Discussion:
[Puppet Users] Issue when trying to sign a certificate
Jesús Oliván
2018-11-22 14:44:10 UTC
Permalink
Hi!

i'm experimenting a weird issue at random times when some clients are
trying to sign his certificate in their puppet masters. Here's the log
lines where error is visible:

Info: Creating a new SSL key for pro-front-xxxx.xxx
Info: csr_attributes file loading from
/etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for pro-front-xxxx.xxx
Info: Certificate Request fingerprint (SHA256):
8D:FD:25:92:06:09:D1:38:B0:74:40:28:A6:C3:5C:B4:39:6D:81:EC:97:90:67:6B:45:39:DD:7A:EC:E3:F5:F6
Error: Could not request certificate: Error 500 on SERVER: Internal Server
Error: java.lang.NumberFormatException: For input string: ""


And this is the output on the same stage of another node that is working
fine with the same role/config:

Info: Creating a new SSL key for pro-front-xxxx.xxx
Info: csr_attributes file loading from
/etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for pro-front-xxxx.xxx
Info: Certificate Request fingerprint (SHA256):
FD:FC:6F:D0:39:3B:78:24:2B:B9:5D:82:6E:E8:58:0B:37:63:AD:89:6F:D9:34:15:E6:D9:42:7F:AB:E5:EF:3BESC[0m
Info: Caching certificate for pro-front-xxxx.xxx
Info: Caching certificate for pro-frontend-xxxxx.xxx
Info: Using configured environment 'pro'
Info: Retrieving pluginfacts
Info: Retrieving plugin

It's happening a few times, but it's annoying because when it occurs is
while launching several nodes to form a new cluster, so the cluster is
never formed until this "puppet not signed host" is not signed manually.
Can anyone give me some light about this, please? Specially, this line in
the "not working" node is concerning me:

Error: Could not request certificate: Error 500 on SERVER: Internal Server
Error: java.lang.NumberFormatException: For input string: ""

Thanks in advance!
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAKYJm92S6m8-ahS93X6%3DELA_a%3DgBbMxNjdKS%2BVW%2BdAy8QpdtkA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Justin Stoller
2018-11-26 17:18:38 UTC
Permalink
Hi Jesus,
Post by Jesús Oliván
Hi!
i'm experimenting a weird issue at random times when some clients are
trying to sign his certificate in their puppet masters. Here's the log
Info: Creating a new SSL key for pro-front-xxxx.xxx
Info: csr_attributes file loading from
/etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for pro-front-xxxx.xxx
8D:FD:25:92:06:09:D1:38:B0:74:40:28:A6:C3:5C:B4:39:6D:81:EC:97:90:67:6B:45:39:DD:7A:EC:E3:F5:F6
Error: Could not request certificate: Error 500 on SERVER: Internal Server
Error: java.lang.NumberFormatException: For input string: ""
And this is the output on the same stage of another node that is working
Info: Creating a new SSL key for pro-front-xxxx.xxx
Info: csr_attributes file loading from
/etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for pro-front-xxxx.xxx
FD:FC:6F:D0:39:3B:78:24:2B:B9:5D:82:6E:E8:58:0B:37:63:AD:89:6F:D9:34:15:E6:D9:42:7F:AB:E5:EF:3BESC[0m
Info: Caching certificate for pro-front-xxxx.xxx
Info: Caching certificate for pro-frontend-xxxxx.xxx
Info: Using configured environment 'pro'
Info: Retrieving pluginfacts
Info: Retrieving plugin
It's happening a few times, but it's annoying because when it occurs is
while launching several nodes to form a new cluster, so the cluster is
never formed until this "puppet not signed host" is not signed manually.
Can anyone give me some light about this, please? Specially, this line in
Error: Could not request certificate: Error 500 on SERVER: Internal Server
Error: java.lang.NumberFormatException: For input string: ""
Can you look at the log for the server (on the server at
/var/log/puppetlabs/puppetserver/puppetserver.log) and post that. I would
expect a stacktrace at the time the 500 happened pointing out the culprit
in the code.

