Puppet gives SSL error because master is not running?

puppet puppetmaster

7,423

Run puppet master --debug --no-daemonize and if you come to see

Error: Could not run: Address already in use - bind(2)

It probably means that the puppet master is already running. Try checking the output of

netstat -anpl | grep 8140

if you see a line referencing port 8140 with LISTEN, then that is probably your issue. (The puppet master process listens on port 8140 for incoming connections from clients by default.)

If you've followed the default setup for Ubuntu, apache will have started, listening on port 8140.

sudo service apache2 stop

then carry on with the config.

7,423

Daniel Huger

Updated on September 18, 2022

Comments

Daniel Huger almost 2 years

I started with two clean machines this time.

My master is running 12.04

Version: 2.7.11-1ubuntu2

Depends: ruby1.8, puppetmaster-common (= 2.7.11-1ubuntu2)

My client is 10.04

Version: 2.6.3-0ubuntu1~lucid1

Depends: puppet-common (=> 2.6.3-0ubuntu1~lucid1), ruby1.8

To setup Puppet tutorial: http://shapeshed.com/setting-up-puppet-on-ubuntu-10-04/

To connect master and client: http://shapeshed.com/connecting-clients-to-a-puppet-master/

The first time I tried to connect master to client failed with SSL_connect error. So I did rm -rf /etc/puppet/ssl/ to remove all the keys inside ssl folders.

It looked like it work.... BUT

client# puppet agent --server puppet --waitforce 60 --test
/usr/lib/ruby/1.8/facter/util/resolution.rb:46: warning: Insecure world writable dir /etc/condor in PATH, mode 040777
/usr/lib/ruby/1.8/puppet/defaults.rb:67: warning: Insecure world writable dir /etc/condor in PATH, mode 040777
info: Creating a new SSL key for giab10
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for mybox123
info: Certificate Request fingerprint (md5): XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session

warning: peer certificate won't be verified in this SSL session
info: Caching certificate for mybox123
err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
warning: Not using cache on failed catalog

It cached but then it couldn't retrieve it.

Let me stop here.... worrying I would mess something up. But let's check master's status.

 * master is not running

WoW.... ???

master# service puppetmaster start
* Starting puppet master    [OK]
master# service puppetmaster status
 * master is not running

I think time is sync. Well, we are behind a firewall so the port to sync time is disbaled. I checked with date and they seem okay.
What about master not running? Is that the cause?

Any help is appreciated. Thanks!

/var/lib/puppet/log/masterhttp.log

[2012-06-30 00:13:25] INFO  WEBrick 1.3.1
[2012-06-30 00:13:25] INFO  ruby 1.8.7 (2011-06-30) [x86_64-linux]
[2012-06-30 00:13:25] WARN  TCPServer Error: Address already in use - bind(2)
[2012-06-30 00:19:40] INFO  WEBrick 1.3.1
[2012-06-30 00:19:40] INFO  ruby 1.8.7 (2011-06-30) [x86_64-linux]
[2012-06-30 00:19:40] WARN  TCPServer Error: Address already in use - bind(2)
[2012-06-30 00:28:58] INFO  WEBrick 1.3.1
[2012-06-30 00:28:58] INFO  ruby 1.8.7 (2011-06-30) [x86_64-linux]
[2012-06-30 00:28:58] WARN  TCPServer Error: Address already in use - bind(2)
[2012-06-30 15:31:25] INFO  WEBrick 1.3.1
[2012-06-30 15:31:25] INFO  ruby 1.8.7 (2011-06-30) [x86_64-linux]
[2012-06-30 15:31:25] WARN  TCPServer Error: Address already in use - bind(2)

    1 S puppet    5186     1  0  80   0 - 29410 poll_s 15:44 ?        00:00:00 /usr/bin/ruby1.8 /usr/bin/puppet master --masterport=8140
    4 S root      5235  5005  0  80   0 -  2344 pipe_w 15:45 pts/0    00:00:00 grep --color=auto puppet

kill -9 5186
puppet master
service puppetmaster status
 * master is not running

I always have this error, but I always ignored it. http://pastebin.com/exbpArjv What could it mean? Time sync? Package not installed? Then how could we do puppetca in the first place?

qweet almost 12 years

on the Master host, check /var/log/puppet/puppetmaster.log and paste the an error here. Also- if the puppet client wasn't able to see the Puppet Master, then it would say so. Something else is happening here.
qweet almost 12 years

Post something from masterhttp.log. It should give us a clue as to why it's not working.
Daniel Huger almost 12 years

@qweet I just did. However, it's inside /var/lib/puppet,because /var/log/puppet has an empty log file. Thanks. Like I said, how come these address are being used? When I say clean I mean I've deleted puppetmaster and puppet.
qweet almost 12 years

Might mean that you have a puppetmaster process still running, which has bound itself to the port that it likes to use. Try doing a ps -elf | grep puppet on the Master to see if there's an instance running.
Daniel Huger almost 12 years

@qweet Thanks. I did, but puppetmaster status still says NOPE. :( I checked the log and doesn't produce any more log.
Daniel Huger almost 12 years

@qweet Thanks. Here is the log: pastebin.com/exbpArjv I always ignored these errors.... what's the problem? I am trying to talk to puppet client.
qweet almost 12 years

let us continue this discussion in chat