I am new to puppet I got this error on the puppet slave. After a bit of research on the internet, I found a solution that works, unfortunately, there was not a precise explanation as to the cause of the error or what the code was doing that fixed the issue. I really do not appreciate copy and pasting codes without understanding what the code is doing and how it was fixed/ I would really appreciate it if I can get an explanation of why the error occurred and what the code is doing to fix this issue thanks.
Error Message
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_connect SYSCALL returned=5 errno=0 state=unknown state
Info: Retrieving pluginfacts
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect SYSCALL returned=5 errno=0 state=unknown state
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: SSL_connect SYSCALL returned=5 errno=0 state=unknown state
Info: Retrieving plugin
Error: /File[/opt/puppetlabs/puppet/cache/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect SYSCALL returned=5 errno=0 state=unknown state
Error: /File[/opt/puppetlabs/puppet/cache/lib]: Could not evaluate: Could not retrieve file metadata for puppet:///plugins: SSL_connect SYSCALL returned=5 errno=0 state=unknown state
Info: Loading facts
Error: Could not retrieve catalog from remote server: SSL_connect SYSCALL returned=5 errno=0 state=unknown state
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: SSL_connect SYSCALL returned=5 errno=0 state=unknown state
Solution
[root@host ~]# puppet config print ssldir
/etc/puppetlabs/puppet/ssl
[root@host ~]# mkdir /tmp/puppet-ssl-orig
[root@host ~]# mv /etc/puppetlabs/puppet/ssl/* /tmp/puppet-ssl-orig
[root@host ~]# puppet agent -t
The error messages you present show that the problem revolved around the agent failing to establish an SSL connection with the master. There isn't enough information in the messages themselves or the other materials presented to determine a priori the specific nature of the problem, but the mitigation you performed was to remove all the agent's stored certificates (including its own). From the fact that this solved the problem, we can deduce that the agent was rejecting the master's host certificate.
Very likely this situation arose from the agent previously having synced with a master, but then trying to request a catalog from a cryptographically different master. For example, reinstalling Puppet on the master will typically wipe out any previous cryptographic certificates, which could produce this effect. Or this is also what you would expect to happen if a bona fide evil actor tried to impersonate the real master with one under their own control (unless they had managed to steal the real master's certs).
In any event, wiping out the agent's existing certs would cause it to
That all the certificate-signing bits succeeded indicates also that the master had no record of a certificate previously issued to this particular agent, which also supports the theory of the master having been swapped out from under the agent.