Clients are out of sync

sunilkambar · July 21, 2020, 4:11pm

Problem:
The certificate was expiring on 20th so we renewed it last week, but today we see all of out clients are out of sync any help is appreciated.

Expected outcome:

Foreman and Proxy versions:
Foreman Version 1.8.3
Puppet Version 3.8.7

Foreman and Proxy plugin versions:

Distribution and version:

Other relevant data:

Jul 19 07:02:22 cls435 puppet-master[2168]: Failed when searching for node cls3024.huskyenergy.ca: Failed to find cls3024.huskyenergy.ca via exec: Execution of ‘/etc/puppet/node.rb cls3024.huskyenergy.ca’ returned 1:
Jul 19 07:02:22 cls435 puppet-master[2168]: Failed when searching for node cls3024.huskyenergy.ca: Failed to find cls3024.huskyenergy.ca via exec: Execution of ‘/etc/puppet/node.rb cls3024.huskyenergy.ca’ returned 1:
Jul 19 07:02:23 cls435 puppet-master[2183]: Report processor failed: Could not send report to Foreman at https://cls435.huskyenergy.ca/api/reports: SSL_connect returned=1 errno=0 state=error: sslv3 alert certificate revoked
Jul 19 07:02:23 cls435 puppet-master[2183]: /usr/lib/ruby/1.8/net/http.rb:586:in connect'/usr/lib/ruby/1.8/net/http.rb:586:in connect’/usr/lib/ruby/1.8/net/http.rb:553:in do_start'/usr/lib/ruby/1.8/net/http.rb:542:in start’/usr/lib/ruby/1.8/net/http.rb:1035:in request'/usr/lib/ruby/site_ruby/1.8/puppet/reports/foreman.rb:58:in process’/usr/lib/ruby/site_ruby/1.8/puppet/indirector/report/processor.rb:37:in process'/usr/lib/ruby/site_ruby/1.8/puppet/indirector/report/processor.rb:53:in processors’/usr/lib/ruby/site_ruby/1.8/puppet/indirector/report/processor.rb:51:in each'/usr/lib/ruby/site_ruby/1.8/puppet/indirector/report/processor.rb:51:in processors’/usr/lib/ruby/site_ruby/1.8/puppet/indirector/report/processor.rb:30:in process'/usr/lib/ruby/site_ruby/1.8/puppet/indirector/report/processor.rb:14:in save’/usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:283:in save'/usr/lib/ruby/site_ruby/1.8/puppet/network/http/api/v1.rb:160:in do_save’/usr/lib/ruby/site_ruby/1.8/puppet/network/http/api/v1.rb:50:in send'/usr/lib/ruby/site_ruby/1.8/puppet/network/http/api/v1.rb:50:in call’/usr/lib/ruby/site_ruby/1.8/puppet/context.rb:64:in override'/usr/lib/ruby/site_ruby/1.8/puppet.rb:246:in override’/usr/lib/ruby/site_ruby/1.8/puppet/network/http/api/v1.rb:49:in call'/usr/lib/ruby/site_ruby/1.8/puppet/network/http/route.rb:82:in process’/usr/lib/ruby/site_ruby/1.8/puppet/network/http/route.rb:81:in each'/usr/lib/ruby/site_ruby/1.8/puppet/network/http/route.rb:81:in process’/usr/lib/ruby/site_ruby/1.8/puppet/network/http/handler.rb:63:in process'/usr/lib/ruby/site_ruby/1.8/puppet/util/profiler/around_profiler.rb:58:in profile’/usr/lib/ruby/site_ruby/1.8/puppet/util/profiler.rb:51:in profile'/usr/lib/ruby/site_ruby/1.8/puppet/network/http/handler.rb:61:in process’/usr/lib/ruby/site_ruby/1.8/puppet/network/http/rack.rb:21:in `call’/usr/lib/ruby/gems/1.8/gems/passenger-4.0.18/lib/phusio

areyus · July 23, 2020, 1:41pm

Hi,

your clients get out of sync because node.rb (the ENC script) can not upload facts and reports from the managed systems anymore. This is due to the fact that node.rb (like almost all parts of Foreman) uses SSL certs for authentication and validation of systems. Since you changed your certificate, you will have to redeploy it to the Puppet server.
I can not tell for sure where the certs and config for node.rb are on your system, but I guess the config would be /etc/puppet/foreman.yaml.
Please note: Foreman 1.8 and Puppet 3 are extremely old and have been out of support for years. I know migriting away from Puppet 3 can be a big pain, but I would strongly advise you to upgrade both compoenents as soon as you can to a current release. With these old versions, you will find less and less people beeing able to help you in case of problems.
The current versions are 2.1 for Foreman and 6.17 for Puppet.