I found out deployment-salt.eqiad.wmflabs puppet master got broken. Looking at ./puppet.conf and ./puppet.conf.d/10-self.conf I noticed the certname = fields had some HTML such as:
blah some error message
Which ... break puppet!
Our factor in modules/base/lib/facter/ec2id.rb has no error handling:
Facter::Util::Resolution.exec("curl http://169.254.169.254/1.0/meta-data/instance-id 2> /dev/null").chomp
Whenever the executed commands has an error it should bails out. Hopefully curl exit with non 0 whenever it receives a 500.