Puppet errors explained

tags: 

Puppet is a wonderful system automation tool, however the learning curve can be a little steep. We've collected some of the errors messages and "strange" behaviour you may come across together with explanations to help overcome these hurdles and boost adoption of this fabulous tool.

If you have any useful errors and explanations, please do send them in and we'll update this article.

General Puppet errors

These errors happen on current or popular versions of Puppet.

Failed to retrieve current state of resource: Could not retrieve information from source(s)

err: //test/File[/tmp/foo]: Failed to retrieve current state of resource: Could not retrieve information from source(s) puppet:///test/foo at /etc/puppet/modules test/manifests/init.pp:5

The file cannot be found on the puppetmaster. Check that the source file exists on the puppetmaster and is readable by the puppetmaster process. Note that the file is actually required to be in /etc/puppet/modules/test/files/foo.

If the error says ... from source(s) test/foo then you have omitted puppet:/// from your manifest - check that it says something like:

source => "puppet:///test/foo"

Could not retrieve information from environment production source(s) puppet://

err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve
information from environment production source(s) puppet://foo/plugins

You are using pluginsync (good) however there are no plugin directories on the puppet master - see this page. Easiest solution is to ensure that you have at least one module with a "lib" subdirectory.

Could not request certificate: undefined method `closed?'

err: Could not request certificate: undefined method `closed?' for nil:NilClass Exiting; failed to retrieve certificate and waitforcert is disabled

This one is normally very simple - you've forgotten to run puppetd as root and so it does not have permission to read the certificates.

This can also occur if there is a firewall preventing the puppet client and puppetmaster from talking. (Thanks to Anand Kumria).

Change from absent to file failed

err: //test/File[/tmp/missing/foo]/ensure: change from absent to file failed: Could not set file on ensure: No such file or directory - /tmp/missing/foo at /etc/puppet/modules/test/manifests/init.pp:5

"No such file or directory? But you are supposed to make it!" is a typical response. The problem here is that the parent directory /tmp/missing does not exist. Either tell puppet to create the missing directory (note that you don't need an explicit dependency as puppet will do that for you) or resolve this in a different manner (for example by depending upon a package which creates the parent directory).

Change failed ... Could not find server

err: //test/File[/tmp/foo]/content: change from {md5}068008008418dff20750a94336318974 to {md5}8db2d67767577c70b1251fd80ad32943 failed: Could not find server puppet

The error here was that a filebucket had been set however the server name was set to "puppet" rather than the real name:

filebucket {
  puppetmaster: server => "puppet1.example.com"
}

Could not retrieve catalog: can't convert nil into String

err: Could not retrieve catalog: can't convert nil into String at /etc/puppet/modules/test/manifests/init.pp:26 on node test.example.com

This error message happens when a template file is missing. As of v0.25.0, it prints a more helpful error message:

Could not find template 'test/foo' at /etc/puppet/modules/test/manifests/init.pp:26 on node test.example.com

undefined method `closed?' for nil:NilClass

err: Could not retrieve catalog from remote server: undefined method `closed?' for nil:NilClass

This error can occur when you have a bad error in a template - for example missing a closing quote. Double check any recent changes.

certificate verify failed

err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of resource: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed Could not retrieve file metadata for puppet://puppet.example.com/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

The server certificate that puppet has and the one that the puppetmaster is using differ. On a pure puppet node one simple way is just to remove the current SSL information and start again:

find /var/lib/puppet -type f -print0 |xargs -0r rm

Also ensure that the client and server agree what the current time is (otherwise the certificate created may not be valid on the other machine).

no certificate found and waitforcert is disabled

warning: peer certificate won't be verified in this SSL session
Exiting; no certificate found and waitforcert is disabled

You just need to sign the certificate on the puppetmaster:

puppetca -l  (returns a list of unsigned certificates)
puppetca -s node1.example.com

Could not retrieve catalog from remote server

err: Could not retrieve catalog from remote server: No such file or directory - /var/lib/puppet/client_yaml/catalog

This can occur if /var/lib/puppet/client_yaml/ is missing on the client (so that the catalog file cannot be written).

Could not render to pson: invalid utf8 byte

err: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not render to pson: invalid utf8 byte: '�'

One of your templates contains a strange character. You can use "od -c filename" and look for the odd characters.

Could not retrieve catalog from remote server: wrong header line format

err: Could not retrieve catalog from remote server: wrong header line format

One of your templates contains invalid syntax. Look for unintentional or invalid "<%" and ">%" strings. If you need to put these strings in templates you can use "<%%" and ">%%".

Run of Puppet configuration client already in progress

notice: Run of Puppet configuration client already in progress; skipping

Puppet believes that it is already running. If this isn't the case then you may have a stale lock file. Check with "ps axf" to see if puppetd is running, if it isn't then delete the lockfile (/var/lib/puppet/state/puppetdlock is likely location).

You cannot specify more than one of content, source, target

err: Could not run Puppet configuration client: You cannot specify more than one of content, source, target at /etc/puppet/modules/examples/manifests/init.pp:8

This is self-explanatory, what might not be obvious is how to fix this (for example if you are overriding a File resource previously defined by a source attribute which you now which to use a content with. Simply set "source => undef".

Cannot override local resource on node

err: Could not retrieve catalog from remote server: Error 400 on SERVER: Exported resource Opsviewmonitored[foo] cannot override local resource on node bar.example.com

You have a duplicate definition. This maybe due to an old node which you need to run puppetcleannode on. Search the database like this: "select hosts.name from hosts,resources where restype='Opsviewmonitored' and title='foo' and hosts.id = resources.host_id;"

Version specific error messages

These errors happen on more specific versions of Puppet.

Could not intern from pson: Could not convert from pson: Could not find relationship target ''

err: Could not retrieve catalog from remote server: Could not intern from pson: Could not convert from pson: Could not find relationship target ''

This is a bug specific to v0.25.1.

Error 400 on SERVER: No support for http method POST

err: Could not retrieve catalog from remote server: Error 400 on SERVER: No support for http method POST

Ensure that you are not running a v2.7 client against a v2.6 master. We suggest downgrading the client in this case to v2.6 as v2.7 can introduce changes in behaviour that are best dealt with as part of a planned upgrade.

Could not retrieve catalog from remote server: Error 400 on SERVER: undefined method `include?' for nil:NilClass

err: Could not retrieve catalog from remote server: Error 400 on SERVER: undefined method `include?' for nil:NilClass

The solution is to remove the certs from both client and master and then regenerate them. (Thanks to Anand Kumria).

sslv3 alert certificate revoked

err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read finished A: sslv3 alert certificate revoked
debug: file_metadata supports formats: b64_zlib_yaml pson raw yaml; using pson
err: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect returned=1 errno=0 state=SSLv3 read finished A: sslv3 alert certificate revoked Could not retrieve file metadata for puppet://example.com/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read finished A: sslv3 alert certificate revoked 

Check your DNS entries (you might need the reverse DNS record to be correct as well). Check the time on both client and server to ensure that they are in sync (otherwise the certificate maybe only valid at some point in future from the client's point of view).

Thanks to Sebastien Varrette for supplying this.

Could not find default node or by name

err: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find default node or by name with 'foo.example.net, foo.example, foo' on node foo.example.net
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run 

The explanation is, that on the puppet master, there's manifests/site.pp file containing info, but the client throwing the error is not listed in it. Note that an empty, absent, or comments-only site.pp file, will not cause the error in the non-listed client.

Thanks to Michel for supplying this.