Puppet users - Nov 2010 - ERROR OpenSSL::SSL::SSLError: tlsv1 alert unknown ca

Puppet 0.25.3-2
>
> I accidentally removed puppet (didn''t notice that removing ruby
also
removes puppet, yes stupid).  And I re-installed.  All the files are the
same.  That includes classes and configuration.

However I can''t seem to get things working again.  here is what I done

removed /var/lib/puppet/ssl on puppetmaster and on all guests

re-installed puppet and older version of ruby

checked certificates, hostname, time.

I am still getting following errors:

Could not retrieve catalog from remote server: Could not intern from pson:
source did not contain any PSON!

and on puppetmaster:
ERROR OpenSSL::SSL::SSLError: tlsv1 alert unknown ca
        /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:44:in
`accept''
        /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:44:in
`listen''
        /usr/lib/ruby/1.8/webrick/server.rb:173:in `call''
        /usr/lib/ruby/1.8/webrick/server.rb:173:in `start_thread''
        /usr/lib/ruby/1.8/webrick/server.rb:162:in `start''
        /usr/lib/ruby/1.8/webrick/server.rb:162:in `start_thread''
        /usr/lib/ruby/1.8/webrick/server.rb:95:in `start''
        /usr/lib/ruby/1.8/webrick/server.rb:92:in `each''
        /usr/lib/ruby/1.8/webrick/server.rb:92:in `start''
        /usr/lib/ruby/1.8/webrick/server.rb:23:in `start''
        /usr/lib/ruby/1.8/webrick/server.rb:82:in `start''
        /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:42:in
`listen''
        /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in
`initialize''
        /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in
`new''
        /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in
`listen''
        /usr/lib/ruby/1.8/thread.rb:135:in `synchronize''
        /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:38:in
`listen''
        /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:131:in
`listen''
        /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:146:in
`start''
        /usr/lib/ruby/site_ruby/1.8/puppet/daemon.rb:128:in `start''

/usr/lib/ruby/site_ruby/1.8/puppet/application/puppetmasterd.rb:122:in
`main''
        /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in `send''
        /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in
`run_command''
        /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in `run''
        /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:306:in
`exit_on_fail''
        /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in `run''
        /usr/sbin/puppetmasterd:66

I am lost at the moment occasionally I am also getting following on client:

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Thu, Nov 11, 2010 at 4:56 PM, Marek Dohojda <chrobry@gmail.com> wrote:
> Puppet 0.25.3-2
>
>>
>> I accidentally removed puppet (didn''t notice that removing
ruby also
> removes puppet, yes stupid).  And I re-installed.  All the files are the
> same.  That includes classes and configuration.
>
> However I can''t seem to get things working again.  here is what I
done
>
> removed /var/lib/puppet/ssl on puppetmaster and on all guests
>
Does /var/lib/puppet/ssl/ca exist?  If not, restart the puppetmaster.  A new
CA should be created.

-- 
Teyo Tyree ::  www.puppetlabs.com:: +1.503.208.4475

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

new SSL has been created I confirmed it and tested it.


From: Teyo Tyree 
Sent: Thursday, November 11, 2010 9:09 PM
To: puppet-users@googlegroups.com 
Subject: Re: [Puppet Users] ERROR OpenSSL::SSL::SSLError: tlsv1 alert unknown ca


On Thu, Nov 11, 2010 at 4:56 PM, Marek Dohojda <chrobry@gmail.com> wrote:

  Puppet 0.25.3-2



  I accidentally removed puppet (didn''t notice that removing ruby also
removes puppet, yes stupid).  And I re-installed.  All the files are the same. 
That includes classes and configuration.

  However I can''t seem to get things working again.  here is what I
done

  removed /var/lib/puppet/ssl on puppetmaster and on all guests



Does /var/lib/puppet/ssl/ca exist?  If not, restart the puppetmaster.  A new CA
should be created.

