此问题间歇性发生。我昨天第一次遇到它,我只是从头开始重新启动它,它就消失了,但今天又回来了。我在运行 Ubuntu 12.04 的 EC2 服务器上运行 Puppet v2.7.11。
问题很简单,当我尝试执行时puppet agent -t
,我得到以下输出,
info: Retrieving plugin
err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server session ticket A
err: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server session ticket A Could not retrieve file metadata for puppet://foreman.ec2.internal/plugins: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server session ticket A
info: Loading facts in /var/lib/puppet/lib/facter/concat_basedir.rb
info: Loading facts in /var/lib/puppet/lib/facter/pe_version.rb
info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb
info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb
info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb
info: Loading facts in /var/lib/puppet/lib/facter/logstashdir.rb
info: Loading facts in /var/lib/puppet/lib/facter/gemhome.rb
err: Could not retrieve catalog from remote server: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server session ticket A
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
err: Could not send report: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server session ticket A
我在谷歌上找到了一个讨论类似问题的帖子,但建议的解决方案(删除 SSL 证书,确保时钟同步,然后重新生成证书)对我来说不起作用。我在网上找不到太多关于这个问题的信息,希望我没有忽略一些显而易见的事情。找不到关于这个问题的其他信息,任何帮助我都感激不尽。谢谢阅读!
编辑
我决定创建一个新实例并重新开始,但我的新创建的实例遇到了同样的问题。
编辑2
此次交流似乎概述了我正在经历的事情,遗憾的是没有找到解决方案。
编辑3
我尝试从上一个链接执行此操作,但收到了不同的错误。
我尝试过
在 /var/lib/puppet/ssl 中:找到 . -type f -delete 在客户端上:
在 /var/lib/puppet/ssl 中:查找 .-type f -delete
由此产生的错误
info: Retrieving plugin
err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed. This is often because the time is out of sync on the server or client
err: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed. This is often because the time is out of sync on the server or client Could not retrieve file metadata for puppet://foreman.ec2.internal/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed. This is often because the time is out of sync on the server or client
err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed. This is often because the time is out of sync on the server or client
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed. This is often because the time is out of sync on the server or client
时间似乎已同步,我将继续沿着这条路走下去。
编辑 4?
原来的问题又出现了,我重复删除证书,然后又出现了上面的错误,告诉我时间可能不同步。不知道为什么又出现了,在此期间我做了很多事情。
编辑5
openssl 验证-CAfile /var/lib/puppet/ssl/certs/ca.pem
编辑6
通过做我发现的事情这里并清理主服务器和代理服务器的密钥/证书后,我就可以回到最初的问题了。我已经回到原点,现在我可以通过遵循此问题中相应的“解决方案”来循环解决我所概述的问题。
编辑7
我安装了最新版本的 puppet,没有收到错误(从 2.7.11 升级到 3.5.1)。我会稍微调试一下,看看错误是否会再次出现,但看起来这可能是解决方案。
答案1
将我的 puppet 安装从 2.7.11 升级到 3.5.1 解决了我的问题。