Puppet: System Administration Automated

Support

Ticket #1200 (new defect)

Opened 7 months ago

Last modified 6 months ago

puppetd exits when dns resolution fails and client doesn't have a certificate yet

Reported by: diska Assigned to: andrew
Priority: normal Milestone: 0.24.5
Component: executables Version: 0.24.4
Severity: normal Keywords: puppetd
Cc: Triage Stage: Accepted
Attached Patches: Insufficient Complexity: Easy

Description

I'm using preseeding to install Ubuntu workstations and I'm installing puppet as part of the installation process. The puppetmaster has autosigning enabled and the idea is that after the Ubuntu installation finishes the puppet client takes over and finishes the configuration.

However, because Ubuntu uses Network Manager?, the network is not up when the puppet client gets started. This causes 2 problems: First off it can't resolve the puppet hostname, and that causes the 2nd problem: it can't get a certificate. After that the client exits where I expected it to sleep and try again every 30 minutes.

First I thought this was a problem with Ubuntu because it launches puppetd with "-w 0", but when I invoked puppetd from the commandline with "puppetd --no-daemonize --verbose" it exited as well.

These tests were done with Ubuntu Hardy using their package puppet-0.24.4-3

Change History

04/23/08 17:36:01 changed by immerda

might be dpuplicate of #1199 or at least similar problem

04/24/08 01:40:32 changed by jamtur01

  • stage changed from Unreviewed to Needs more info.

Can you provide --trace output please.

04/24/08 01:44:31 changed by jamtur01

Also plays into #1190.

04/24/08 07:27:27 changed by luke

  • component changed from client to executables.

04/24/08 14:29:47 changed by diska

Here's the --trace output:

err: Could not find server puppet: getaddrinfo: Name or service not known /usr/lib/ruby/1.8/net/http.rb:560:in `initialize' /usr/lib/ruby/1.8/net/http.rb:560:in `open' /usr/lib/ruby/1.8/net/http.rb:560:in `connect' /usr/lib/ruby/1.8/timeout.rb:56:in `timeout' /usr/lib/ruby/1.8/timeout.rb:76:in `timeout' /usr/lib/ruby/1.8/net/http.rb:560:in `connect' /usr/lib/ruby/1.8/net/http.rb:553:in `do_start' /usr/lib/ruby/1.8/net/http.rb:542:in `start' /usr/lib/ruby/1.8/net/http.rb:1035:in `request' /usr/lib/ruby/1.8/net/http.rb:992:in `post2' /usr/lib/ruby/1.8/xmlrpc/client.rb:535:in `do_rpc' /usr/lib/ruby/1.8/xmlrpc/client.rb:420:in `call2' /usr/lib/ruby/1.8/xmlrpc/client.rb:410:in `call' /usr/lib/ruby/1.8/puppet/network/xmlrpc/client.rb:45:in `getcert' /usr/lib/ruby/1.8/puppet/network/client/ca.rb:26:in `request_cert' /usr/sbin/puppetd:347 err: Could not request certificate: Certificate retrieval failed: Could not find server puppet

04/24/08 14:30:33 changed by diska

--trace output again but this time within codeblock, sorry 

err: Could not find server puppet: getaddrinfo: Name or service not known
/usr/lib/ruby/1.8/net/http.rb:560:in `initialize'
/usr/lib/ruby/1.8/net/http.rb:560:in `open'
/usr/lib/ruby/1.8/net/http.rb:560:in `connect'
/usr/lib/ruby/1.8/timeout.rb:56:in `timeout'
/usr/lib/ruby/1.8/timeout.rb:76:in `timeout'
/usr/lib/ruby/1.8/net/http.rb:560:in `connect'
/usr/lib/ruby/1.8/net/http.rb:553:in `do_start'
/usr/lib/ruby/1.8/net/http.rb:542:in `start'
/usr/lib/ruby/1.8/net/http.rb:1035:in `request'
/usr/lib/ruby/1.8/net/http.rb:992:in `post2'
/usr/lib/ruby/1.8/xmlrpc/client.rb:535:in `do_rpc'
/usr/lib/ruby/1.8/xmlrpc/client.rb:420:in `call2'
/usr/lib/ruby/1.8/xmlrpc/client.rb:410:in `call'
/usr/lib/ruby/1.8/puppet/network/xmlrpc/client.rb:45:in `getcert'
/usr/lib/ruby/1.8/puppet/network/client/ca.rb:26:in `request_cert'
/usr/sbin/puppetd:347
err: Could not request certificate: Certificate retrieval failed: Could not find server puppet