-- 
Teyo Tyree ::  www.puppetlabs.com:: +1.503.208.4475


-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

further research on this:
I think the issue is with the certificates.  Although I have no idea what.
I removed /var/lib/puppet/ssl directory and recreated it.  When a client
tries to get catalog I get the following error:
[2010-11-13 19:31:22] ERROR OpenSSL::SSL::SSLError: tlsv1 alert unknown ca
        /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:44:in
`accept''
        /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:44:in
`listen''
        /usr/lib/ruby/1.8/webrick/server.rb:173:in `call''
        /usr/lib/ruby/1.8/webrick/server.rb:173:in `start_thread''
        /usr/lib/ruby/1.8/webrick/server.rb:162:in `start''
        /usr/lib/ruby/1.8/webrick/server.rb:162:in `start_thread''
        /usr/lib/ruby/1.8/webrick/server.rb:95:in `start''
        /usr/lib/ruby/1.8/webrick/server.rb:92:in `each''
        /usr/lib/ruby/1.8/webrick/server.rb:92:in `start''
        /usr/lib/ruby/1.8/webrick/server.rb:23:in `start''
        /usr/lib/ruby/1.8/webrick/server.rb:82:in `start''
        /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:42:in
`listen''
        /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in
`initialize''
        /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in
`new''
        /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in
`listen''
        /usr/lib/ruby/1.8/thread.rb:135:in `synchronize''
        /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:38:in
`listen''
        /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:131:in
`listen''
        /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:146:in
`start''
        /usr/lib/ruby/site_ruby/1.8/puppet/daemon.rb:128:in `start''

/usr/lib/ruby/site_ruby/1.8/puppet/application/puppetmasterd.rb:122:in
`main''
        /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in `send''
        /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in
`run_command''
        /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in `run''
        /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:306:in
`exit_on_fail''
        /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in `run''
        /usr/sbin/puppetmasterd:66


I am hitting my head against the wall.  I have no clue what I am missing.  I
removed everything, and recreated everything from scratch and still
nothing.