The agent might be requesting a certificate with invalid values, or a bug
in Puppet Server. My total wag would be that there's an issue with your
serial file being zeroed out (its just a place, off the top of my head,
where we read in a string and cast it to a number that could flap like
you've described).


- Justin
Post by Jesús Oliván
Thanks in advance!
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAKYJm92S6m8-ahS93X6%3DELA_a%3DgBbMxNjdKS%2BVW%2BdAy8QpdtkA%40mail.gmail.com
<https://groups.google.com/d/msgid/puppet-users/CAKYJm92S6m8-ahS93X6%3DELA_a%3DgBbMxNjdKS%2BVW%2BdAy8QpdtkA%40mail.gmail.com?utm_medium=email&utm_source=footer>
.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CA%2B%3DBEqXSr%3Drk5_7ctgAdpPapZkYZzHfceR0zDGTnRO7_KYzrMQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
MorSa
2018-11-28 14:58:27 UTC
Permalink
Thanks for your response, Justin!

this is the only output i saw in puppetserver.log at same time as i
received error i was referring:

2018-11-22 11:07:41,975 WARN [qtp1232246461-35996] [puppetserver] Puppet
Arguments to Re
source[] are all empty/undefined at
/etc/puppetlabs/code/environments/pro/modules/profile
_sensu/manifests/checks/http/webserver.pp:36:28
2018-11-22 11:07:42,479 ERROR [qtp1232246461-35985] [p.r.core] Internal
Server Error: jav
a.lang.NumberFormatException: For input string: ""



El lunes, 26 de noviembre de 2018, 18:18:57 (UTC+1), Justin Stoller
Post by Justin Stoller
Hi Jesus,
Post by Jesús Oliván
Hi!
i'm experimenting a weird issue at random times when some clients are
trying to sign his certificate in their puppet masters. Here's the log
Info: Creating a new SSL key for pro-front-xxxx.xxx
Info: csr_attributes file loading from
/etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for pro-front-xxxx.xxx
8D:FD:25:92:06:09:D1:38:B0:74:40:28:A6:C3:5C:B4:39:6D:81:EC:97:90:67:6B:45:39:DD:7A:EC:E3:F5:F6
Error: Could not request certificate: Error 500 on SERVER: Internal
Server Error: java.lang.NumberFormatException: For input string: ""
And this is the output on the same stage of another node that is working
Info: Creating a new SSL key for pro-front-xxxx.xxx
Info: csr_attributes file loading from
/etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for pro-front-xxxx.xxx
FD:FC:6F:D0:39:3B:78:24:2B:B9:5D:82:6E:E8:58:0B:37:63:AD:89:6F:D9:34:15:E6:D9:42:7F:AB:E5:EF:3BESC[0m
Info: Caching certificate for pro-front-xxxx.xxx
Info: Caching certificate for pro-frontend-xxxxx.xxx
Info: Using configured environment 'pro'
Info: Retrieving pluginfacts
Info: Retrieving plugin
It's happening a few times, but it's annoying because when it occurs is
while launching several nodes to form a new cluster, so the cluster is
never formed until this "puppet not signed host" is not signed manually.
Can anyone give me some light about this, please? Specially, this line in
Error: Could not request certificate: Error 500 on SERVER: Internal
Server Error: java.lang.NumberFormatException: For input string: ""
Can you look at the log for the server (on the server at
/var/log/puppetlabs/puppetserver/puppetserver.log) and post that. I would
expect a stacktrace at the time the 500 happened pointing out the culprit
in the code.
The agent might be requesting a certificate with invalid values, or a bug
in Puppet Server. My total wag would be that there's an issue with your
serial file being zeroed out (its just a place, off the top of my head,
where we read in a string and cast it to a number that could flap like
you've described).
- Justin
Post by Jesús Oliván
Thanks in advance!
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAKYJm92S6m8-ahS93X6%3DELA_a%3DgBbMxNjdKS%2BVW%2BdAy8QpdtkA%40mail.gmail.com
<https://groups.google.com/d/msgid/puppet-users/CAKYJm92S6m8-ahS93X6%3DELA_a%3DgBbMxNjdKS%2BVW%2BdAy8QpdtkA%40mail.gmail.com?utm_medium=email&utm_source=footer>
.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/202de0a0-abba-4b16-a1c8-98d08bdb2fee%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
MorSa
2018-11-28 15:08:15 UTC
Permalink
FYI i'm running:

