Page MenuHomePhabricator

Puppet certificate mismatch on elasticsearch05 (labs)
Closed, ResolvedPublic

Description

Probably easy to fix, but I have not investigated at all yet.

Should probably be fixed fairly soon.

Error log below:

gehel@deployment-elastic05:~$ sudo puppet agent -t --noop
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: Server hostname 'deployment-puppetmaster.eqiad.wmflabs' did not match server certificate; expected one of deployment-puppetmaster.deployment-prep.eqiad.wmflabs, DNS:deployment-puppetmaster.deployment-prep.eqiad.wmflabs, DNS:puppet, DNS:puppet.deployment-prep.eqiad.wmflabs
Info: Retrieving plugin
Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': Server hostname 'deployment-puppetmaster.eqiad.wmflabs' did not match server certificate; expected one of deployment-puppetmaster.deployment-prep.eqiad.wmflabs, DNS:deployment-puppetmaster.deployment-prep.eqiad.wmflabs, DNS:puppet, DNS:puppet.deployment-prep.eqiad.wmflabs
Error: /File[/var/lib/puppet/lib]: Could not evaluate: Server hostname 'deployment-puppetmaster.eqiad.wmflabs' did not match server certificate; expected one of deployment-puppetmaster.deployment-prep.eqiad.wmflabs, DNS:deployment-puppetmaster.deployment-prep.eqiad.wmflabs, DNS:puppet, DNS:puppet.deployment-prep.eqiad.wmflabs Could not retrieve file metadata for puppet://deployment-puppetmaster.eqiad.wmflabs/plugins: Server hostname 'deployment-puppetmaster.eqiad.wmflabs' did not match server certificate; expected one of deployment-puppetmaster.deployment-prep.eqiad.wmflabs, DNS:deployment-puppetmaster.deployment-prep.eqiad.wmflabs, DNS:puppet, DNS:puppet.deployment-prep.eqiad.wmflabs
Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb
Info: Loading facts in /var/lib/puppet/lib/facter/physicalcorecount.rb
Info: Loading facts in /var/lib/puppet/lib/facter/ganeti.rb
Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb
Info: Loading facts in /var/lib/puppet/lib/facter/labsprojectfrommetadata.rb
Info: Loading facts in /var/lib/puppet/lib/facter/initsystem.rb
Info: Loading facts in /var/lib/puppet/lib/facter/apt.rb
Info: Loading facts in /var/lib/puppet/lib/facter/puppet_config_dir.rb
Info: Loading facts in /var/lib/puppet/lib/facter/lldp.rb
Info: Loading facts in /var/lib/puppet/lib/facter/pe_version.rb
Error: Could not retrieve catalog from remote server: Server hostname 'deployment-puppetmaster.eqiad.wmflabs' did not match server certificate; expected one of deployment-puppetmaster.deployment-prep.eqiad.wmflabs, DNS:deployment-puppetmaster.deployment-prep.eqiad.wmflabs, DNS:puppet, DNS:puppet.deployment-prep.eqiad.wmflabs
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: Server hostname 'deployment-puppetmaster.eqiad.wmflabs' did not match server certificate; expected one of deployment-puppetmaster.deployment-prep.eqiad.wmflabs, DNS:deployment-puppetmaster.deployment-prep.eqiad.wmflabs, DNS:puppet, DNS:puppet.deployment-prep.eqiad.wmflabs

Event Timeline

Gehel raised the priority of this task from to Needs Triage.
Gehel updated the task description. (Show Details)
Gehel added a subscriber: Gehel.

Seems there has been a naming convention change from <hostname>.eqiad.wmflabs to <hostname>.deployment-prep.eqiad.wmflabs. Reenabling with sudo puppet agent -t --server=deployment-puppetmaster.deployment-prep.eqiad.wmflabs

Gehel set Security to None.
Deskana added a subscriber: Deskana.

Re-opening. I thought simply force-running 'puppet --server' should be enough, but it is not the case. I'll have a deeper look to see where the issue is (either puppet.conf is not managed by puppet or we have a wrong configuration somewhere)

Strange, it seems to be working again. No idea why. I will re-open (again) if it fails again, nothing to investigate at the moment.