On Thu, Nov 11, 2010 at 9:21 PM, Marek Dohojda <chrobry@gmail.com> wrote:
>  new SSL has been created I confirmed it and tested it.
>
>  *From:* Teyo Tyree <teyo@puppetlabs.com>
> *Sent:* Thursday, November 11, 2010 9:09 PM
> *To:* puppet-users@googlegroups.com
> *Subject:* Re: [Puppet Users] ERROR OpenSSL::SSL::SSLError: tlsv1 alert
> unknown ca
>
> On Thu, Nov 11, 2010 at 4:56 PM, Marek Dohojda <chrobry@gmail.com>
wrote:
>
>> Puppet 0.25.3-2
>>
>>>
>>> I accidentally removed puppet (didn''t notice that removing
ruby also
>> removes puppet, yes stupid).  And I re-installed.  All the files are
the
>> same.  That includes classes and configuration.
>>
>> However I can''t seem to get things working again.  here is
what I done
>>
>> removed /var/lib/puppet/ssl on puppetmaster and on all guests
>>
>
> Does /var/lib/puppet/ssl/ca exist?  If not, restart the puppetmaster.  A
> new CA should be created.
>
> --
> Teyo Tyree ::  www.puppetlabs.com:: +1.503.208.4475
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
>
puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com>
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Nov 13, 2010, at 4:48 PM, Marek Dohojda wrote:
> further research on this:
> I think the issue is with the certificates.  Although I have no idea what. 
I removed /var/lib/puppet/ssl directory and recreated it.  When a client tries
to get catalog I get the following error:
> [2010-11-13 19:31:22] ERROR OpenSSL::SSL::SSLError: tlsv1 alert unknown ca
>         /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:44:in
`accept''
>         /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:44:in
`listen''
>         /usr/lib/ruby/1.8/webrick/server.rb:173:in `call''
>         /usr/lib/ruby/1.8/webrick/server.rb:173:in `start_thread''
>         /usr/lib/ruby/1.8/webrick/server.rb:162:in `start''
>         /usr/lib/ruby/1.8/webrick/server.rb:162:in `start_thread''
>         /usr/lib/ruby/1.8/webrick/server.rb:95:in `start''
>         /usr/lib/ruby/1.8/webrick/server.rb:92:in `each''
>         /usr/lib/ruby/1.8/webrick/server.rb:92:in `start''
>         /usr/lib/ruby/1.8/webrick/server.rb:23:in `start''
>         /usr/lib/ruby/1.8/webrick/server.rb:82:in `start''
>         /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:42:in
`listen''
>         /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in
`initialize''
>         /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in
`new''
>         /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in
`listen''
>         /usr/lib/ruby/1.8/thread.rb:135:in `synchronize''
>         /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:38:in
`listen''
>         /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:131:in
`listen''
>         /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:146:in
`start''
>         /usr/lib/ruby/site_ruby/1.8/puppet/daemon.rb:128:in
`start''
>        
/usr/lib/ruby/site_ruby/1.8/puppet/application/puppetmasterd.rb:122:in
`main''
>         /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in
`send''
>         /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in
`run_command''
>         /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in
`run''
>         /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:306:in
`exit_on_fail''
>         /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in
`run''
>         /usr/sbin/puppetmasterd:66
> 
> 
> I am hitting my head against the wall.  I have no clue what I am missing. 
I removed everything, and recreated everything from scratch and still nothing.
It looks to me like you didn''t wipe the client''s directory. 
I''m guessing that the ca is still cached on the client at
/var/lib/puppet/ssl/ca.pem (I think that''s the right place)
> On Thu, Nov 11, 2010 at 9:21 PM, Marek Dohojda <chrobry@gmail.com>
wrote:
> new SSL has been created I confirmed it and tested it.
> 
> From: Teyo Tyree
> Sent: Thursday, November 11, 2010 9:09 PM
> To: puppet-users@googlegroups.com
> Subject: Re: [Puppet Users] ERROR OpenSSL::SSL::SSLError: tlsv1 alert
unknown ca
> 
> On Thu, Nov 11, 2010 at 4:56 PM, Marek Dohojda <chrobry@gmail.com>
wrote:
> Puppet 0.25.3-2
> 
> I accidentally removed puppet (didn''t notice that removing ruby
also removes puppet, yes stupid).  And I re-installed.  All the files are the
same.  That includes classes and configuration.
> 
> However I can''t seem to get things working again.  here is what I
done
> 
> removed /var/lib/puppet/ssl on puppetmaster and on all guests
> 
> Does /var/lib/puppet/ssl/ca exist?  If not, restart the puppetmaster.  A
new CA should be created.
> 
> -- 
> Teyo Tyree ::  www.puppetlabs.com:: +1.503.208.4475
> 
> -- 
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Drat! you are right of course, I did remove the ssl from the client I am testing
but I forgot about all the other hosts which of course can''t verify the
certificate.  D''OH I been working on this far too long.  Ok so this
takes care of this issue, I am back to the:

"Could not intern from pson: source did not contain any PSON!"

Any ideas on what that means? Google isn''t being helpful for once.  




From: Patrick 
Sent: Saturday, November 13, 2010 6:31 PM
To: puppet-users@googlegroups.com 
Subject: Re: [Puppet Users] ERROR OpenSSL::SSL::SSLError: tlsv1 alert unknown ca




