root@deployment-webperf01:~# puppet agent -tv Warning: Unable to fetch my node definition, but the agent run will continue: Warning: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: deployment-puppetmaster03.deployment-prep.eqiad.wmflabs] Info: Retrieving pluginfacts Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: deployment-puppetmaster03.deployment-prep.eqiad.wmflabs] Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: deployment-puppetmaster03.deployment-prep.eqiad.wmflabs] Info: Retrieving plugin Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: deployment-puppetmaster03.deployment-prep.eqiad.wmflabs] Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve file metadata for puppet:///plugins: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: deployment-puppetmaster03.deployment-prep.eqiad.wmflabs] Info: Loading facts Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: deployment-puppetmaster03.deployment-prep.eqiad.wmflabs] Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run Error: Could not send report: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: deployment-puppetmaster03.deployment-prep.eqiad.wmflabs] root@deployment-webperf01:~# cd /var/lib/puppet; mv ssl ssl_old; rm /usr/local/share/ca-certificates/Puppet_Internal_CA.crt; sudo nano /usr/local/share/ca-certificates/Puppet_Internal_CA.crt; update-ca-certificates --fresh; puppet agent -tv Clearing symlinks in /etc/ssl/certs... done. Updating certificates in /etc/ssl/certs... 172 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d... done. Info: Creating a new SSL key for deployment-webperf01.deployment-prep.eqiad.wmflabs Info: Caching certificate for ca Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml Info: Creating a new SSL certificate request for deployment-webperf01.deployment-prep.eqiad.wmflabs Info: Certificate Request fingerprint (SHA256): 21:3F:9A:C1:6C:65:E4:8D:FB:DB:36:4C:40:9E:CE:EE:AD:9E:77:86:51:C0:9A:1F:03:AE:75:62:88:68:6C:2C Info: Caching certificate for ca Exiting; no certificate found and waitforcert is disabled #################### at this point you swap to the puppetmaster briefly: #root@deployment-puppetmaster03:/var/lib/git/operations/puppet# puppet cert sign deployment-webperf01.deployment-prep.eqiad.wmflabs #Signing Certificate Request for: # "deployment-webperf01.deployment-prep.eqiad.wmflabs" (SHA256) #21:3F:9A:C1:6C:65:E4:8D:FB:DB:36:4C:40:9E:CE:EE:AD:9E:77:86:51:C0:9A:1F:03:AE:75:62:88:68:6C:2C #Notice: Signed certificate request for deployment-webperf01.deployment-prep.eqiad.wmflabs #Notice: Removing file Puppet::SSL::CertificateRequest deployment-webperf01.deployment-prep.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/deployment-webperf01.deployment-prep.eqiad.wmflabs.pem' #################### root@deployment-webperf01:/var/lib/puppet# puppet agent -tv Info: Caching certificate for deployment-webperf01.deployment-prep.eqiad.wmflabs Info: Caching certificate_revocation_list for ca Info: Caching certificate for deployment-webperf01.deployment-prep.eqiad.wmflabs Info: Using configured environment 'production' Info: Retrieving pluginfacts Info: Retrieving plugin Notice: /File[/var/lib/puppet/lib/facter/net_driver.rb]/content: --- /var/lib/puppet/lib/facter/net_driver.rb 2018-05-22 17:03:07.846650000 +0000 +++ /tmp/puppet-file20180527-16295-ay19ll 2018-05-27 19:55:53.785272969 +0000 @@ -7,6 +7,10 @@ # when using certain classes of network hardware. The driver name is a common # case used to differentiate this, e.g. currently some optimizations we've only # factored out to work correctly on 'bnx2x' -driven cards. +# The interface speed and duplex are also reported. +# +# The returned fact is a hash of hashes of the form: +# {"eth0"=>{"driver"=>"bnx2x", "speed"=>10000, "duplex"=>"full"}} require 'facter' require 'pathname' @@ -14,13 +18,37 @@ Facter.add('net_driver') do setcode do net_d = {} + Pathname.glob('/sys/class/net/*').sort.each do |d| dev = d.to_s.split('/')[4] driver_link = "#{d}/device/driver/module" - if File.exist?(driver_link) - net_d[dev] = File.basename(File.readlink(driver_link)) + next unless File.exist?(driver_link) + + # Setting the default values as the same reported by the Kernel when + # the files are readable but the value is unknown. + net_d[dev] = {'speed' => -1, 'duplex' => 'unknown'} + net_d[dev]['driver'] = File.basename(File.readlink(driver_link)) + + state_file = "#{d}/operstate" + next unless File.exist?