Hello, When I run puppet cert –l –all on my puppetca, I got an error message: "err: Could not call list: header too long" I googled the issue and found links about 0 byte file under /var/lib/puppet/ssl/ca/requests directory. I checked and it is empty, I have no files at all. Does anybody have an idea about this issue, please? Thanks, -Stephane -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Thu, Sep 8, 2011 at 4:43 PM, Stephane Rossan <srossan@netflix.com> wrote:> When I run puppet cert –l –all on my puppetca, I got an error message: > "err: Could not call list: header too long" > I googled the issue and found links about 0 byte file under > /var/lib/puppet/ssl/ca/requests directory. > I checked and it is empty, I have no files at all. > > Does anybody have an idea about this issue, please? >Not sure but a few suggestions to try, could you share an output with --debug enabled? Do you have the certificate CRL? is the entries valid? If you run puppet cert --print --all does it hang on a specific certificate? Thanks, Nan -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
I just did a puppet cert –d, it doesn''t work. So, I did a puppet cert –d –l: [root@puppetca ~]# puppet cert -l -d debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does not exist debug: Puppet::Type::User::ProviderUser_role_add: file roledel does not exist debug: Puppet::Type::User::ProviderLdap: true value when expecting false debug: Puppet::Type::User::ProviderPw: file pw does not exist debug: Puppet::Type::File::ProviderMicrosoft_windows: feature microsoft_windows is missing debug: /File[/etc/puppet/namespaceauth.conf]: Autorequiring File[/etc/puppet] debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/ca/netflix-puppet-master-root-ca-key.pem]: Autorequiring File[/var/lib/puppet/ssl/ca] debug: /File[/var/lib/puppet/ssl/certs/puppetca.dc1.prod.netflix.com.pem]: Autorequiring File[/var/lib/puppet/ssl/certs] debug: /File[/var/lib/puppet/ssl/ca/serial]: Autorequiring File[/var/lib/puppet/ssl/ca] debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/ca]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/ca/requests]: Autorequiring File[/var/lib/puppet/ssl/ca] debug: /File[/var/lib/puppet/ssl/public_keys/puppetca.dc1.prod.netflix.com.pem]: Autorequiring File[/var/lib/puppet/ssl/public_keys] debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/ca/netflix-puppet-master-root-ca-ca.pem]: Autorequiring File[/var/lib/puppet/ssl/ca] debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/ca/private]: Autorequiring File[/var/lib/puppet/ssl/ca] debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/var/lib/puppet/ssl/certs] debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/ca/private/ca.pass]: Autorequiring File[/var/lib/puppet/ssl/ca/private] debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet] debug: /File[/var/log/puppet/http.log]: Autorequiring File[/var/log/puppet] debug: /File[/var/lib/puppet/ssl/ca/ca_crl.pem]: Autorequiring File[/var/lib/puppet/ssl/ca] debug: /File[/var/lib/puppet/ssl/ca/signed]: Autorequiring File[/var/lib/puppet/ssl/ca] debug: /File[/var/lib/puppet/ssl/ca/inventory.txt]: Autorequiring File[/var/lib/puppet/ssl/ca] debug: /File[/var/lib/puppet/ssl/private_keys/puppetca.dc1.prod.netflix.com.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys] debug: /File[/etc/puppet/autosign.conf]: Autorequiring File[/etc/puppet] debug: Finishing transaction 23900602235500 I don''t understand the question about certificate CRL. And when I try puppet cert —print –all, it fails: [root@puppetca ~]# puppet cert --all --printerr: Could not call print: header too long Any idea? Thanks, -Stephane From: Nan Liu <nan@puppetlabs.com<mailto:nan@puppetlabs.com>> Reply-To: "puppet-users@googlegroups.com<mailto:puppet-users@googlegroups.com>" <puppet-users@googlegroups.com<mailto:puppet-users@googlegroups.com>> Date: Thu, 8 Sep 2011 16:59:20 -0700 To: "puppet-users@googlegroups.com<mailto:puppet-users@googlegroups.com>" <puppet-users@googlegroups.com<mailto:puppet-users@googlegroups.com>> Subject: Re: [Puppet Users] Issue with puppet cert -l -all On Thu, Sep 8, 2011 at 4:43 PM, Stephane Rossan <srossan@netflix.com<mailto:srossan@netflix.com>> wrote: When I run puppet cert –l –all on my puppetca, I got an error message: "err: Could not call list: header too long" I googled the issue and found links about 0 byte file under /var/lib/puppet/ssl/ca/requests directory. I checked and it is empty, I have no files at all. Does anybody have an idea about this issue, please? Not sure but a few suggestions to try, could you share an output with --debug enabled? Do you have the certificate CRL? is the entries valid? If you run puppet cert --print --all does it hang on a specific certificate? Thanks, Nan -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com<mailto:puppet-users@googlegroups.com>. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com<mailto:puppet-users+unsubscribe@googlegroups.com>. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Fri, Sep 9, 2011 at 9:53 AM, Stephane Rossan <srossan@netflix.com> wrote:> > I just did a puppet cert –d, it doesn''t work. So, I did a puppet cert –d –l: > [root@puppetca ~]# puppet cert -l -d > debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does not exist > debug: Puppet::Type::User::ProviderUser_role_add: file roledel does not exist > debug: Puppet::Type::User::ProviderLdap: true value when expecting false > debug: Puppet::Type::User::ProviderPw: file pw does not exist > debug: Puppet::Type::File::ProviderMicrosoft_windows: feature microsoft_windows is missing > debug: /File[/etc/puppet/namespaceauth.conf]: Autorequiring File[/etc/puppet] > debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl] > debug: /File[/var/lib/puppet/ssl/ca/netflix-puppet-master-root-ca-key.pem]: Autorequiring File[/var/lib/puppet/ssl/ca] > debug: /File[/var/lib/puppet/ssl/certs/puppetca.dc1.prod.netflix.com.pem]: Autorequiring File[/var/lib/puppet/ssl/certs] > debug: /File[/var/lib/puppet/ssl/ca/serial]: Autorequiring File[/var/lib/puppet/ssl/ca] > debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/ssl] > debug: /File[/var/lib/puppet/ssl/ca]: Autorequiring File[/var/lib/puppet/ssl] > debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl] > debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] > debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring File[/var/lib/puppet/ssl] > debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl] > debug: /File[/var/lib/puppet/ssl/ca/requests]: Autorequiring File[/var/lib/puppet/ssl/ca] > debug: /File[/var/lib/puppet/ssl/public_keys/puppetca.dc1.prod.netflix.com.pem]: Autorequiring File[/var/lib/puppet/ssl/public_keys] > debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/ssl] > debug: /File[/var/lib/puppet/ssl/ca/netflix-puppet-master-root-ca-ca.pem]: Autorequiring File[/var/lib/puppet/ssl/ca] > debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet] > debug: /File[/var/lib/puppet/ssl/ca/private]: Autorequiring File[/var/lib/puppet/ssl/ca] > debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/var/lib/puppet/ssl/certs] > debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet] > debug: /File[/var/lib/puppet/ssl/ca/private/ca.pass]: Autorequiring File[/var/lib/puppet/ssl/ca/private] > debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet] > debug: /File[/var/log/puppet/http.log]: Autorequiring File[/var/log/puppet] > debug: /File[/var/lib/puppet/ssl/ca/ca_crl.pem]: Autorequiring File[/var/lib/puppet/ssl/ca] > debug: /File[/var/lib/puppet/ssl/ca/signed]: Autorequiring File[/var/lib/puppet/ssl/ca] > debug: /File[/var/lib/puppet/ssl/ca/inventory.txt]: Autorequiring File[/var/lib/puppet/ssl/ca] > debug: /File[/var/lib/puppet/ssl/private_keys/puppetca.dc1.prod.netflix.com.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys] > debug: /File[/etc/puppet/autosign.conf]: Autorequiring File[/etc/puppet] > debug: Finishing transaction 23900602235500Odd, there''s no error message in debug?> I don''t understand the question about certificate CRL.If you use openssl to examine the CRL, is anything revoked?> And when I try puppet cert —print –all, it fails: > [root@puppetca ~]# puppet cert --all --printerr: Could not call print: header too long > Any idea?Try printing a each certificate and see if a particular cert is giving that error: puppet cert --print ca puppet cert --print puppetca.dc1.prod.netflix.com.pem Thanks, Nan -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