On Nov 13, 2010, at 4:48 PM, Marek Dohojda wrote:


  further research on this:
  I think the issue is with the certificates.  Although I have no idea what.  I
removed /var/lib/puppet/ssl directory and recreated it.  When a client tries to
get catalog I get the following error:
  [2010-11-13 19:31:22] ERROR OpenSSL::SSL::SSLError: tlsv1 alert unknown ca
          /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:44:in
`accept''
          /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:44:in
`listen''
          /usr/lib/ruby/1.8/webrick/server.rb:173:in `call''
          /usr/lib/ruby/1.8/webrick/server.rb:173:in `start_thread''
          /usr/lib/ruby/1.8/webrick/server.rb:162:in `start''
          /usr/lib/ruby/1.8/webrick/server.rb:162:in `start_thread''
          /usr/lib/ruby/1.8/webrick/server.rb:95:in `start''
          /usr/lib/ruby/1.8/webrick/server.rb:92:in `each''
          /usr/lib/ruby/1.8/webrick/server.rb:92:in `start''
          /usr/lib/ruby/1.8/webrick/server.rb:23:in `start''
          /usr/lib/ruby/1.8/webrick/server.rb:82:in `start''
          /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:42:in
`listen''
          /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in
`initialize''
          /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in
`new''
          /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in
`listen''
          /usr/lib/ruby/1.8/thread.rb:135:in `synchronize''
          /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:38:in
`listen''
          /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:131:in
`listen''
          /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:146:in
`start''
          /usr/lib/ruby/site_ruby/1.8/puppet/daemon.rb:128:in `start''
          /usr/lib/ruby/site_ruby/1.8/puppet/application/puppetmasterd.rb:122:in
`main''
          /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in
`send''
          /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in
`run_command''
          /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in
`run''
          /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:306:in
`exit_on_fail''
          /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in
`run''
          /usr/sbin/puppetmasterd:66


  I am hitting my head against the wall.  I have no clue what I am missing.  I
removed everything, and recreated everything from scratch and still nothing.



It looks to me like you didn''t wipe the client''s directory. 
I''m guessing that the ca is still cached on the client at
/var/lib/puppet/ssl/ca.pem (I think that''s the right place)


  On Thu, Nov 11, 2010 at 9:21 PM, Marek Dohojda <chrobry@gmail.com>
wrote:

    new SSL has been created I confirmed it and tested it.


    From: Teyo Tyree 
    Sent: Thursday, November 11, 2010 9:09 PM
    To: puppet-users@googlegroups.com 
    Subject: Re: [Puppet Users] ERROR OpenSSL::SSL::SSLError: tlsv1 alert
unknown ca


    On Thu, Nov 11, 2010 at 4:56 PM, Marek Dohojda <chrobry@gmail.com>
wrote:

      Puppet 0.25.3-2



      I accidentally removed puppet (didn''t notice that removing ruby
also removes puppet, yes stupid).  And I re-installed.  All the files are the
same.  That includes classes and configuration.

      However I can''t seem to get things working again.  here is what I
done

      removed /var/lib/puppet/ssl on puppetmaster and on all guests



    Does /var/lib/puppet/ssl/ca exist?  If not, restart the puppetmaster.  A new
CA should be created.

    -- 
    Teyo Tyree ::  www.puppetlabs.com:: +1.503.208.4475



    -- 
    You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.





  -- 
  You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
  To post to this group, send email to puppet-users@googlegroups.com.
  To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
  For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.




-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

OK I figured this out.  The issue appeared to be with one of the classes. 
Somehow there was a bad character.  What is amazing is that all I did is open it
and close it, so ahm yeah no clue how that fixed things, but it did.






From: Patrick 
Sent: Saturday, November 13, 2010 6:31 PM
To: puppet-users@googlegroups.com 
Subject: Re: [Puppet Users] ERROR OpenSSL::SSL::SSLError: tlsv1 alert unknown ca




On Nov 13, 2010, at 4:48 PM, Marek Dohojda wrote:


