Puppet agent -t results in error: Failed to generate additional resources using 'eval_generate:
Upgrading my puppet install from 2.7.11 to 3.5.1 resolved my issue.
Jack
Updated on September 18, 2022Comments
-
Jack almost 2 years
This problem occurs intermittently. I first experienced it yesterday, and I simply restarted from scratch and it disappeared but just came back today. I'm running Puppet v2.7.11 on EC2 servers running Ubuntu 12.04.
Problem is pretty straightforward, when I try to execute
puppet agent -t
I get the following output,info: Retrieving plugin err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server session ticket A err: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server session ticket A Could not retrieve file metadata for puppet://foreman.ec2.internal/plugins: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server session ticket A info: Loading facts in /var/lib/puppet/lib/facter/concat_basedir.rb info: Loading facts in /var/lib/puppet/lib/facter/pe_version.rb info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb info: Loading facts in /var/lib/puppet/lib/facter/logstashdir.rb info: Loading facts in /var/lib/puppet/lib/facter/gemhome.rb err: Could not retrieve catalog from remote server: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server session ticket A warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run err: Could not send report: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server session ticket A
I found a thread discussing a similar problem through google but the suggested solution, which was to remove the ssl certificates, make sure the clocks were in sync and then regenerate certificates did not work for me. I wasn't able to find much online regarding this problem, hopefully I'm not overlooking something painfully obvious. Wasn't able to find anything else on the subject, any help is appreciated. Thanks for reading!
Edit
I decided create a new instance and start over but I'm experiencing the same problem with my newly created instance.
Edit 2
This exchange seems to outline what i'm going through, sadly no solution was found.
Edit 3
I tried this from the previous link and I'm receiving a different error.
What I tried,
in /var/lib/puppet/ssl: find . -type f -delete On the client:
in /var/lib/puppet/ssl: find . -type f -delete
The resulting error
info: Retrieving plugin err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed. This is often because the time is out of sync on the server or client err: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed. This is often because the time is out of sync on the server or client Could not retrieve file metadata for puppet://foreman.ec2.internal/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed. This is often because the time is out of sync on the server or client err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed. This is often because the time is out of sync on the server or client warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed. This is often because the time is out of sync on the server or client
The time appears synced, I will continue down this path.
Edit 4?
The original issue came back, repeated the removal of the certs and I'm back to the above error telling me about time likely being out of sync. Not sure why it came back, there were a bunch of things done in the meantime.
Edit 5
This bug seems to also outline my problem but sadly doesn't go anywhere.
Tried this as well but no luck.
From this I tried executing the following on both master/agent but the command hangs.
openssl verify -CAfile /var/lib/puppet/ssl/certs/ca.pem
Edit 6
By doing what I found here and cleaning up the keys/certs from master and agent I'm able to return to the original problem. I've come full circle, I can now cycle through the issues I've outlined by following the corresponding "solutions" from this question.
Edit 7
I installed the latest version of puppet and I'm not receiving an error (3.5.1 from 2.7.11). Will play with it a bit to see if the error comes back but it looks like that might be the solution.
-
Felix Frank about 10 yearsIf Ubuntu on your VM ships a 3.x agent, it is to be expected that interoperability with a 2.7.x master will indeed not be available.
-
Aryeh Armon over 6 yearshaving the same error on 3.8.5