Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-446

Ubuntu puppetserver pacakge out-of-box startup failing due to missing certs

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Normal
    • Resolution: Duplicate
    • Affects Version/s: SERVER 1.0.2
    • Fix Version/s: None
    • Component/s: Puppet Server
    • Labels:
      None
    • Environment:

      Ubuntu 14.04 (Vagrant/Vbox) 1 GB RAM

      Description

      Fresh install of puppetserver breaks on startup (after fixing SERVER-445):

      015-03-12 15:36:59,577 INFO  [p.t.s.w.jetty9-core] Removing buggy security provider SunPKCS11-NSS version 1.7
      2015-03-12 15:37:05,478 INFO  [p.s.j.jruby-puppet-service] Initializing the JRuby service
      2015-03-12 15:37:05,496 INFO  [p.t.s.w.jetty9-service] Initializing web server(s).
      2015-03-12 15:37:29,939 WARN  [puppet-server] Puppet Setting templatedir is deprecated. See http://links.puppetlabs.com/env-settings-deprecations
         (at /usr/lib/ruby/vendor_ruby/puppet/settings.rb:1139:in `issue_deprecation_warning')
      2015-03-12 15:37:29,953 INFO  [puppet-server] Puppet Puppet settings initialized; run mode: master
      2015-03-12 15:37:32,142 INFO  [p.s.j.jruby-puppet-agents] Finished creating JRubyPuppet instance 1 of 3
      2015-03-12 15:37:32,157 INFO  [p.s.c.puppet-server-config-core] Initializing webserver settings from core Puppet
      2015-03-12 15:37:42,773 WARN  [puppet-server] Puppet Setting templatedir is deprecated. See http://links.puppetlabs.com/env-settings-deprecations
         (at /usr/lib/ruby/vendor_ruby/puppet/settings.rb:1139:in `issue_deprecation_warning')
      2015-03-12 15:37:42,797 INFO  [puppet-server] Puppet Puppet settings initialized; run mode: master
      2015-03-12 15:37:45,731 INFO  [p.s.c.certificate-authority-service] CA Service adding a ring handler
      2015-03-12 15:37:45,752 WARN  [o.e.j.s.h.ContextHandler] Empty contextPath
      2015-03-12 15:37:45,796 INFO  [p.s.p.puppet-admin-service] Starting Puppet Admin web app
      2015-03-12 15:37:45,919 ERROR [p.t.internal] Error during service init!!!
      java.lang.IllegalStateException: Cannot initialize master with partial state; need all files or none.
      Found:
      /var/lib/puppet/ssl/private_keys/vagrant-ubuntu-trusty-64.pem
      Missing:
      /var/lib/puppet/ssl/certs/vagrant-ubuntu-trusty-64.pem
       
