When running a puppet cert
or puppet node
command, you receive a header too long
error.
Error messages and logs
[root@testmaster]# puppet cert list --all Error: header too long
This error is caused by 0-byte .pem
cert or security credential files in /etc/puppetlabs/puppet/ssl/
.
Version and installation information
PE version: 3.2 to 2016.2 and 2017.1 to 2018.1
OS: *nix
Installation type: monolithic, split
Note: This article assumes your CA (certificate authority) is on your Puppet master. If it's on another node, you'll need to modify these instructions.
Solution
For each 0-byte .pem
file, resolve the error by either regenerating the cert associated with the node (if the node is active) or removing the .pem
file (if the node is inactive).
Note: Each .pem
file's name is based on its certname. The file master.example.com.pem
is associated with the node master.example.com
.
-
Check for 0-byte
.pem
files by returning a list of files in thessl
directory. On the Puppet master, runfind /etc/puppetlabs/puppet/ssl/ -ls
. -
Match each 0-byte
.pem
file with its node.If the node associated with the 0-byte
.pem
is an active node:Regenerate the cert for the node.
Refer to the cert regeneration documentation for PE. Please navigate to the appropriate version for your version.
If the node associated with the 0-byte
.pem
is not an active node:Delete the 0-byte
.pem
file. - When all 0-byte files have been resolved, verify that
puppet cert
works. On the master, runpuppet cert list --all
.
If this does not resolve your issue, please open a ticket.
Comments
0 comments
Please sign in to leave a comment.