All geek questions in one place

Connection problem using Puppet

puppet version 2.6.6

I occasionally see SSL connection errors similar to the following for puppet agents:

Could not evaluate: SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A Could not retrieve file metadata for puppet://...: SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A

or

 Failed to generate additional resources using 'eval_generate': SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A

I found a few posts that describe this as potentially due to a timeout for establishing TLS communication between the master and the agent, but I do not know where this can be configured if this is really a problem.

Any help greatly appreciated!

Regards, Andrew Ells

+4
source share
1 answer

So, firstly, an apology: some of the old error messages for SSL in Puppet suck. We used Ruby SSL errors directly, rather than catching and picking up the right things. This is much better in 2.7.x and later.

The problem is most likely. If your master and client are not time synchronized, then SSL will fail. This is not a Puppet requirement - this is just how SSL works. This MS KB has a good description of the SSL communication establishment process .

The best way to solve this problem is to provide time synchronization between the master and the client, and you can do this by running NTP (which you can also control using Puppet using our NTP module ).

Hope this helps, and if you have additional problems, we have an IRC channel on Freenode #puppet and a Puppet mailing list with lots of helpful people!

+4
source

Source: https://habr.com/ru/post/1396673/

More articles:


All Articles