Page MenuHomePhabricator

Puppet stalled on fresh Precise instance
Closed, ResolvedPublic

Description

I have created a new Precise instance integration-slave1001 (without any class applied) and the first puppet run is blocked by:

# puppet agent -tv
Error: Could not request certificate: The certificate retrieved from the master does not match the agent's private key.
Certificate fingerprint: 2B:54:91:EB:31:4A:61:7A:BF:F6:DC:93:DD:E5:4A:7D:71:31:07:01:D8:E2:4C:82:E5:85:20:F1:3C:C7:0C:3C
To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate.
On the master:
  puppet cert clean i-0000078a.eqiad.wmflabs
On the agent:
  rm -f /var/lib/puppet/ssl/certs/i-0000078a.eqiad.wmflabs.pem
  puppet agent -t

Exiting; failed to retrieve certificate and waitforcert is disabled

Its /etc/puppet/puppet.conf is:

#####################################################################
##### THIS FILE IS MANAGED BY PUPPET
#####  as template('base/puppet.conf.d/10-main.conf.erb')
######################################################################

[main]
logdir = /var/log/puppet
vardir = /var/lib/puppet
ssldir = /var/lib/puppet/ssl
rundir = /var/run/puppet
factpath = $vardir/lib/facter

[agent]
server = virt1000.wikimedia.org
certname = i-0000078a.eqiad.wmflabs
configtimeout = 960
usecacheonfailure = false
splay = true
prerun_command = /etc/puppet/etckeeper-commit-pre
postrun_command = /etc/puppet/etckeeper-commit-post
pluginsync = true
report = true
reports = statsd

Seems the puppet master (virt1000) doesn't know about i-0000078a.eqiad.wmflabs :(

Event Timeline

hashar claimed this task.
hashar raised the priority of this task from to Needs Triage.
hashar updated the task description. (Show Details)
hashar changed Security from none to None.
hashar updated the task description. (Show Details)
hashar added subscribers: hashar, Cloud-Services, Andrew and 3 others.

Manually cleaned the old cert and requested a new one and it's alright now, for this instance. let's see if this recurs.

Thanks, per our discussion lets close this and figure out later on when someone create another Precise instance. Might have been a transient issue.