FAQ
I am installing puppet enterprise manager (master) on a RHEL box.
Though the install itself succeeds without any issues, the first run
of puppet when it tries to deploy the pe_mcollective module fails with
the following error.

Message:
change from notrun to 0 failed: sh -c 'umask 077; keytool -
importkeystore -deststorepass puppet -destkeypass puppet -destkeystore
broker.ks -srckeystore broker.p12 -srcstorepass puppet -srcstoretype
PKCS12 -alias puppet-master.xyz.com' returned 1 instead of one of [0]
at /opt/puppet/share/puppet/modules/pe_mcollective/manifests/posix.pp:
138

Source:
/Stage[main]/Pe_mcollective::Posix/Exec[broker_cert_keystore]/returns

File:
/opt/puppet/share/puppet/modules/pe_mcollective/manifests/posix.pp

I have uninstalled and cleaned out the dirs before installing, but no
change. Looks like something got wacked up with the creation of the
keystore.. Any suggestions

Thanks
Shiva

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Search Discussions

  • Jeff McCune at May 22, 2012 at 3:37 pm
    What version of PE and RHEL?

    I've seen this problem a couple of times and I believe we have a fix
    already. I'll just need to track it down and make sure it's the same issue.

    -Jeff
    On Tuesday, May 22, 2012, Shiva wrote:

    I am installing puppet enterprise manager (master) on a RHEL box.
    Though the install itself succeeds without any issues, the first run
    of puppet when it tries to deploy the pe_mcollective module fails with
    the following error.

    Message:
    change from notrun to 0 failed: sh -c 'umask 077; keytool -
    importkeystore -deststorepass puppet -destkeypass puppet -destkeystore
    broker.ks -srckeystore broker.p12 -srcstorepass puppet -srcstoretype
    PKCS12 -alias puppet-master.xyz.com' returned 1 instead of one of [0]
    at /opt/puppet/share/puppet/modules/pe_mcollective/manifests/posix.pp:
    138

    Source:
    /Stage[main]/Pe_mcollective::Posix/Exec[broker_cert_keystore]/returns

    File:
    /opt/puppet/share/puppet/modules/pe_mcollective/manifests/posix.pp

    I have uninstalled and cleaned out the dirs before installing, but no
    change. Looks like something got wacked up with the creation of the
    keystore.. Any suggestions

    Thanks
    Shiva

    --
    You received this message because you are subscribed to the Google Groups
    "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com<javascript:;>
    .
    To unsubscribe from this group, send email to
    puppet-users+unsubscribe@googlegroups.com <javascript:;>.
    For more options, visit this group at
    http://groups.google.com/group/puppet-users?hl=en.
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Shiva at May 22, 2012 at 3:55 pm
    Thanks Jeff

    Puppet enterprise 2.5.1 and RHEL 6.2

    Shiva
    On May 22, 11:37 am, Jeff McCune wrote:
    What version of PE and RHEL?

    I've seen this problem a couple of times and I believe we have a fix
    already. I'll just need to track it down and make sure it's the same issue.

    -Jeff






    On Tuesday, May 22, 2012, Shiva wrote:
    I am installing puppet enterprise manager (master) on a RHEL box.
    Though the install itself succeeds without any issues, the first run
    of puppet when it tries to deploy the pe_mcollective module fails with
    the following error.
    Message:
    change from notrun to 0 failed: sh -c 'umask 077; keytool -
    importkeystore -deststorepass puppet -destkeypass puppet -destkeystore
    broker.ks -srckeystore broker.p12 -srcstorepass puppet -srcstoretype
    PKCS12 -alias puppet-master.xyz.com' returned 1 instead of one of [0]
    at /opt/puppet/share/puppet/modules/pe_mcollective/manifests/posix.pp:
    138
    Source:
    /Stage[main]/Pe_mcollective::Posix/Exec[broker_cert_keystore]/returns
    File:
    /opt/puppet/share/puppet/modules/pe_mcollective/manifests/posix.pp
    I have uninstalled and cleaned out the dirs before installing, but no
    change. Looks like something got wacked up with the creation of the
    keystore.. Any suggestions
    Thanks
    Shiva
    --
    You received this message because you are subscribed to the Google Groups
    "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com<javascript:;>
    .
    To unsubscribe from this group, send email to
    puppet-users+unsubscribe@googlegroups.com <javascript:;>.
    For more options, visit this group at
    http://groups.google.com/group/puppet-users?hl=en.
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Shiva at May 24, 2012 at 2:41 pm
    Jeff

    Have you been able to identify the fix.. I am kinda stuck and havent
    been able to move forward with this..