It started to work again, and nobody knows why. Thanks for the help. -Stephane On 9/9/11 2:00 PM, "Nan Liu" <nan@puppetlabs.com> wrote:>On Fri, Sep 9, 2011 at 9:53 AM, Stephane Rossan <srossan@netflix.com> >wrote: >> >> I just did a puppet cert d, it doesn''t work. So, I did a puppet cert >>d l: >> [root@puppetca ~]# puppet cert -l -d >> debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl >>does not exist >> debug: Puppet::Type::User::ProviderUser_role_add: file roledel does not >>exist >> debug: Puppet::Type::User::ProviderLdap: true value when expecting false >> debug: Puppet::Type::User::ProviderPw: file pw does not exist >> debug: Puppet::Type::File::ProviderMicrosoft_windows: feature >>microsoft_windows is missing >> debug: /File[/etc/puppet/namespaceauth.conf]: Autorequiring >>File[/etc/puppet] >> debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring >>File[/var/lib/puppet/ssl] >> debug: >>/File[/var/lib/puppet/ssl/ca/netflix-puppet-master-root-ca-key.pem]: >>Autorequiring File[/var/lib/puppet/ssl/ca] >> debug: >>/File[/var/lib/puppet/ssl/certs/puppetca.dc1.prod.netflix.com.pem]: >>Autorequiring File[/var/lib/puppet/ssl/certs] >> debug: /File[/var/lib/puppet/ssl/ca/serial]: Autorequiring >>File[/var/lib/puppet/ssl/ca] >> debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring >>File[/var/lib/puppet/ssl] >> debug: /File[/var/lib/puppet/ssl/ca]: Autorequiring >>File[/var/lib/puppet/ssl] >> debug: /File[/var/lib/puppet/ssl/private]: Autorequiring >>File[/var/lib/puppet/ssl] >> debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] >> debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring >>File[/var/lib/puppet/ssl] >> debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring >>File[/var/lib/puppet/ssl] >> debug: /File[/var/lib/puppet/ssl/ca/requests]: Autorequiring >>File[/var/lib/puppet/ssl/ca] >> debug: >>/File[/var/lib/puppet/ssl/public_keys/puppetca.dc1.prod.netflix.com.pem]: >> Autorequiring File[/var/lib/puppet/ssl/public_keys] >> debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring >>File[/var/lib/puppet/ssl] >> debug: >>/File[/var/lib/puppet/ssl/ca/netflix-puppet-master-root-ca-ca.pem]: >>Autorequiring File[/var/lib/puppet/ssl/ca] >> debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet] >> debug: /File[/var/lib/puppet/ssl/ca/private]: Autorequiring >>File[/var/lib/puppet/ssl/ca] >> debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring >>File[/var/lib/puppet/ssl/certs] >> debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet] >> debug: /File[/var/lib/puppet/ssl/ca/private/ca.pass]: Autorequiring >>File[/var/lib/puppet/ssl/ca/private] >> debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet] >> debug: /File[/var/log/puppet/http.log]: Autorequiring >>File[/var/log/puppet] >> debug: /File[/var/lib/puppet/ssl/ca/ca_crl.pem]: Autorequiring >>File[/var/lib/puppet/ssl/ca] >> debug: /File[/var/lib/puppet/ssl/ca/signed]: Autorequiring >>File[/var/lib/puppet/ssl/ca] >> debug: /File[/var/lib/puppet/ssl/ca/inventory.txt]: Autorequiring >>File[/var/lib/puppet/ssl/ca] >> debug: >>/File[/var/lib/puppet/ssl/private_keys/puppetca.dc1.prod.netflix.com.pem] >>: Autorequiring File[/var/lib/puppet/ssl/private_keys] >> debug: /File[/etc/puppet/autosign.conf]: Autorequiring File[/etc/puppet] >> debug: Finishing transaction 23900602235500 > >Odd, there''s no error message in debug? > >> I don''t understand the question about certificate CRL. > >If you use openssl to examine the CRL, is anything revoked? > >> And when I try puppet cert ‹print all, it fails: >> [root@puppetca ~]# puppet cert --all --printerr: Could not call print: >>header too long >> Any idea? > >Try printing a each certificate and see if a particular cert is giving >that error: >puppet cert --print ca >puppet cert --print puppetca.dc1.prod.netflix.com.pem > >Thanks, > >Nan > >-- >You received this message because you are subscribed to the Google Groups >"Puppet Users" group. >To post to this group, send email to puppet-users@googlegroups.com. >To unsubscribe from this group, send email to >puppet-users+unsubscribe@googlegroups.com. >For more options, visit this group at >http://groups.google.com/group/puppet-users?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.