Hi folks, I saw Vishal's question over on StackOverflow <https://stackoverflow.com/questions/46811001/puppet-error-ssl-read-shutdown-while-in-init/46822598>, and googling it came back to here!
I answered Vishal over on SO, but thought I'd post it here for Maxim also and close the loop: It seems like there was a breaking change brought in when updating the OpenSSL package with older Puppet 3. Puppet 3 itself is EOL since December of 2016, so I recommend you update to Puppet 4 or even 5, which came out this year. Another benefit: Puppet 4 and onward bundles it's own openssl, so you don't have to worry about breaking Puppet when upgrading openssl (See puppet-agent: What is it, and what's in it? <https://puppet.com/docs/puppet/4.8/about_agent.html>) You can do so with my helper script: wget -O - https://raw.githubusercontent.com/petems/puppet-install-shell/master/install_puppet_agent.sh | sudo sh Or manually: Puppet 5 rpm -ivh http://yum.puppetlabs.com/puppet5/puppet5-release-el-6.noarch.rpm yum install puppet-agent -y Puppet 4 rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-pc1-el-6.noarch.rpm yum install puppet-agent -y On Thursday, October 12, 2017 at 3:39:54 PM UTC+1, Vishal Bhalla wrote: > > Yup - we are seeing similar problems. > > After our client Amazon Linux boxes updated to latest OpenSSL (SL > 1.0.2k-fips 26 Jan 2017) we now see > > Error: SSL_read:: shutdown while in init > > On puppet runs. Only way we could work around it was to perform a yum > rollback :( > > On Monday, 9 October 2017 12:48:09 UTC+1, Maxim Nikolaev wrote: >> >> Hi >> >> I'm using puppet agent 3.8.7 with puppetserver 2.8. Everything worked >> fine for long period. >> This week we set update on openssl (version >> openssl-1.0.2k-7.103.amzn1.x86_6). >> After that we started to get errors on puppet run: >> >> >> >> >> >> *Error: Could not set 'file' on ensure: SSL_read:: shutdown while in >> initError: Could not retrieve catalog from remote server: SSL_read:: >> shutdown while in init*I tried to play with pupptserver and puppet agent >> config. >> >> Added http_keepaalive_timout and set larger body-max-size. >> >> This resolve issue on existing servers. But each time I run puppet first >> time - I see this again. >> For ex, when I try to create Packer image - it always fail, because of this >> errors. >> >> I've looked for similar errors, but find nothing. >> >> Have someone experienced same problem? >> >> Thanks. >> >> > ------------------------------ > > *This email was sent by a company owned by Financial Times Group Limited > ("FT Group <http://aboutus.ft.com/corporate-information/#axzz3rajCSIAt>"), > registered office at Number One Southwark Bridge, London SE1 9HL. > Registered in England and Wales with company number 879531. This e-mail may > contain confidential information. If you are not the intended recipient, > please notify the sender immediately, delete all copies and do not > distribute it further. It could also contain personal views which are not > necessarily those of the FT Group. We may monitor outgoing or > incoming emails as permitted by law.* > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d90b922a-56d4-4d55-95fd-e44eb8ea8201%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.