Ask Your Question
0

Puppet fails with key mismatch only sometimes

asked 2016-04-04 11:02:09 -0500

Nizen gravatar image

updated 2016-04-09 09:36:01 -0500

Apr  4 08:14:26 server puppet-agent[19535]: Unable to fetch my node definition, but the agent run will continue:
Apr  4 08:14:26 server puppet-agent[19535]: The certificate retrieved from the master does not match the agent's private key.
Apr  4 08:14:26 server puppet-agent[19535]: Certificate fingerprint: ***************************************
Apr  4 08:14:26 server puppet-agent[19535]: To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate.
Apr  4 08:14:26 server puppet-agent[19535]: On the master:
Apr  4 08:14:26 server puppet-agent[19535]:   puppet cert clean server-name
Apr  4 08:14:26 server puppet-agent[19535]: On the agent:
Apr  4 08:14:26 server puppet-agent[19535]:   1a. On most platforms: find /var/lib/puppet/ssl -name server-key.pem -delete
Apr  4 08:14:26 server puppet-agent[19535]:   1b. On Windows: del "/var/lib/puppet/ssl/server-key.pem" /f
Apr  4 08:14:26 server puppet-agent[19535]:   2. puppet agent -t
Apr  4 08:14:26 server puppet-agent[19535]: (/File[/var/lib/puppet/facts.d]) Failed to generate additional resources using 'eval_generate': SSL_CTX_use_PrivateKey:: key values mismatch
Apr  4 08:14:26 server puppet-agent[19535]: (/File[/var/lib/puppet/facts.d]) Could not evaluate: Could not retrieve file metadata for puppet://puppet/pluginfacts: SSL_CTX_use_PrivateKey:: key values mismatch
Apr  4 08:14:26 server puppet-agent[19535]: (/File[/var/lib/puppet/lib]) Failed to generate additional resources using 'eval_generate': SSL_CTX_use_PrivateKey:: key values mismatch
Apr  4 08:14:26 server puppet-agent[19535]: (/File[/var/lib/puppet/lib]) Could not evaluate: Could not retrieve file metadata for puppet://puppet/plugins: SSL_CTX_use_PrivateKey:: key values mismatch
Apr  4 08:14:27 server puppet-agent[19535]: Could not retrieve catalog from remote server: SSL_CTX_use_PrivateKey:: key values mismatch
Apr  4 08:14:28 server puppet-agent[19535]: Using cached catalog
Apr  4 08:14:29 server puppet-agent[19535]: Finished catalog run in 0.75 seconds

I'm getting this standard key mismtach message only sometimes when I run puppet. Normally it runs correctly, but every few days it gives me this error. Has anyone else seen this problem?

edit retag flag offensive close merge delete

Comments

I don't suppose you're running behind a Master of Masters set up ? Is it a sync issue between them?

Alex Harvey gravatar imageAlex Harvey ( 2016-04-09 09:36:58 -0500 )edit

No, it's a typical master/agent setup. They sync fine, it's just saying that I have the wrong fingerprint sometimes.

Nizen gravatar imageNizen ( 2016-04-11 14:23:03 -0500 )edit

I'm seeing this too. Puppet 3.6, Rhel patched to 6.7. No load balance, no nfs etc, very basic setup. Oddly, approx once every 25 hrs which is a particularly wierd interval.

Andrew gravatar imageAndrew ( 2016-09-11 21:33:26 -0500 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2016-04-11 11:17:05 -0500

rnelson0 gravatar image

9 times out of 10 when I see that error, it's because I ran as the wrong user or against the wrong master. Since this is coming from syslog, we can probably assume it is not running as the wrong user. Is there a load balancer that may be serving content from a master that does not have the correct key, or a DNS issue that gives the wrong result? Or maybe the master's CA files are intermittently unavailable because NFS isn't serving properly or something like that?

edit flag offensive delete link more

Comments

Nope, this is a direct connect from agent to master.

Nizen gravatar imageNizen ( 2016-04-11 14:23:56 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2016-04-04 11:02:09 -0500

Seen: 618 times

Last updated: Apr 11 '16