On Tue, Jun 15, 2010 at 4:13 PM, Eric Sorenson <eric.soren...@me.com> wrote:
> I have seen this too; I suspect (but have not been able to reduce a simple > test case to confirm) that the ruby-openssl bindings in snow leopard are > returning EINVAL (thus the "Invalid argument" string) when called from > puppet. But it seems the transaction actually succeeds despite the error. > When setting up new puppetd on 10.6.x I see this error at each stage of the > certificate generation process: key generation, csr generation, cert > submission, but re-running after the error bulls it through. This matches > what you show with the revocation, where you got an error message but the > cert actually was revoked. Very odd and I would love a way to isolate this > outside of puppet and report it to the relevant people as it seems to affect > all flavours of 10.6 release thus far. > oh, now this sounds familiar... I think I ran into a similar issue on Snow Leopard, and it was reasonably obvious working out what went wrong by running ruby in debug mode like /usr/bin/ruby --debug /path/to/puppetfoo whatever you're doing as that way you were avoiding puppet trapping exceptions and re-raising them incorrectly. I probably won't have time to look at it soon if we bug report it, as I'm heading back to Australia (hopefully will drop by and visit Jesse :) ) at the end of the week for 5 weeks vacation. > > -=Eric > > On Jun 15, 2010, at 7:28 AM, Jesse Reynolds wrote: > > > Hello > > > > I have a puppetmasterd installation running on a Mac OS X 10.6.3 > > Server with puppet installed via macports. > > > > Earlier today it was happily signing requests, before I upgraded > > puppet from 0.24.8 to 0.25.4. Now I get "Invalid argument": > > > > bash-3.2# puppetca --sign bouti.carbonplanet.com > > bouti.carbonplanet.com > > err: Could not call sign: Invalid argument > > > > The only mention I can find on the internets of this error is an IRC > > chat on 25 May from bdd: > > > > http://pelin.lovedthanlost.net/puppet/%23puppet-2010-05-25.log.html > > > > <bdd> interesting. after an upgrade from 0.25.4 to 0.25.5, puppetca > > fails to sign new requests with "err: Could not call sign: Invalid > > argument" > > <jamesturnbull> bdd: clean upgrade? no old code floating around? > > <bdd> jamesturnbull: it wasn't a clean upgrade. that's solved. thanks. > > > > I used mac ports "port upgrade facter" then "port upgrade puppet", is > > this not good enough? > > > > I've also tried to do a revoke, which seems to work but shows a similar > error: > > > > bash-3.2# puppetca --list --all > > + 243.carbonplanet.com > > (snip) > > > > bash-3.2# puppetca --revoke 243.carbonplanet.com > > 243.carbonplanet.com > > notice: Revoked certificate with serial 14 > > err: Could not call revoke: Invalid argument > > > > bash-3.2# puppetca --list --all > > - 243.carbonplanet.com (certificate revoked) > > (snip) > > > > > > version: > > > > bash-3.2# puppetca --version > > 0.25.4 > > > > which: > > > > bash-3.2# which puppetca > > /opt/local/sbin/puppetca > > > > > > debug: > > > > bash-3.2# puppetca --sign bouti.carbonplanet.com --debug > > debug: Failed to load library 'selinux' for feature 'selinux' > > debug: Failed to load library 'shadow' for feature 'libshadow' > > debug: Puppet::Type::User::ProviderUser_role_add: file rolemod does not > exist > > debug: Puppet::Type::User::ProviderPw: file pw does not exist > > debug: Failed to load library 'ldap' for feature 'ldap' > > debug: Puppet::Type::User::ProviderLdap: feature ldap is missing > > debug: Puppet::Type::User::ProviderUseradd: file userdel does not exist > > debug: Puppet::Type::User::ProviderDirectoryservice: Executing > > '/usr/bin/dscl -plist . -list /Users' > > debug: Puppet::Type::User::ProviderDirectoryservice: Executing > > '/usr/bin/dscl -plist . -read /Users/puppet' > > debug: /File[/etc/puppet/ssl/ca/requests]: Autorequiring > > File[/etc/puppet/ssl/ca] > > debug: /File[/etc/puppet/ssl/ca/signed]: Autorequiring > File[/etc/puppet/ssl/ca] > > debug: /File[/var/puppet/lib]: Autorequiring File[/var/puppet] > > debug: /File[/etc/puppet/ssl/private]: Autorequiring > File[/etc/puppet/ssl] > > debug: /File[/var/puppet/log]: Autorequiring File[/var/puppet] > > debug: /File[/etc/puppet/ssl/ca]: Autorequiring File[/etc/puppet/ssl] > > debug: /File[/etc/puppet/ssl/ca/ca_crt.pem]: Autorequiring > > File[/etc/puppet/ssl/ca] > > debug: /File[/etc/puppet/ssl/ca/private]: Autorequiring > File[/etc/puppet/ssl/ca] > > debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet] > > debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring > > File[/etc/puppet/ssl] > > debug: /File[/var/puppet/facts]: Autorequiring File[/var/puppet] > > debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring > File[/etc/puppet/ssl] > > debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/ssl] > > debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring > File[/etc/puppet/ssl] > > debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring > > File[/etc/puppet/ssl/certs] > > debug: > /File[/etc/puppet/ssl/private_keys/sylvester.adelaide.carbonplanet.com.pem]: > > Autorequiring File[/etc/puppet/ssl/private_keys] > > debug: /File[/etc/puppet/ssl/ca/inventory.txt]: Autorequiring > > File[/etc/puppet/ssl/ca] > > debug: /File[/var/puppet/state]: Autorequiring File[/var/puppet] > > debug: /File[/etc/puppet/ssl/ca/ca_crl.pem]: Autorequiring > > File[/etc/puppet/ssl/ca] > > debug: /File[/var/puppet/run]: Autorequiring File[/var/puppet] > > debug: /File[/etc/puppet/ssl/ca/private/ca.pass]: Autorequiring > > File[/etc/puppet/ssl/ca/private] > > debug: /File[/etc/puppet/ssl/ca/serial]: Autorequiring > File[/etc/puppet/ssl/ca] > > debug: /File[/etc/puppet/ssl/ca/ca_key.pem]: Autorequiring > > File[/etc/puppet/ssl/ca] > > debug: /File[/etc/puppet/ssl/ca/ca_pub.pem]: Autorequiring > > File[/etc/puppet/ssl/ca] > > debug: Finishing transaction 2168470120 with 0 changes > > bouti.carbonplanet.com > > err: Could not call sign: Invalid argument > > > > Any ideas anyone? > > > > Thank you > > Jesse > > > > > > -- > > > > Jesse Reynolds > > Carbon Planet Limited - http://www.carbonplanet.com/ > > Virtual Artists Pty Ltd - http://www.va.com.au/ > > > > -- > > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > > To post to this group, send email to puppet-us...@googlegroups.com. > > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com> > . > > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- nigel -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
