I had this problem affect at least one server overnight; there might be more.
I put in a new version of puppet and puppetmaster, and had to step away before getting things all the way working. I left it in a state where the puppetmaster was not running, but some puppetd were running. (version 0.24.7) Apparently, puppetd tries quite vigorously to connect. It generated 10GB of syslog and daemon.log overnight, full of this: Feb 26 07:45:10 tr11 puppetd[14683]: : Certificate retrieval failed: Could not connect to puppet on port 8140 Feb 26 07:45:10 tr11 puppetd[14749]: Could not request certificate: Certificate retrieval failed: Could not connect to puppet on port 8140 Feb 26 07:45:10 tr11 puppetd[14683]: Could not request certificate: Certificate retrieval failed: Could not connect to puppet on port 8140 Feb 26 07:45:10 tr11 puppetd[14749]: Could not request certificate: Certificate retrieval failed: Could not connect to puppet on port 8140 Feb 26 07:45:10 tr11 puppetd[14683]: Could not request certificate: Certificate retrieval failed: Could not connect to puppet on port 8140 Feb 26 07:45:10 tr11 puppetd[14749]: Could not request certificate: Certificate retrieval failed: Could not connect to puppet on port 8140 Feb 26 07:45:10 tr11 puppetd[14683]: Could not request certificate: Certificate retrieval failed: Could not connect to puppet on port 8140 Feb 26 07:45:10 tr11 puppetd[14749]: Could not request certificate: Certificate retrieval failed: Could not connect to puppet on port 8140 Feb 26 07:45:10 tr11 puppetd[14683]: Could not request certificate: Certificate retrieval failed: Could not connect to puppet on port 8140 Then /var filled up and various things broke. Needless to say, this is a Bad Thing. I suggest that puppetd should refuse to try more than once every N seconds or minutes or whatever, regardless of: * network failures, regardless of failure modu * other errors, regardless of what error * certificate problems of any nature * stupid configuration * stunningly idiotic configuration * ruby / library / OS / etc versions ... because killing servers by filling /var, is not a good path to popularity :-) -- Kyle Cordes http://kylecordes.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