[puppetserver]# puppet master --version
4.8.2
Post by MorSa
Thanks for your response, Justin!
this is the only output i saw in puppetserver.log at same time as i
2018-11-22 11:07:41,975 WARN [qtp1232246461-35996] [puppetserver] Puppet
Arguments to Re
source[] are all empty/undefined at
/etc/puppetlabs/code/environments/pro/modules/profile
_sensu/manifests/checks/http/webserver.pp:36:28
2018-11-22 11:07:42,479 ERROR [qtp1232246461-35985] [p.r.core] Internal
Server Error: jav
a.lang.NumberFormatException: For input string: ""
El lunes, 26 de noviembre de 2018, 18:18:57 (UTC+1), Justin Stoller
Post by Justin Stoller
Hi Jesus,
Post by Jesús Oliván
Hi!
i'm experimenting a weird issue at random times when some clients are
trying to sign his certificate in their puppet masters. Here's the log
Info: Creating a new SSL key for pro-front-xxxx.xxx
Info: csr_attributes file loading from
/etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for pro-front-xxxx.xxx
8D:FD:25:92:06:09:D1:38:B0:74:40:28:A6:C3:5C:B4:39:6D:81:EC:97:90:67:6B:45:39:DD:7A:EC:E3:F5:F6
Error: Could not request certificate: Error 500 on SERVER: Internal
Server Error: java.lang.NumberFormatException: For input string: ""
And this is the output on the same stage of another node that is working
Info: Creating a new SSL key for pro-front-xxxx.xxx
Info: csr_attributes file loading from
/etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for pro-front-xxxx.xxx
FD:FC:6F:D0:39:3B:78:24:2B:B9:5D:82:6E:E8:58:0B:37:63:AD:89:6F:D9:34:15:E6:D9:42:7F:AB:E5:EF:3BESC[0m
Info: Caching certificate for pro-front-xxxx.xxx
Info: Caching certificate for pro-frontend-xxxxx.xxx
Info: Using configured environment 'pro'
Info: Retrieving pluginfacts
Info: Retrieving plugin
It's happening a few times, but it's annoying because when it occurs is
while launching several nodes to form a new cluster, so the cluster is
never formed until this "puppet not signed host" is not signed manually.
Can anyone give me some light about this, please? Specially, this line in
Error: Could not request certificate: Error 500 on SERVER: Internal
Server Error: java.lang.NumberFormatException: For input string: ""
Can you look at the log for the server (on the server at
/var/log/puppetlabs/puppetserver/puppetserver.log) and post that. I would
expect a stacktrace at the time the 500 happened pointing out the culprit
in the code.
The agent might be requesting a certificate with invalid values, or a bug
in Puppet Server. My total wag would be that there's an issue with your
serial file being zeroed out (its just a place, off the top of my head,
where we read in a string and cast it to a number that could flap like
you've described).
- Justin
Post by Jesús Oliván
Thanks in advance!
--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAKYJm92S6m8-ahS93X6%3DELA_a%3DgBbMxNjdKS%2BVW%2BdAy8QpdtkA%40mail.gmail.com
<https://groups.google.com/d/msgid/puppet-users/CAKYJm92S6m8-ahS93X6%3DELA_a%3DgBbMxNjdKS%2BVW%2BdAy8QpdtkA%40mail.gmail.com?utm_medium=email&utm_source=footer>
.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/8afefd0b-6e21-4a0e-9029-cd1753c32211%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Loading...