Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-899

Missing cert when puppet-agent started

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Normal
    • Resolution: Duplicate
    • Affects Version/s: SERVER 2.1.1
    • Fix Version/s: None
    • Component/s: Puppet Server
    • Labels:
    • Environment:

      CentOS Linux release 7.1.1503
      puppetserver-2.1.1-1.el7.noarch
      puppet-agent-1.2.2-1.el7.x86_64

    • Template:

      Description

      I figured out that Puppet Server is not creating the certificates when puppet (puppet-agent) is running and did create a private/public key pair already.

      yum install puppetserver
      systemctl start puppet
       
      # directory:
      [root@puppetmaster ~]# tree /etc/puppetlabs/puppet/ssl/
      /etc/puppetlabs/puppet/ssl/
      ├── certificate_requests
      ├── certs
      ├── private
      ├── private_keys
      │   └── puppetmaster.example.com.pem
      └── public_keys
          └── puppetmaster.example.com.pem
      5 directories, 2 files
      

      `puppetserver` fails to start:

      systemctl start puppetserver
      Job for puppetserver.service failed. See 'systemctl status puppetserver.service' and 'journalctl -xn' for details.
       
      # puppetserver.log
      2015-09-16 20:57:01,060 ERROR [p.t.internal] Error during service init!!!
      java.lang.IllegalStateException: Cannot initialize master with partial state; need all files or none.
      Found:
      /etc/puppetlabs/puppet/ssl/private_keys/puppetmaster.example.com.pem
      Missing:
      /etc/puppetlabs/puppet/ssl/certs/puppetmaster.example.com.pem
       
      # directory:
      tree /etc/puppetlabs/puppet/ssl/
      /etc/puppetlabs/puppet/ssl/
      ├── ca
      │   ├── ca_crl.pem
      │   ├── ca_crt.pem
      │   ├── ca_key.pem
      │   ├── ca_pub.pem
      │   ├── inventory.txt
      │   ├── requests
      │   ├── serial
      │   └── signed
      ├── certificate_requests
      ├── certs
      │   └── ca.pem
      ├── crl.pem
      ├── private
      ├── private_keys
      │   └── puppetmaster.example.com.pem
      └── public_keys
          └── puppetmaster.example.com.pem
      

      Everything is running well if there are no keys and I do just start puppetserver:

      tree /etc/puppetlabs/puppet/ssl/
      /etc/puppetlabs/puppet/ssl/
      ├── ca
      │   ├── ca_crl.pem
      │   ├── ca_crt.pem
      │   ├── ca_key.pem
      │   ├── ca_pub.pem
      │   ├── inventory.txt
      │   ├── requests
      │   ├── serial
      │   └── signed
      │       └── puppetmaster.example.com.pem
      ├── certificate_requests
      ├── certs
      │   ├── ca.pem
      │   └── puppetmaster.example.com.pem
      ├── crl.pem
      ├── private
      ├── private_keys
      │   └── puppetmaster.example.com.pem
      └── public_keys
          └── puppetmaster.example.com.pem
      

      I don't know if this has to be considered as a bug. But perhaps there's a way to make it a bit simpler for beginners (what service to start first)?
      Is this issue related to SERVER-352?

        Attachments

          Issue Links

            Activity

              jsd-sla-details-panel

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  juame Julian Meier
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Zendesk Support