      	at puppetlabs.puppetserver.certificate_authority$eval10120$partial_state_error__10121$fn__10122.invoke(certificate_authority.clj:213) ~[na:na]
      	at puppetlabs.puppetserver.certificate_authority$eval10120$partial_state_error__10121.invoke(certificate_authority.clj:198) ~[na:na]
      	at puppetlabs.puppetserver.certificate_authority$eval10587$initialize_master_ssl_BANG___10588$fn__10591.invoke(certificate_authority.clj:583) ~[na:na]
      	at puppetlabs.puppetserver.certificate_authority$eval10587$initialize_master_ssl_BANG___10588.invoke(certificate_authority.clj:564) ~[na:na]
      	at puppetlabs.puppetserver.certificate_authority$eval10587$initialize_master_ssl_BANG___10588$fn__10589.invoke(certificate_authority.clj:569) ~[na:na]
      	at puppetlabs.puppetserver.certificate_authority$eval10587$initialize_master_ssl_BANG___10588.invoke(certificate_authority.clj:564) ~[na:na]
      	at puppetlabs.services.ca.certificate_authority_service$reify__14918$service_fnk__5259__auto___positional$reify__14927.initialize_master_ssl_BANG_(certificate_authority_service.clj:29) ~[na:na]
      	at puppetlabs.services.protocols.ca$eval14880$fn__14881$G__14872__14885.invoke(ca.clj:3) ~[na:na]
      	at puppetlabs.services.protocols.ca$eval14880$fn__14881$G__14871__14890.invoke(ca.clj:3) ~[na:na]
      	at clojure.lang.AFn.applyToHelper(AFn.java:167) [puppet-server-release.jar:na]
      	at clojure.lang.AFn.applyTo(AFn.java:151) [puppet-server-release.jar:na]
      	at clojure.core$apply.invoke(core.clj:619) [puppet-server-release.jar:na]
      	at clojure.core$partial$fn__4190.doInvoke(core.clj:2396) ~[puppet-server-release.jar:na]
      	at clojure.lang.RestFn.invoke(RestFn.java:421) [puppet-server-release.jar:na]
      	at puppetlabs.services.master.master_service$reify__11458$service_fnk__5259__auto___positional$reify__11471.init(master_service.clj:23) ~[na:na]
      	at puppetlabs.trapperkeeper.services$eval5095$fn__5122$G__5087__5125.invoke(services.clj:12) ~[na:na]
      	at puppetlabs.trapperkeeper.services$eval5095$fn__5122$G__5086__5129.invoke(services.clj:12) ~[na:na]
      	at puppetlabs.trapperkeeper.internal$run_lifecycle_fn_BANG_.invoke(internal.clj:145) ~[na:na]
      	at puppetlabs.trapperkeeper.internal$run_lifecycle_fns.invoke(internal.clj:173) ~[na:na]
      	at puppetlabs.trapperkeeper.internal$build_app_STAR_$reify__5953.init(internal.clj:437) [na:na]
      	at puppetlabs.trapperkeeper.internal$boot_services_STAR_$fn__5965.invoke(internal.clj:463) [na:na]
      	at puppetlabs.trapperkeeper.internal$boot_services_STAR_.invoke(internal.clj:462) [na:na]
      	at puppetlabs.trapperkeeper.core$boot_with_cli_data.invoke(core.clj:113) [na:na]
      	at puppetlabs.trapperkeeper.core$run.invoke(core.clj:144) [na:na]
      	at puppetlabs.trapperkeeper.core$main.doInvoke(core.clj:159) [na:na]
      	at clojure.lang.RestFn.invoke(RestFn.java:457) [puppet-server-release.jar:na]
      	at clojure.lang.Var.invoke(Var.java:427) [puppet-server-release.jar:na]
      	at clojure.lang.AFn.applyToHelper(AFn.java:172) [puppet-server-release.jar:na]
      	at clojure.lang.Var.applyTo(Var.java:532) [puppet-server-release.jar:na]
      	at clojure.core$apply.invoke(core.clj:617) [puppet-server-release.jar:na]
      	at puppetlabs.trapperkeeper.main$_main.doInvoke(main.clj:7) [puppet-server-release.jar:na]
      	at clojure.lang.RestFn.invoke(RestFn.java:457) [puppet-server-release.jar:na]
      	at clojure.lang.Var.invoke(Var.java:427) [puppet-server-release.jar:na]
      	at clojure.lang.AFn.applyToHelper(AFn.java:172) [puppet-server-release.jar:na]
      	at clojure.lang.Var.applyTo(Var.java:532) [puppet-server-release.jar:na]
      	at clojure.core$apply.invoke(core.clj:617) [puppet-server-release.jar:na]
      	at clojure.main$main_opt.invoke(main.clj:335) [puppet-server-release.jar:na]
      	at clojure.main$main.doInvoke(main.clj:440) [puppet-server-release.jar:na]
      	at clojure.lang.RestFn.invoke(RestFn.java:512) [puppet-server-release.jar:na]
      	at clojure.lang.Var.invoke(Var.java:435) [puppet-server-release.jar:na]
      	at clojure.lang.AFn.applyToHelper(AFn.java:185) [puppet-server-release.jar:na]
      	at clojure.lang.Var.applyTo(Var.java:532) [puppet-server-release.jar:na]
      	at clojure.main.main(main.java:37) [puppet-server-release.jar:na]
      2015-03-12 15:37:45,938 INFO  [p.t.internal] Beginning shutdown sequence
      2015-03-12 15:37:45,971 INFO  [p.t.s.w.jetty9-service] Shutting down web server(s).
      2015-03-12 15:37:45,996 INFO  [p.t.internal] Finished shutdown sequence
      2015-03-12 15:37:46,678 INFO  [p.s.j.jruby-puppet-agents] Finished creating JRubyPuppet instance 2 of 3
      2015-03-12 15:37:52,527 WARN  [puppet-server] Puppet Setting templatedir is deprecated. See http://links.puppetlabs.com/env-settings-deprecations
         (at /usr/lib/ruby/vendor_ruby/puppet/settings.rb:1139:in `issue_deprecation_warning')
      2015-03-12 15:37:52,546 INFO  [puppet-server] Puppet Puppet settings initialized; run mode: master
      2015-03-12 15:37:53,602 INFO  [p.s.j.jruby-puppet-agents] Finished creating JRubyPuppet instance 3 of 3
      

      /var/lib/puppet/ssl/private_keys/vagrant-ubuntu-trusty-64.pem exists from the VM's creation as well.

      Curious, I attempted the following below:

      root@vagrant-ubuntu-trusty-64:/var/lib/puppet/ssl# puppet cert generate vagrant-ubuntu-trusty-64
      Warning: Setting templatedir is deprecated. See http://links.puppetlabs.com/env-settings-deprecations
         (at /usr/lib/ruby/vendor_ruby/puppet/settings.rb:1139:in `issue_deprecation_warning')
      Notice: vagrant-ubuntu-trusty-64 has a waiting certificate request
      Notice: Signed certificate request for vagrant-ubuntu-trusty-64
      Notice: Removing file Puppet::SSL::CertificateRequest vagrant-ubuntu-trusty-64 at '/var/lib/puppet/ssl/ca/requests/vagrant-ubuntu-trusty-64.pem'
      Notice: Removing file Puppet::SSL::CertificateRequest vagrant-ubuntu-trusty-64 at '/var/lib/puppet/ssl/certificate_requests/vagrant-ubuntu-trusty-64.pem'
      

      After doing this the server starts successfully.

      Not too sure if this is the domain of the package or even puppetserver, but it may be prudent to ensure that the host's certificate exists before startup, or just ensure that it is probably documented that the master needs a valid cert in the CA to start up correctly.

        Attachments

          Issue Links

            Activity

              jsd-sla-details-panel

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  vancluevertech Chris Marchesi
                  QA Contact:
                  Erik Dasher
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: