https://bugzilla.wikimedia.org/show_bug.cgi?id=61413
--- Comment #2 from Andrew Bogott <abog...@wikimedia.org> --- OK, on a working instance: # ls -ltra /var/lib/puppet/ssl/certs total 16 -rw-r--r-- 1 puppet puppet 847 Feb 15 08:42 ca.pem -rw-r--r-- 1 puppet puppet 883 Feb 15 08:43 i-00000a65.pmtpa.wmflabs.pem On icinga-scfc-test3: # ls -ltra /var/lib/puppet/ssl/certs total 20 -rw-r--r-- 1 puppet puppet 847 Feb 14 21:31 ca.pem -rw-r----- 1 puppet puppet 883 Feb 14 21:32 i-00000a64.pmtpa.wmflabs.pem -rw-r--r-- 1 puppet puppet 883 Feb 14 21:35 i-00000906.pmtpa.wmflabs.pem Now my theory is that early in its life an instance thinks that its ID is i-00000906 (inherited by mistake from the original image build), and that if a user forces a puppet run during that early stage it tries to create a cert for the wrong ID and is forever after doomed. Is that possibly what happened here? Changing the certname in /etc/puppet/puppet.conf to the actual instance ID seems to resolve the problem. (Another possibility, testing a weaker theory -- were specific puppet classes selected via the wikitech GUI before this instance was able to complete a puppet run?) -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
