}
require 'facter'
require 'pathname'
@@ -14,13 +18,37 @@
Facter.add('net_driver') do
setcode do
net_d = {}
+
Pathname.glob('/sys/class/net/*').sort.each do |d|
dev = d.to_s.split('/')[4]
driver_link = "#{d}/device/driver/module"
- if File.exist?(driver_link)
- net_d[dev] = File.basename(File.readlink(driver_link))
+ next unless File.exist?(driver_link)
+
+ # Setting the default values as the same reported by the Kernel when
+ # the files are readable but the value is unknown.
+ net_d[dev] = {'speed' => -1, 'duplex' => 'unknown'}
+ net_d[dev]['driver'] = File.basename(File.readlink(driver_link))
+
+ state_file = "#{d}/operstate"
+ next unless File.exist?(state_file)
+
+ # Speed and duplex are readable only on certain iface states
+ # and if ethtool get_settings method is implemented (mostly Ethernet).
+ # See: https://www.kernel.org/doc/Documentation/ABI/testing/sysfs-class-net
+ state = File.read(state_file).strip
+ next unless ['lowerlayerdown', 'testing', 'dormant', 'up'].include?(state)
+
+ speed_file = "#{d}/speed"
+ if File.exist?(speed_file)
+ net_d[dev]['speed'] = File.read(speed_file).to_i
+ end
+
+ duplex_file = "#{d}/duplex"
+ if File.exist?(duplex_file)
+ net_d[dev]['duplex'] = File.read(duplex_file).strip
end
end
+
net_d
end
end
Notice: /File[/var/lib/puppet/lib/facter/net_driver.rb]/content: content changed '{md5}e31734704cc6d0b27055d77f061aa19a' to '{md5}2190142df4df64b23bb8aa910d7a7938'
Notice: /File[/var/lib/puppet/lib/puppet/provider/scap_source/default.rb]/content:
--- /var/lib/puppet/lib/puppet/provider/scap_source/default.rb 2018-05-22 17:03:17.522650000 +0000
+++ /tmp/puppet-file20180527-16295-1x0kdxh 2018-05-27 19:55:54.057275567 +0000
@@ -81,13 +81,18 @@
def checkout(name, path)
umask = 0o002
file_mode = 0o2775
+
unless Dir.exists?(path)
FileUtils.makedirs path, :mode => file_mode
FileUtils.chown_R resource[:owner], resource[:group], path
end
+
pwd = Etc.getpwnam(resource[:owner])
+ pwg = Etc.getgrnam(resource[:group])
+
uid = pwd.uid
- gid = pwd.gid
+ gid = pwg.gid
+
Puppet::Util.withumask(
umask) {
Puppet::Util::Execution.execute(
Notice: /File[/var/lib/puppet/lib/puppet/provider/scap_source/default.rb]/content: content changed '{md5}cb3875bb2326da8aebacdbb6a50366ef' to '{md5}7dd412c58b5339885edbcab1e7990954'
Info: Loading facts
Info: Caching catalog for deployment-webperf01.deployment-prep.eqiad.wmflabs
Notice: /Stage[main]/Base::Environment/Tidy[/var/tmp/core]: Tidying 0 files
Info: Applying configuration version '1527450957'
Notice: /Stage[main]/Base::Standard_packages/Package[atop]/ensure: purged
Notice: /Stage[main]/Exim4/File[/etc/exim4/update-exim4.conf.conf]/content:
--- /etc/exim4/update-exim4.conf.conf 2018-05-23 06:24:51.584641170 +0000
+++ /tmp/puppet-file20180527-16295-12u43hq 2018-05-27 19:56:08.417412731 +0000
@@ -1,13 +1 @@
-dc_eximconfig_configtype='none'
-dc_other_hostnames=''
-dc_local_interfaces=''
-dc_readhost=''
-dc_relay_domains=''
-dc_minimaldns='false'
-dc_relay_nets=''
-dc_smarthost=''
-CFILEMODE='644'
-dc_use_split_config='false'
-dc_hide_mailname=''
-dc_mailname_in_oh='true'
-dc_localdelivery='mail_spool'
+dc_eximconfig_configtype=none
Info: Computing checksum on file /etc/exim4/update-exim4.conf.conf
Info: /Stage[main]/Exim4/File[/etc/exim4/update-exim4.conf.conf]: Filebucketed /etc/exim4/update-exim4.conf.conf to puppet with sum 0b2df9974d276b66962859bad6ff058a
Notice: /Stage[main]/Exim4/File[/etc/exim4/update-exim4.conf.conf]/content:
Notice: /Stage[main]/Exim4/File[/etc/exim4/update-exim4.conf.conf]/content: content changed '{md5}0b2df9974d276b66962859bad6ff058a' to '{md5}68de96ad8b553bc720f9755e936c57ef'
Notice: /Stage[main]/Exim4/File[/etc/exim4/update-exim4.conf.conf]/mode: mode changed '0644' to '0444'
Notice: /Stage[main]/Profile::Base::Certificates/Sslcert::Ca[Puppet_Internal_CA]/File[/usr/local/share/ca-certificates/Puppet_Internal_CA.crt]/group: group changed 'staff' to 'root'
Notice: /Stage[main]/Profile::Base::Certificates/Sslcert::Ca[Puppet_Internal_CA]/File[/usr/local/share/ca-certificates/Puppet_Internal_CA.crt]/mode: mode changed '0644' to '0444'
Info: /Stage[main]/Profile::Base::Certificates/Sslcert::Ca[Puppet_Internal_CA]/File[/usr/local/share/ca-certificates/Puppet_Internal_CA.crt]: Scheduling refresh of Exec[update-ca-certificates]
Info: /Stage[main]/Profile::Base::Certificates/Sslcert::Ca[Puppet_Internal_CA]/File[/usr/local/share/ca-certificates/Puppet_Internal_CA.crt]: Scheduling refresh of Exec[update-ca-certificates]
Notice: /Stage[main]/Sslcert/Exec[update-ca-certificates]: Triggered 'refresh' from 2 events
Notice: /Stage[main]/Sysctl/File[/etc/sysctl.d/99-sysctl.conf]/ensure: removed
Notice: Applied catalog in 7.61 seconds
root@deployment-webperf01:/var/lib/puppet# puppet agent -tv
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for deployment-webperf01.deployment-prep.eqiad.wmflabs
Notice: /Stage[main]/Base::Environment/Tidy[/var/tmp/core]: Tidying 0 files
Info: Applying configuration version '1527451073'
Notice: Applied catalog in 5.14 seconds