Hi, I have a couple of FreeBSD-servers that I try to manage using puppet. I''m just trying it out at the moment and have just deployed 5 new boxes (from PXE and scripted installation so supposedly they are all identical except for the name and ip-addresses). On two of the servers I get the error-messages at the bottom of the post. The first error- message I get every time I run puppet on the affected hosts. In my troubleshooting I''ve tried to regenerate the certificates (by renaming the "ssl"-directory) on both the clients and the server. When I did it on the server, then the first client that accessed the server got the second error-message. The clients are all FreeBSD 8.1 and Puppet 2.6.1 The server is Debian 5.05 and Puppet 2.6.0 Any thoughts? Rgds, Freddie ------------------------------------------------------------------ notice: Starting Puppet client version 2.6.1 debug: Finishing transaction 17215493860 debug: Using cached certificate for ca debug: Using cached certificate for test-db01 debug: OpenSSL: Error(9): certificate is not yet valid debug: OpenSSL: Cert: /CN=deploy01 /usr/local/lib/ruby/site_ruby/1.8/puppet/network/http_pool.rb:68: [BUG] Bus Error ruby 1.8.7 (2009-12-24 patchlevel 248) [amd64-freebsd8] Abort (core dumped) ------------------------------------------------------------------ notice: Starting Puppet client version 2.6.1 debug: Finishing transaction 17215700640 debug: Using cached certificate for ca debug: Using cached certificate for test-db01 debug: OpenSSL: Error(9): certificate is not yet valid debug: OpenSSL: Cert: /CN=deploy01 /usr/local/lib/ruby/site_ruby/1.8/puppet/network/http_pool.rb:68: [BUG] Segmentation fault ruby 1.8.7 (2009-12-24 patchlevel 248) [amd64-freebsd8] Abort ------------------------------------------------------------------ -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Additional information: I have auto-sign turned on and the certificates are signed (at lease they show up in "puppet cert --list --all"). /Freddie On Sep 21, 4:19 pm, FreddieB <freddie.bra...@gmail.com> wrote:> Hi, > I have a couple of FreeBSD-servers that I try to manage using puppet. > I''m just trying it out at the moment and have just deployed 5 new > boxes (from PXE and scripted installation so supposedly they are all > identical except for the name and ip-addresses). On two of the servers > I get the error-messages at the bottom of the post. The first error- > message I get every time I run puppet on the affected hosts. In my > troubleshooting I''ve tried to regenerate the certificates (by renaming > the "ssl"-directory) on both the clients and the server. When I did it > on the server, then the first client that accessed the server got the > second error-message. > > The clients are all FreeBSD 8.1 and Puppet 2.6.1 > The server is Debian 5.05 and Puppet 2.6.0 > > Any thoughts? > > Rgds, > Freddie > > ------------------------------------------------------------------ > notice: Starting Puppet client version 2.6.1 > debug: Finishing transaction 17215493860 > debug: Using cached certificate for ca > debug: Using cached certificate for test-db01 > debug: OpenSSL: Error(9): certificate is not yet valid > debug: OpenSSL: Cert: /CN=deploy01 > /usr/local/lib/ruby/site_ruby/1.8/puppet/network/http_pool.rb:68: > [BUG] Bus Error > ruby 1.8.7 (2009-12-24 patchlevel 248) [amd64-freebsd8] > > Abort (core dumped) > ------------------------------------------------------------------ > notice: Starting Puppet client version 2.6.1 > debug: Finishing transaction 17215700640 > debug: Using cached certificate for ca > debug: Using cached certificate for test-db01 > debug: OpenSSL: Error(9): certificate is not yet valid > debug: OpenSSL: Cert: /CN=deploy01 > /usr/local/lib/ruby/site_ruby/1.8/puppet/network/http_pool.rb:68: > [BUG] Segmentation fault > ruby 1.8.7 (2009-12-24 patchlevel 248) [amd64-freebsd8] > > Abort > -------------------------------------------------------------------- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Jeff McCune
2010-Sep-21 16:55 UTC
Re: [Puppet Users] Re: FreeBSD Puppet 2.6.1 odd core-dump
On Tue, Sep 21, 2010 at 7:35 AM, FreddieB <freddie.brandt@gmail.com> wrote: [snip[>> debug: OpenSSL: Error(9): certificate is not yet valid >> debug: OpenSSL: Cert: /CN=deploy01 >> /usr/local/lib/ruby/site_ruby/1.8/puppet/network/http_pool.rb:68: >> [BUG] Bus Error >> ruby 1.8.7 (2009-12-24 patchlevel 248) [amd64-freebsd8]I see two possible problem. "certificate is not yet valid" usually indicates the agent''s clock is out of sync with the master''s clock. However, you''re also getting a segfault which is clearly a bug and should never happen. This segfault is happening on the agent and looks to be a bug in the ruby package you have. I''m not sure the exact solution off the top of my head, but I suspect other FreeBSD puppet users have run into this. I suggest searching the usual suspects; the puppet ticket tracker at http://projects.puppetlabs.com/projects/puppet/issues and google. Hope this helps, -- Jeff McCune http://www.puppetlabs.com/ -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Splendid! The time was off by months. Apparently FreeBSD''s ntpd doesn''t handle this to well (it just quits) so an initial "ntpdate -b" got it back on track, and after that both nptd and puppet works fine. I think this i a trap easy to fall in to, so I''ll make a suggestion to the developers to add a hint of this in the error-message it throws. It should be fairly easy to do (I say not nowing much about Ruby at all). As for the segfault, I will try to reproduce it and single it in before submitting any bugreport. Thanks Jeff. /Freddie On Sep 21, 6:55 pm, Jeff McCune <j...@puppetlabs.com> wrote:> On Tue, Sep 21, 2010 at 7:35 AM, FreddieB <freddie.bra...@gmail.com> wrote: > > [snip[ > > >> debug: OpenSSL: Error(9): certificate is not yet valid > >> debug: OpenSSL: Cert: /CN=deploy01 > >> /usr/local/lib/ruby/site_ruby/1.8/puppet/network/http_pool.rb:68: > >> [BUG] Bus Error > >> ruby 1.8.7 (2009-12-24 patchlevel 248) [amd64-freebsd8] > > I see two possible problem. "certificate is not yet valid" usually > indicates the agent''s clock is out of sync with the master''s clock. > > However, you''re also getting a segfault which is clearly a bug and > should never happen. This segfault is happening on the agent and > looks to be a bug in the ruby package you have. I''m not sure the > exact solution off the top of my head, but I suspect other FreeBSD > puppet users have run into this. I suggest searching the usual > suspects; the puppet ticket tracker athttp://projects.puppetlabs.com/projects/puppet/issuesand google. > > Hope this helps, > -- > Jeff McCunehttp://www.puppetlabs.com/-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Russell Jackson
2010-Sep-26 20:55 UTC
Re: [Puppet Users] Re: FreeBSD Puppet 2.6.1 odd core-dump
On 09/21/2010 12:47 PM, FreddieB wrote:> Splendid! > The time was off by months. Apparently FreeBSD''s ntpd doesn''t handle > this to well (it just quits) so an initial "ntpdate -b" got it back on > track, and after that both nptd and puppet works fine. >I''ve always set my machines to boot with ntpdate_enable="YES". -- Russell A. Jackson <raj@csub.edu> Network Analyst California State University, Bakersfield -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.