9.1.6. Puppet-Related Issues¶
- What do I do when puppet gets certificate verification errors?
- Why is my Puppet Agent crashing when run with
- When should I run
puppet generate types?
If you are experiencing an error when running puppet such as
verify failed then there are a few things that you can try in an attempt to
troubleshoot the issue.
Make sure that your system clocks are within one hour of each other.
Ensure that the forward and reverse lookup for the FQDN of your systems is correct and matches the hostnames listed in the output of
openssl x509 -text -noout -in $(puppet config print hostcert) | less
HINT: Look at the Subject and X509v3 Subject Alternative Name sections.
Check that the connection from the client system to the server can successfully connect:
openssl s_client -host $(puppet config print server) \ -port $(puppet config print masterport) \ -cert $(puppet config print hostcert) \ -key $(puppet config print hostprivkey) \ -CAfile $(puppet config print localcacert)
If none of these items provides useful information, you may need to check permissions on your server and/or dig more closely into the puppetserver or client logs.
Facts provided by SIMP’s modules are not affected by FACT-1732.
- This issue only affects facts introduced from non-SIMP sources.
- It will cause the commands
puppet agent -t --debugand
facter -pto fail with errors when they encounter Bignum-sized numeric fact values.
- You can fix your own facts to avoid FACT-1732 by returning any potentially large numeric value as a String.
Older versions of SIMP and FACT-1732
SIMP modules’ facts haven’t been susceptible to FACT-1732 since SIMP
6.1.0-0. Before that, the
shmax facts from
simp-simplib would crash on systems with a lot of memory.
|||4611686018427387904 == 2 62|
puppet generate types command addresses the problem of Puppet
Environment isolation (SERVER-94) by generating custom type
metadata definitions for each environment. The command must therefore be
re-run in response to changes in Puppet environments and compilers.
By default, SIMP automates some of these cases using incron
triggers. However, there are still some situations where you will have to make
puppet generate types is run.
By default, SIMP configures the incron daemon to automatically run
puppet generate types under either of the following circumstances:
puppetserverbinaries have been updated.
- A new Puppet environment directory is added to the system.
This behavior is managed by the Puppet class
Differences from Previous versions of SIMP
Earlier versions of simp-pupmod (7.6.0 through 7.7.1, shipped with
SIMP 6.2.0-0 through 6.3.1-0) attempted to automatically trigger
generate types under every relevant circumstance. However, some of the
triggers could add too much load on the system and were removed from the
These situations must be addressed by other means (see below).
incron does not handle all cases, so you will need to ensure that
puppet generate types is after the following events:
- A new module that includes custom types is added to an existing environment.
- An existing custom type’s internal code is updated.
You can run the
puppet generate types command as root on the Puppet
Server. However, in order to ensure that the Puppet Server process can read
the generated files, you must also ensure they have the correct ownership and
permissions. One way to do this is by running the following command:
(umask 0027 && sg puppet -c 'puppet generate types --environment ENVIRONMENT')
This creates all files with the correct group ownership.
If you are using r10k to deploy Control Repository branches
r10k deploy environment, you can set the “generate_types” option
r10k.yaml file to automatically run puppet generate
types for each environment after it is deployed:
# Important: this option *must* be defined under a top-level `deploy:` deploy: generate_types: true
If you use r10k to deploy modules as root on the Puppet Server, you must ensure that the generated files have the correct ownership and permissions for the Puppet Server process to read them. One way to do this is by running the following command:
( umask 0027 && sg puppet -c '/usr/share/simp/bin/r10k deploy environment production' )
This will deploy the environment with the correct permissions and group
deploy/generate_types is set to
true, it will also
generate environment-safe type metadata files with the same permissions and