  further research on this:
  I think the issue is with the certificates.  Although I have no idea what.  I
removed /var/lib/puppet/ssl directory and recreated it.  When a client tries to
get catalog I get the following error:
  [2010-11-13 19:31:22] ERROR OpenSSL::SSL::SSLError: tlsv1 alert unknown ca
          /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:44:in
`accept''
          /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:44:in
`listen''
          /usr/lib/ruby/1.8/webrick/server.rb:173:in `call''
          /usr/lib/ruby/1.8/webrick/server.rb:173:in `start_thread''
          /usr/lib/ruby/1.8/webrick/server.rb:162:in `start''
          /usr/lib/ruby/1.8/webrick/server.rb:162:in `start_thread''
          /usr/lib/ruby/1.8/webrick/server.rb:95:in `start''
          /usr/lib/ruby/1.8/webrick/server.rb:92:in `each''
          /usr/lib/ruby/1.8/webrick/server.rb:92:in `start''
          /usr/lib/ruby/1.8/webrick/server.rb:23:in `start''
          /usr/lib/ruby/1.8/webrick/server.rb:82:in `start''
          /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:42:in
`listen''
          /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in
`initialize''
          /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in
`new''
          /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in
`listen''
          /usr/lib/ruby/1.8/thread.rb:135:in `synchronize''
          /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:38:in
`listen''
          /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:131:in
`listen''
          /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:146:in
`start''
          /usr/lib/ruby/site_ruby/1.8/puppet/daemon.rb:128:in `start''
          /usr/lib/ruby/site_ruby/1.8/puppet/application/puppetmasterd.rb:122:in
`main''
          /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in
`send''
          /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in
`run_command''
          /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in
`run''
          /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:306:in
`exit_on_fail''
          /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in
`run''
          /usr/sbin/puppetmasterd:66


  I am hitting my head against the wall.  I have no clue what I am missing.  I
removed everything, and recreated everything from scratch and still nothing.



It looks to me like you didn''t wipe the client''s directory. 
I''m guessing that the ca is still cached on the client at
/var/lib/puppet/ssl/ca.pem (I think that''s the right place)


  On Thu, Nov 11, 2010 at 9:21 PM, Marek Dohojda <chrobry@gmail.com>
wrote:

    new SSL has been created I confirmed it and tested it.


    From: Teyo Tyree 
    Sent: Thursday, November 11, 2010 9:09 PM
    To: puppet-users@googlegroups.com 
    Subject: Re: [Puppet Users] ERROR OpenSSL::SSL::SSLError: tlsv1 alert
unknown ca


    On Thu, Nov 11, 2010 at 4:56 PM, Marek Dohojda <chrobry@gmail.com>
wrote:

      Puppet 0.25.3-2



      I accidentally removed puppet (didn''t notice that removing ruby
also removes puppet, yes stupid).  And I re-installed.  All the files are the
same.  That includes classes and configuration.

      However I can''t seem to get things working again.  here is what I
done

      removed /var/lib/puppet/ssl on puppetmaster and on all guests



    Does /var/lib/puppet/ssl/ca exist?  If not, restart the puppetmaster.  A new
CA should be created.

    -- 
    Teyo Tyree ::  www.puppetlabs.com:: +1.503.208.4475



    -- 
    You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.





  -- 
  You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
  To post to this group, send email to puppet-users@googlegroups.com.
  To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
  For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.




-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Hi Marek,

I do have this same issue on one of my test clients.

Nov 19 11:43:52 *****  puppet-agent[15088]: Could not retrieve catalog from
remote server: Could not intern from pson: source did not contain any PSON!

Can you point out where you found your ''bad character'' and
what it was.

I recently upgraded my test environment from 2.6.1  to 2.6.3 installed from
gems.

Client

CentOS release 5.2 (Final)
ruby 1.8.5 (2006-08-25) [x86_64-linux]
Puppet: 2.6.3
Gem: 1.3.1