    Thanks
    Shiva
    On May 22, 11:55 am, Shiva wrote:
    Thanks Jeff

    Puppet enterprise 2.5.1 and RHEL 6.2

    Shiva

    On May 22, 11:37 am, Jeff McCune wrote:






    What version of PE and RHEL?
    I've seen this problem a couple of times and I believe we have a fix
    already. I'll just need to track it down and make sure it's the same issue.
    -Jeff
    On Tuesday, May 22, 2012, Shiva wrote:
    I am installing puppet enterprise manager (master) on a RHEL box.
    Though the install itself succeeds without any issues, the first run
    of puppet when it tries to deploy the pe_mcollective module fails with
    the following error.
    Message:
    change from notrun to 0 failed: sh -c 'umask 077; keytool -
    importkeystore -deststorepass puppet -destkeypass puppet -destkeystore
    broker.ks -srckeystore broker.p12 -srcstorepass puppet -srcstoretype
    PKCS12 -alias puppet-master.xyz.com' returned 1 instead of one of [0]
    at /opt/puppet/share/puppet/modules/pe_mcollective/manifests/posix.pp:
    138
    Source:
    /Stage[main]/Pe_mcollective::Posix/Exec[broker_cert_keystore]/returns
    File:
    /opt/puppet/share/puppet/modules/pe_mcollective/manifests/posix.pp
    I have uninstalled and cleaned out the dirs before installing, but no
    change. Looks like something got wacked up with the creation of the
    keystore.. Any suggestions
    Thanks
    Shiva
    --
    You received this message because you are subscribed to the Google Groups
    "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com<javascript:;>
    .
    To unsubscribe from this group, send email to
    puppet-users+unsubscribe@googlegroups.com <javascript:;>.
    For more options, visit this group at
    http://groups.google.com/group/puppet-users?hl=en.
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Jeff McCune at May 24, 2012 at 8:25 pm

    On Thu, May 24, 2012 at 7:41 AM, Shiva wrote:

    Jeff

    Have you been able to identify the fix.. I am kinda stuck and havent
    been able to move forward with this..
    I haven't yet. I'll be in IRC today and will look at this right now. I'm
    jmccune on freenode, please ping me there and we can work on this a bit
    more.

    -Jeff

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Jeff McCune at May 24, 2012 at 9:21 pm

    On Tue, May 22, 2012 at 6:58 AM, Shiva wrote:

    I am installing puppet enterprise manager (master) on a RHEL box.
    Though the install itself succeeds without any issues, the first run
    of puppet when it tries to deploy the pe_mcollective module fails with
    the following error.

    Message:
    change from notrun to 0 failed: sh -c 'umask 077; keytool -
    importkeystore -deststorepass puppet -destkeypass puppet -destkeystore
    broker.ks -srckeystore broker.p12 -srcstorepass puppet -srcstoretype
    PKCS12 -alias puppet-master.xyz.com' returned 1 instead of one of [0]
    at /opt/puppet/share/puppet/modules/pe_mcollective/manifests/posix.pp:
    138
    OK, I dove into this and I think it might be caused by a difference in
    behavior between Java on CentOS and Java on RHEL. The keytool command
    Puppet is executing returns 0 on CentOS 6.2 but this doesn't guarantee the
    behavior is the same with RHEL 6.2.

    Could you let me know what /usr/bin/keytool is using ls -l? If it's a
    symbolic link, can you follow it and let me know where it ends up?
    Finally, could you run rpm -qf on the resulting file? (for me on CentOS
    6.2 it ultimately links to /usr/lib/jvm/jre-1.6.0-openjdk/bin/keytool owned
    by java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.i686

    -Jeff

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Robert Vanveelen at May 24, 2012 at 10:32 pm
    -- Sent from my HP Veer
  • Robert Vanveelen at May 24, 2012 at 10:47 pm
    -- Sent from my HP Veer
  • Shiva at May 29, 2012 at 1:19 pm
    Jeff

    This is where the keytool is

    lrwxrwxrwx. 1 root root 49 Apr 27 08:18 keytool -> /usr/lib/jvm/
    jre-1.6.0-openjdk.x86_64/bin/keytool

    Thanks
    Shiva
    On May 24, 6:47 pm, wrote:
    -- Sent from my HP VeerOn May 24, 2012 17:21, Jeff McCune wrote:On Tue, May 22, 2012 at 6:58 AM, Shivawrote:I am installing puppet enterprise manager (master) on a RHEL box.
    Though the install itself succeeds without any issues, the first run
    of puppet when it tries to deploy the pe_mcollective module fails with
    the following error.
    Message:
    change from notrun to 0 failed: sh -c 'umask 077; keytool -
    importkeystore -deststorepass puppet -destkeypass puppet -destkeystore
    broker.ks -srckeystore broker.p12 -srcstorepass puppet -srcstoretype
    PKCS12 -aliaspuppet-master.xyz.com' returned 1 instead of one of [0]
    at /opt/puppet/share/puppet/modules/pe_mcollective/manifests/posix.pp:
    138

    OK, I dove into this and I think it might be caused by a difference in behavior between Java on CentOS and Java on RHEL.  The keytool command Puppet is executing returns 0 on CentOS 6.2 but this doesn't guarantee the behavior is the same with RHEL 6.2.