04/24/08 14:37:10 changed by jamtur01

  • owner changed from community to luke.
  • stage changed from Needs more info to Needs design decision.

I think this should be the default behaviour. I'll let Luke decide but that's my call.

04/24/08 16:43:17 changed by luke

  • stage changed from Needs design decision to Accepted.

I consider this a bug. The daemon should never exit on failure unless we're in --test mode.

05/12/08 23:43:40 changed by luke

  • milestone set to 0.24.5.

05/16/08 07:28:39 changed by luke

  • owner changed from luke to community.

05/16/08 09:33:45 changed by Fujin

  • owner changed from community to jamtur01.
  • stage changed from Accepted to Ready for checkin.
  • patch changed from None to Code.

Fix @ http://github.com/fujin/puppet/commits/fix1200

{{ aj@junglist (branch: fix1200) ~/git/puppet/bin$ ./puppetd --no-daemonize --verbose -w 60 err: Could not find server puppet: getaddrinfo: Name or service not known err: Could not request certificate: Certificate retrieval failed: Could not find server puppet err: Could not read certificates after retrieving them notice: Starting Puppet client version 0.24.4 err: Could not find server puppet: getaddrinfo: Name or service not known err: Could not retrieve catalog: Could not find server puppet .. }}

{{ aj@junglist (branch: fix1200) ~/git/puppet/bin$ ./puppetd -t err: Could not find server puppet: getaddrinfo: Name or service not known /usr/local/lib/site_ruby/1.8/puppet/network/client/ca.rb:31:in `request_cert': Certificate retrieval failed: Could not find server puppet (Puppet::Error)

from ./puppetd:360

aj@junglist (branch: fix1200) ~/git/puppet/bin$ echo $? 1 }}

No tests for this - the existing executable tests have no similar cases to modify.. if this is insufficient please mark and send back

05/16/08 09:35:01 changed by Fujin

egh.. stupid three curly braces. 

aj@junglist (branch: fix1200) ~/git/puppet/bin$ ./puppetd -t
err: Could not find server puppet: getaddrinfo: Name or service not known
/usr/local/lib/site_ruby/1.8/puppet/network/client/ca.rb:31:in `request_cert': Certificate retrieval failed: Could not find server puppet (Puppet::Error)
        from ./puppetd:360
aj@junglist (branch: fix1200) ~/git/puppet/bin$ echo $?
1

aj@junglist (branch: fix1200) ~/git/puppet/bin$ ./puppetd --no-daemonize -w 5 --verbose
err: Could not find server puppet: getaddrinfo: Name or service not known
err: Could not request certificate: Certificate retrieval failed: Could not find server puppet
err: Could not read certificates after retrieving them
err: Could not find server puppet: getaddrinfo: Name or service not known
err: Could not request certificate: Certificate retrieval failed: Could not find server puppet
err: Could not read certificates after retrieving them
err: Could not find server puppet: getaddrinfo: Name or service not known
err: Could not request certificate: Certificate retrieval failed: Could not find server puppet
..

05/16/08 09:49:44 changed by jamtur01

  • keywords set to puppetd.
  • complexity changed from Unknown to Easy.
  • patch changed from Code to Insufficient.

05/16/08 09:54:31 changed by jamtur01

  • owner changed from jamtur01 to fujin.

05/22/08 21:05:33 changed by jamtur01

  • stage changed from Ready for checkin to Accepted.

05/26/08 07:34:08 changed by andrew

  • owner changed from fujin to andrew.