(state_file) + + # Speed and duplex are readable only on certain iface states + # and if ethtool get_settings method is implemented (mostly Ethernet). + # See: https://www.kernel.org/doc/Documentation/ABI/testing/sysfs-class-net + state = File.read(state_file).strip + next unless ['lowerlayerdown', 'testing', 'dormant', 'up'].include?(state) + + speed_file = "#{d}/speed" + if File.exist?(speed_file) + net_d[dev]['speed'] = File.read(speed_file).to_i + end + + duplex_file = "#{d}/duplex" + if File.exist?(duplex_file) + net_d[dev]['duplex'] = File.read(duplex_file).strip end end + net_d end end Notice: /File[/var/lib/puppet/lib/facter/net_driver.rb]/content: content changed '{md5}e31734704cc6d0b27055d77f061aa19a' to '{md5}2190142df4df64b23bb8aa910d7a7938' Notice: /File[/var/lib/puppet/lib/puppet/provider/scap_source/default.rb]/content: --- /var/lib/puppet/lib/puppet/provider/scap_source/default.rb 2018-05-22 17:03:17.522650000 +0000 +++ /tmp/puppet-file20180527-16295-1x0kdxh 2018-05-27 19:55:54.057275567 +0000 @@ -81,13 +81,18 @@ def checkout(name, path) umask = 0o002 file_mode = 0o2775 + unless Dir.exists?(path) FileUtils.makedirs path, :mode => file_mode FileUtils.chown_R resource[:owner], resource[:group], path end + pwd = Etc.getpwnam(resource[:owner]) + pwg = Etc.getgrnam(resource[:group]) + uid = pwd.uid - gid = pwd.gid + gid = pwg.gid + Puppet::Util.withumask( umask) { Puppet::Util::Execution.execute( Notice: /File[/var/lib/puppet/lib/puppet/provider/scap_source/default.rb]/content: content changed '{md5}cb3875bb2326da8aebacdbb6a50366ef' to '{md5}7dd412c58b5339885edbcab1e7990954' Info: Loading facts Info: Caching catalog for deployment-webperf01.deployment-prep.eqiad.wmflabs Notice: /Stage[main]/Base::Environment/Tidy[/var/tmp/core]: Tidying 0 files Info: Applying configuration version '1527450957' Notice: /Stage[main]/Base::Standard_packages/Package[atop]/ensure: purged Notice: /Stage[main]/Exim4/File[/etc/exim4/update-exim4.conf.conf]/content: --- /etc/exim4/update-exim4.conf.conf 2018-05-23 06:24:51.584641170 +0000 +++ /tmp/puppet-file20180527-16295-12u43hq 2018-05-27 19:56:08.417412731 +0000 @@ -1,13 +1 @@ -dc_eximconfig_configtype='none' -dc_other_hostnames='' -dc_local_interfaces='' -dc_readhost='' -dc_relay_domains='' -dc_minimaldns='false' -dc_relay_nets='' -dc_smarthost='' -CFILEMODE='644' -dc_use_split_config='false' -dc_hide_mailname='' -dc_mailname_in_oh='true' -dc_localdelivery='mail_spool' +dc_eximconfig_configtype=none Info: Computing checksum on file /etc/exim4/update-exim4.conf.conf Info: /Stage[main]/Exim4/File[/etc/exim4/update-exim4.conf.conf]: Filebucketed /etc/exim4/update-exim4.conf.conf to puppet with sum 0b2df9974d276b66962859bad6ff058a Notice: /Stage[main]/Exim4/File[/etc/exim4/update-exim4.conf.conf]/content: Notice: /Stage[main]/Exim4/File[/etc/exim4/update-exim4.conf.conf]/content: content changed '{md5}0b2df9974d276b66962859bad6ff058a' to '{md5}68de96ad8b553bc720f9755e936c57ef' Notice: /Stage[main]/Exim4/File[/etc/exim4/update-exim4.conf.conf]/mode: mode changed '0644' to '0444' Notice: /Stage[main]/Profile::Base::Certificates/Sslcert::Ca[Puppet_Internal_CA]/File[/usr/local/share/ca-certificates/Puppet_Internal_CA.crt]/group: group changed 'staff' to 'root' Notice: /Stage[main]/Profile::Base::Certificates/Sslcert::Ca[Puppet_Internal_CA]/File[/usr/local/share/ca-certificates/Puppet_Internal_CA.crt]/mode: mode changed '0644' to '0444' Info: /Stage[main]/Profile::Base::Certificates/Sslcert::Ca[Puppet_Internal_CA]/File[/usr/local/share/ca-certificates/Puppet_Internal_CA.crt]: Scheduling refresh of Exec[update-ca-certificates] Info: /Stage[main]/Profile::Base::Certificates/Sslcert::Ca[Puppet_Internal_CA]/File[/usr/local/share/ca-certificates/Puppet_Internal_CA.crt]: Scheduling refresh of Exec[update-ca-certificates] Notice: /Stage[main]/Sslcert/Exec[update-ca-certificates]: Triggered 'refresh' from 2 events Notice: /Stage[main]/Sysctl/File[/etc/sysctl.d/99-sysctl.conf]/ensure: removed Notice: Applied catalog in 7.61 seconds root@deployment-webperf01:/var/lib/puppet# puppet agent -tv Info: Using configured environment 'production' Info: Retrieving pluginfacts Info: Retrieving plugin Info: Loading facts Info: Caching catalog for deployment-webperf01.deployment-prep.eqiad.wmflabs Notice: /Stage[main]/Base::Environment/Tidy[/var/tmp/core]: Tidying 0 files Info: Applying configuration version '1527451073' Notice: Applied catalog in 5.14 seconds