Martin


2010/11/14 Marek Dohojda <chrobry@gmail.com>
>  OK I figured this out.  The issue appeared to be with one of the
> classes.  Somehow there was a bad character.  What is amazing is that all I
> did is open it and close it, so ahm yeah no clue how that fixed things, but
> it did.
>
>
>
>
>
>  *From:* Patrick <kc7zzv@gmail.com>
> *Sent:* Saturday, November 13, 2010 6:31 PM
> *To:* puppet-users@googlegroups.com
> *Subject:* Re: [Puppet Users] ERROR OpenSSL::SSL::SSLError: tlsv1 alert
> unknown ca
>
>
>  On Nov 13, 2010, at 4:48 PM, Marek Dohojda wrote:
>
> further research on this:
> I think the issue is with the certificates.  Although I have no idea what.
> I removed /var/lib/puppet/ssl directory and recreated it.  When a client
> tries to get catalog I get the following error:
> [2010-11-13 19:31:22] ERROR OpenSSL::SSL::SSLError: tlsv1 alert unknown ca
>         /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:44:in
> `accept''
>         /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:44:in
> `listen''
>         /usr/lib/ruby/1.8/webrick/server.rb:173:in `call''
>         /usr/lib/ruby/1.8/webrick/server.rb:173:in `start_thread''
>         /usr/lib/ruby/1.8/webrick/server.rb:162:in `start''
>         /usr/lib/ruby/1.8/webrick/server.rb:162:in `start_thread''
>         /usr/lib/ruby/1.8/webrick/server.rb:95:in `start''
>         /usr/lib/ruby/1.8/webrick/server.rb:92:in `each''
>         /usr/lib/ruby/1.8/webrick/server.rb:92:in `start''
>         /usr/lib/ruby/1.8/webrick/server.rb:23:in `start''
>         /usr/lib/ruby/1.8/webrick/server.rb:82:in `start''
>         /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:42:in
> `listen''
>         /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in
> `initialize''
>         /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in
> `new''
>         /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in
> `listen''
>         /usr/lib/ruby/1.8/thread.rb:135:in `synchronize''
>         /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:38:in
> `listen''
>         /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:131:in
> `listen''
>         /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:146:in
`start''
>         /usr/lib/ruby/site_ruby/1.8/puppet/daemon.rb:128:in
`start''
>
> /usr/lib/ruby/site_ruby/1.8/puppet/application/puppetmasterd.rb:122:in
> `main''
>         /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in
`send''
>         /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in
> `run_command''
>         /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in
`run''
>         /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:306:in
> `exit_on_fail''
>         /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in
`run''
>         /usr/sbin/puppetmasterd:66
>
>
> I am hitting my head against the wall.  I have no clue what I am missing.
> I removed everything, and recreated everything from scratch and still
> nothing.
>
>
> It looks to me like you didn''t wipe the client''s
directory.  I''m guessing
> that the ca is still cached on the client at /var/lib/puppet/ssl/ca.pem (I
> think that''s the right place)
>
>  On Thu, Nov 11, 2010 at 9:21 PM, Marek Dohojda <chrobry@gmail.com>
wrote:
>
>>  new SSL has been created I confirmed it and tested it.
>>
>>  *From:* Teyo Tyree <teyo@puppetlabs.com>
>> *Sent:* Thursday, November 11, 2010 9:09 PM
>> *To:* puppet-users@googlegroups.com
>> *Subject:* Re: [Puppet Users] ERROR OpenSSL::SSL::SSLError: tlsv1 alert
>> unknown ca
>>
>> On Thu, Nov 11, 2010 at 4:56 PM, Marek Dohojda
<chrobry@gmail.com> wrote:
>>
>>> Puppet 0.25.3-2
>>>
>>>>
>>>> I accidentally removed puppet (didn''t notice that
removing ruby also
>>> removes puppet, yes stupid).  And I re-installed.  All the files
are the
>>> same.  That includes classes and configuration.
>>>
>>> However I can''t seem to get things working again.  here is
what I done
>>>
>>> removed /var/lib/puppet/ssl on puppetmaster and on all guests
>>>
>>
>> Does /var/lib/puppet/ssl/ca exist?  If not, restart the puppetmaster. 
A
>> new CA should be created.
>>
>> --
>> Teyo Tyree ::  www.puppetlabs.com:: +1.503.208.4475
>>
>> --
>> You received this message because you are subscribed to the Google
Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>>
puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com>
>> .
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
>
puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com>
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
>
puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com>
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.