At the beginning of each run, the Puppet agent performs a health check to locate a functional Puppet Server to make API calls to. If this health check fails, the run fails with the following message:
Error: Could not run Puppet configuration client: Could not select a functional puppet master from server_list: 'localhost:8140'
|
In order to facilitate troubleshooting, the messages logged at error level should include some detail of what happened to the health check.
Reproduction Case
- Install Puppet 6 on CentOS 7:
yum install -y http://yum.puppetlabs.com/puppet6-release-el-6.noarch.rpm
|
yum install -y puppetserver
|
- Configure the agent to check in locally and bootstrap the Puppet Server CA:
source /etc/profile.d/puppet-agent.sh
|
|
puppet config set server $(hostname -f)
|
puppetserver ca setup
|
|
systemctl start puppetserver
|
- Provoke a health check failure by running the Puppet agent with the server url set to localhoost:
puppet agent -t --server_list=localhost:8140
|
Outcome
The error message is very terse and just states that a healthy server could not be found:
# puppet --version
|
6.18.0
|
|
# puppet agent -t --server_list=localhost:8140
|
Error: Could not run Puppet configuration client: Could not select a functional puppet master from server_list: 'localhost:8140'
|
Expected Outcome
Raising the log level to DEBUG reveals that the health check failed due to a SSL validation error. These details should be logged at ERROR level so that the root cause of connection failures is visible for post-mortem debugging:
# puppet agent -t --server_list=localhost:8140 --debug
|
...
|
Debug: Unable to connect to server from server_list setting: Server hostname 'localhost' did not match server certificate; expected one of dull-sanatorium.delivery.puppetlabs.net, DNS:puppet, DNS:dull-sanatorium.delivery.puppetlabs.net
|
...
|
Error: Could not run Puppet configuration client: Could not select a functional puppet master from server_list: 'localhost:8140'
|
Improvement
Major
