So we were going through all the systems and finding ones which had corked up due to bug #10418. As we enabled each one and brought them online, I found two systems which could not get a catalog from the system. Debug and trace got to evaluating the server certificate, and then called a timeout some 5 minutes later. It never got a catalog. I could delete the client certificate (in fact all of /var/lib/puppet) and clean the cert on the master, create a new cert and sign it. The certificate stuff worked fine, the client submitted the crs fine, the server signed it, the client got the certificate back --- but timed out before seeing the catalog again. The puppet master claimed it compiled the catalog in 1.8 seconds, but the client never saw it. There is no inconsistency here. The affected system was axax009, and 1-8 and 10 which are identical OS, software, same subnet, everything all work fine. In fact, two of those are on the same VMware host as axax009. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Jo Rhett
2011-Dec-02 19:42 UTC
[Puppet Users] Re: one system cannot get catalog from server
Okay, I''ve found 2 other systems in 2 different clusters with the exact same problem. Different numbers. One of them is in an identical cluster of 50 systems, and it''s the only one which won''t compile. On Dec 2, 2011, at 10:57 AM, Jo Rhett wrote:> So we were going through all the systems and finding ones which had corked up due to bug #10418. As we enabled each one and brought them online, I found two systems which could not get a catalog from the system. Debug and trace got to evaluating the server certificate, and then called a timeout some 5 minutes later. It never got a catalog. > > I could delete the client certificate (in fact all of /var/lib/puppet) and clean the cert on the master, create a new cert and sign it. The certificate stuff worked fine, the client submitted the crs fine, the server signed it, the client got the certificate back --- but timed out before seeing the catalog again. The puppet master never mentions compiling the catalog for that system. > > There is no inconsistency here. The affected system was axax009, and 1-8 and 10 which are identical OS, software, same subnet, everything all work fine. In fact, two of those are on the same VMware host as axax009. > > -- > Jo Rhett > Net Consonance : consonant endings by net philanthropy, open source and other randomness >-- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.