    Could you let me know what /usr/bin/keytool is using ls -l?  If it's a symbolic link, can you follow it and let me know where it ends up?  Finally, could you run rpm -qf on the resulting file?  (for me on CentOS 6.2 it ultimately links to /usr/lib/jvm/jre-1.6.0-openjdk/bin/keytool owned by java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.i686



    -Jeff



    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Jeff McCune at May 29, 2012 at 8:40 pm

    On Tue, May 29, 2012 at 6:19 AM, Shiva wrote:

    Jeff

    This is where the keytool is

    lrwxrwxrwx. 1 root root 49 Apr 27 08:18 keytool -> /usr/lib/jvm/
    jre-1.6.0-openjdk.x86_64/bin/keytool
    That looks correct.

    What version of the package do you have installed? You can check using:
    rpm -qf /usr/lib/jvm/jre-1.6.0-openjdk/bin/keytool

    (Please paste the full line printed on the output. Package versions get
    pretty specific.)

    Cheers,
    -Jeff

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Shiva at May 30, 2012 at 12:00 pm
    Here you go..

    rpm -qf /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/keytool
    java-1.6.0-openjdk-1.6.0.0-1.41.1.10.4.el6.x86_64

    On May 29, 4:39 pm, Jeff McCune wrote:
    On Tue, May 29, 2012 at 6:19 AM, Shiva wrote:

    Jeff
    This is where the keytool is
    lrwxrwxrwx. 1 root root 49 Apr 27 08:18 keytool -> /usr/lib/jvm/
    jre-1.6.0-openjdk.x86_64/bin/keytool
    That looks correct.

    What version of the package do you have installed?  You can check using:
    rpm -qf /usr/lib/jvm/jre-1.6.0-openjdk/bin/keytool

    (Please paste the full line printed on the output.  Package versions get
    pretty specific.)

    Cheers,
    -Jeff
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Jeff McCune at Jun 5, 2012 at 10:50 pm

    On Tue, May 22, 2012 at 6:58 AM, Shiva wrote:
    I am installing puppet enterprise manager (master) on a RHEL box.
    Though the install itself succeeds without any issues, the first run
    of puppet when it tries to deploy the pe_mcollective module fails with
    the following error.

    Message:
    change from notrun to 0 failed: sh -c 'umask 077; keytool -
    importkeystore -deststorepass puppet -destkeypass puppet -destkeystore
    broker.ks -srckeystore broker.p12 -srcstorepass puppet -srcstoretype
    PKCS12 -alias puppet-master.xyz.com' returned 1 instead of one of [0]
    at /opt/puppet/share/puppet/modules/pe_mcollective/manifests/posix.pp:
    138
    For posterity, Shiva, Gary and I worked on this issue this afternoon
    and found the root cause to be a problem with the fqdn fact and the
    return value of the puppet cert command.

    The fqdn fact was returning the empty string, which caused the
    manifest to execute this command:

    puppet cert --generate pe-internal-broker --dns_alt_names
    '${pe_mcollective::stomp_server},${::fqdn},stomp'

    Since $fqdn is the empty string, two consecutive commas were passed to
    the dns_alt_names option. This, in turn caused puppet cert to fail
    with an argument error. Even though it failed, the command returns an
    exit status of 0 (which is a bug in Puppet). This caused Puppet to
    think the command executed successfully and proceeded to try and
    convert the PEM files into PKCS12 files.

    So, even though the keytool command was failing the root cause was
    actually the fqdn fact being empty.

    If anyone else runs into this, chance if `facter fqdn` returns what
    you expect. If it doesn't print anything out this may be the cause of
    this error.

    The solution was do add the line `domain foo.bar.com` to
    /etc/resolv.conf which then caused `facter fqdn` to return the
    expected value.

    Hope this helps,
    -Jeff

    (Now to go fix puppet cert and facter fqdn ...)

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppuppet-users @
categoriespuppet
postedMay 22, '12 at 2:03p
activeJun 5, '12 at 10:50p
posts12
users3
websitepuppetlabs.com

People

Translate

site design / logo © 2022 Grokbase