22 February 2015

Fixing puppet "Exiting; no certificate found and waitforcert is disabled" error

While debugging and setting up Puppet I am still running the agent and master from CLI in --no-daemonize mode.  I kept getting an error on my agent - ""Exiting; no certificate found and waitforcert is disabled".

The fix was quite simple and a little embarrassing.  Firstly I forgot to run my puppet master with root privileges which meant that it was unable to write incoming certificate requests to disk.  That's the embarrassing part and after I looked at my shell prompt and noticed this issue fixing it was quite simple.

Firstly I got the puppet ssl path by running the command puppet agent --configprint ssldir

Then I removed that directory so that my agent no longer had any certificates or requests.

On my master side I cleaned the old certificate by running puppet cert clean --all (this would remove all my agent certificates but for now I have just the one so its quicker than tagging it).

I started my agent up with the command puppet agent --test which regenerated the certificate and sent the request to my puppet master.  Because my puppet master was now running with root privileges (*cough*) it was able to write to its ssl directory and store the request.

I could then sign the request on my puppet master by running puppet cert sign --all

When running normally the puppet master will run as the puppet user so I'm not overly worried about running it as root in CLI while I debug it.

19 February 2015

Installing the Postgres extension for Hiphop

PostGres is rapidly gaining traction as a solid relational database manager.  It provides transaction reliability (ACID), standards compliance, and has a better reputation for handling large datasets than MariaDB / mySQL.

Luckily installing it for Hiphop is painless and there is an externally provided extension for it.

There was not a prebuilt package available for the PocketRent/hhvm-pgsql extension for my version of Hiphop so I built it following the advice in the project readme.  Their instructions worked first time.

I did not have success with using the "ini" method of including the extension so had to create a Hiphop configuration file.

 DynamicExtensionPath = /path/to/hhvm/extensions  
 DynamicExtensions {  
   * = pgsql.so  

I placed the snippet they provide (above) into a file called config.hdf in my Hiphop location.  I'm using Mint on my dev box so this was /etc/hhvm/config.hdf for me.

Then I edited /etc/default/hhvm and set Hiphop up to use the config file.  This snippet shows the change:

 ## Add additional arguments to the hhvm service start up that you can't put in CONFIG_FILE for some reason.  
 ## Default: ""  
 ## Examples:  
 ##  "-vLog.Level=Debug"        Enable debug log level  
 ##  "-vServer.DefaultDocument=app.php" Change the default document  
 ADDITIONAL_ARGS="-c /etc/hhvm/config.hdf"  

After that I restarted my hhvm service and was able to use Postgres in my Laravel project.  Hurray :)

New site in nginx is downloading PHP instead of executing it

I've just set up a new nginx host and was having problems with visiting it.

Whenever I loaded the page it would download a copy of my index file.

In my case the problem was two-fold.  Firstly I had mistyped my server name so it was falling back to an alternative catchall.

Secondly Chromium has a "won't fix" bug whereby redirects are cached.  Interestingly the cache also persisted into Incognito mode.

Clearing my cache with the "Clear Browsing History" menu function didn't work to clear out the redirect cache.  This gave the symptom of stopping nginx, stopping varnish, and even stopping hhvm but still having Chromium download the file when I tried to visit it.

What did work was to affix a get variable to the link.  So instead of visiting http://mysite.local I tried http://mysite.local?foo=1 which invalidated the cache.

This wasn't an entirely satisfactory solution so the next thing I tried was to use the developer tools (ctrl shift I) and then right clicking on the file in the network log.  Using the "Clear Browser Cache" option from that popup also worked.

So the TL;DR is:
1) Make sure that your config file is correct
2) Clear out your redirect cache or invalidate it