Naresh V
2011-Mar-02 15:47 UTC
[Puppet Users] err: Could not request certificate: Error 400 on SERVER: error too long
Hi, I recently upgraded my puppet master and clients from 2.6.2 to 2.6.4. Things were fine until today I tried introducing a new host to my master for the first time: client: [root@db-us1 ~]# rpm -qa puppet puppet-2.6.4-0.7.el5 [root@db-us1 ~]# puppetd -t -v warning: peer certificate won''t be verified in this SSL session warning: peer certificate won''t be verified in this SSL session err: Could not request certificate: Error 400 on SERVER: header too long Exiting; failed to retrieve certificate and waitforcert is disabled [root@db-us1 ~]# master: #-(0)> rpm -qa | grep puppet puppet-2.6.4-0.7.el5 puppet-server-2.6.4-0.7.el5 Mar 2 14:26:29 puppet puppet-master[21312]: header too long #-(0)> puppetca -l err: Could not call list: header too long How can I fix this? -Naresh V. P.S.: The RPMs are from tmz''s repo. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Naresh V
2011-Mar-03 05:18 UTC
[Puppet Users] Re: err: Could not request certificate: Error 400 on SERVER: error too long
Hi again, A couple of quick updates: - I upgraded my server and client to 2.6.6-rc1 (again from tmz''s repo) and the problem still persists. - I run the master behind nginx and via unicorn. Quick revert to WEBrick showed the same problem. -Naresh V. On 2 March 2011 21:17, Naresh V <nareshov@gmail.com> wrote:> Hi, > > I recently upgraded my puppet master and clients from 2.6.2 to 2.6.4. > Things were fine until today I tried introducing a new host to my > master for the first time: > > client: > > [root@db-us1 ~]# rpm -qa puppet > puppet-2.6.4-0.7.el5 > > > [root@db-us1 ~]# puppetd -t -v > warning: peer certificate won''t be verified in this SSL session > warning: peer certificate won''t be verified in this SSL session > err: Could not request certificate: Error 400 on SERVER: header too long > Exiting; failed to retrieve certificate and waitforcert is disabled > [root@db-us1 ~]# > > > master: > > #-(0)> rpm -qa | grep puppet > puppet-2.6.4-0.7.el5 > puppet-server-2.6.4-0.7.el5 > > Mar 2 14:26:29 puppet puppet-master[21312]: header too long > > #-(0)> puppetca -l > err: Could not call list: header too long > > > How can I fix this? > > > -Naresh V. > > P.S.: The RPMs are from tmz''s repo. >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Felix Frank
2011-Mar-09 09:37 UTC
Re: [Puppet Users] Re: err: Could not request certificate: Error 400 on SERVER: error too long
>> warning: peer certificate won''t be verified in this SSL session >> warning: peer certificate won''t be verified in this SSL session >> err: Could not request certificate: Error 400 on SERVER: header too long >> Exiting; failed to retrieve certificate and waitforcert is disabledThis last message seems to indicate that you should indeed specify --waitforcert 60 when running your client the first time. HTH, Felix -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Naresh V
2011-Mar-09 16:22 UTC
Re: [Puppet Users] Re: err: Could not request certificate: Error 400 on SERVER: error too long
On 9 March 2011 15:07, Felix Frank <felix.frank@alumni.tu-berlin.de> wrote:>>> warning: peer certificate won''t be verified in this SSL session >>> warning: peer certificate won''t be verified in this SSL session >>> err: Could not request certificate: Error 400 on SERVER: header too long >>> Exiting; failed to retrieve certificate and waitforcert is disabled > > This last message seems to indicate that you should indeed specify > --waitforcert 60 when running your client the first time. > > HTH, > FelixI''ve tried that. The problem turned out to be due to something else (and I couldn''t reproduce after isolating it) Something else = trying to run another instance of puppetmaster on the same machine (and same confdir / moduledir but different rundir). And for some reason the CSR for my new host ended up being 0 bytes. Removing that and re-requesting the cert worked. Sorry for the false alarm ^^ -Naresh V. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.