Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-528

Partial state error if run puppet agent on master before first puppetserver service start

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: SERVER 2.7.0
    • Component/s: None
    • Labels:
    • Template:
    • Team:
      Systems Engineering
    • Story Points:
      2
    • Sprint:
      SE 2016-10-19, SE 2016-11-02
    • Release Notes:
      Bug Fix
    • Release Notes Summary:
      Hide
      In prior releases, if an agent was run before the Puppet Server service was first started, a private key and public key would be created for the agent but the Puppet Server service would subsequently fail to start with an error message like the following:

      java.lang.IllegalStateException: Cannot initialize master with partial state; need all files or none.
      Found:
      /var/lib/puppet/ssl/private_keys/master.pem
      Missing:
      /var/lib/puppet/ssl/certs/master.pem

      For the fix in this release, Puppet Server will use the pre-generated public and private key to generate a certificate for the master and will startup properly.
      Show
      In prior releases, if an agent was run before the Puppet Server service was first started, a private key and public key would be created for the agent but the Puppet Server service would subsequently fail to start with an error message like the following: java.lang.IllegalStateException: Cannot initialize master with partial state; need all files or none. Found: /var/lib/puppet/ssl/private_keys/master.pem Missing: /var/lib/puppet/ssl/certs/master.pem For the fix in this release, Puppet Server will use the pre-generated public and private key to generate a certificate for the master and will startup properly.

      Description

      The following sequence of steps would cause the puppetserver service to fail on initial startup:

      1) Install puppetserver package.

      2) On the master, run "puppet agent -t".

      This generates a private key but not the associated cert.

      3) Start the puppetserver service.

      The following error appears in the puppetserver.log output and the service fails to start:

      2015-04-01 09:42:00,736 INFO  [p.s.p.puppet-admin-service] Starting Puppet Admin web app
      2015-04-01 09:42:00,754 ERROR [p.t.internal] Error during service init!!!
      java.lang.IllegalStateException: Cannot initialize master with partial state; need all files or none.
      Found:
      /var/lib/puppet/ssl/private_keys/jb-centos7.localdomain.pem
      Missing:
      /var/lib/puppet/ssl/certs/jb-centos7.localdomain.pem

      The Ruby master/CA would go ahead and generate the cert and boot to ready in this situation. We should revisit whether or not it would make sense to have the puppetserver master/CA go ahead and generate a cert automatically from a master private key if no cert is found at service startup.

        Attachments

          Issue Links

            Activity

              jsd-sla-details-panel

                People

                • Assignee:
                  jeremy.barlow Jeremy Barlow
                  Reporter:
                  jeremy.barlow Jeremy Barlow
                  QA Contact:
                  Erik Dasher
                • Votes:
                  9 Vote for this issue
                  Watchers:
                  10 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Zendesk Support