Page MenuHomePhabricator
Create Task
Maniphest T208882

Puppet errors on codereview project
Closed, ResolvedPublic
Actions

Description

Puppet has been failing on these servers:

  • Argon.codereview.eqiad.wmflabs
  • Radon.codereview.eqiad.wmflabs

If these are one-off test servers, please let us know so we can delete them.

Otherwise, could you take a few minutes to fix that? Thank you!

Related Objects
Search...

StatusSubtypeAssignedTask
 Resolved GTirloniT208856 Instances with Puppet failures
 Resolvedbd808T208882 Puppet errors on codereview project

Event Timeline

GTirloni triaged this task as High priority.Nov 6 2018, 7:46 PM
GTirloni created this task.
Restricted Application added a project: User-Luke081515. · View Herald TranscriptNov 6 2018, 7:46 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
bd808 subscribed.Nov 6 2018, 10:33 PM

On argon the puppetmaster is set to labs-puppetmaster.wikimedia.org and puppet fails with:

$ puppet agent -tv
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_connect returned=1 errno=0 state=unknown state: sslv3 alert certificate revoked
Info: Retrieving pluginfacts
Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=unknown state: sslv3 alert certificate revoked
Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: SSL_connect returned=1 errno=0 state=unknown state: sslv3 alert certificate revoked
Info: Retrieving plugin
Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=unknown state: sslv3 alert certificate revoked
Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve file metadata for puppet:///plugins: SSL_connect returned=1 errno=0 state=unknown state: sslv3 alert certificate revoked
Info: Loading facts
Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=unknown state: sslv3 alert certificate revoked
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: SSL_connect returned=1 errno=0 state=unknown state: sslv3 alert certificate revoked

I'm wondering if something strange happened here during the move to eqiad1-r:

$ ls -l /var/lib/puppet/ssl/certificate_requests
total 8
-rw-r--r-- 1 puppet puppet 1614 Jan 12  2018 argon.codereview.eqiad.wmflabs.pem
-rw-r--r-- 1 puppet puppet 1626 Oct 29 15:03 host-172-16-2-11.codereview.eqiad.wmflabs.pem
bd808 closed this task as Resolved.Nov 6 2018, 10:35 PM
bd808 claimed this task.
bd808 added a subscriber: Luke081515.

This seems to have fixed both hosts:

$ rm -rf /var/lib/puppet/ssl
$ puppet agent -tv
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL