Are you certain that it's an OnOutOfMemory error? I ask because I found that the latest PuppetServer includes a newer version of logback, as shown by this message in /var/log/messages:

您确定这是 OnOutOfMemory 错误吗？我问是因为我发现最新的 PuppetServer 包含更新版本的 logback，如 /var/log/messages 中的这条消息所示：

Mar 18 01:56:21 puppetserver java: Exception in thread "main" java.lang.AbstractMethodError: ch.qos.logback.core.net.SyslogAppenderBase.createOutputStream()Lch/qos/logback/core/net/SyslogOutputStream;
Mar 18 01:56:21 puppetserver java: at ch.qos.logback.core.net.SyslogAppenderBase.start(SyslogAppenderBase.java:62)
Mar 18 01:56:21 puppetserver java: at ch.qos.logback.classic.net.SyslogAppender.start(SyslogAppender.java:48)

If you see, this replace “classic.net.Syslog” in logback.xml with "core.net.Syslog"

如果您看到，这将 logback.xml 中的“classic.net.Syslog”替换为“core.net.Syslog”

sed -i_old -e 's/classic.net.Syslog/core.net.Syslog/' /etc/puppetlabs/puppetserver/logback.xml

If that's not the problem, please post your logfiles.

如果这不是问题，请发布您的日志文件。

You have provided log as

您提供的日志为

OpenJDK 64-Bit Server VM warning: ignoring option MaxPermSize=1g; support was removed in 8.0

OpenJDK 64 位服务器 VM 警告：忽略选项 MaxPermSize=1g；在 8.0 中移除了支持

So, it is clear that you are using jdk 8 which removed permgen space.

因此，很明显您正在使用删除 permgen 空间的 jdk 8。

The Permanent Generation (PermGen) space has completely been removed and is kind of replaced by a new space called Metaspace. The consequences of the PermGen removal is that obviously the PermSize and MaxPermSize JVM arguments are ignored and you will never get a java.lang.OutOfMemoryError: PermGen error.

永久代 (PermGen) 空间已完全删除，取而代之的是一个名为Metaspace. 删除 PermGen 的后果是，显然 PermSize 和 MaxPermSize JVM 参数被忽略，你永远不会得到java.lang.OutOfMemoryError: PermGen error.

1. So please remove the -XX:MaxPermSize=1gportion from JAVA_ARGSof location /etc/sysconfig/puppetserver

1. 所以请-XX:MaxPermSize=1g从JAVA_ARGS位置中删除部分/etc/sysconfig/puppetserver

JAVA_ARGS="-Xms1g -Xmx1g"

JAVA_ARGS="-Xms1g -Xmx1g"

So

所以

1. And then,

2. 接着，

your command will be look like below:

您的命令如下所示：

$ /usr/bin/java -Xms1g -Xmx1g -XX:OnOutOfMemoryError='kill -9 %%p' -Djava.security.egd=/dev/urandom -cp /opt/puppetlabs/server/apps/puppetserver/puppet-server-release.jar clojure.main -m puppetlabs.trapperkeeper.main --config /etc/puppetlabs/puppetserver/conf.d -b /etc/puppetlabs/puppetserver/bootstrap.cfg

or

或者

$ /usr/bin/java -Xms1g -Xmx1g -Djava.security.egd=/dev/urandom -cp /opt/puppetlabs/server/apps/puppetserver/puppet-server-release.jar clojure.main -m puppetlabs.trapperkeeper.main --config /etc/puppetlabs/puppetserver/conf.d -b /etc/puppetlabs/puppetserver/bootstrap.cfg

Please try this 2 commands. I hope both will run successfully. For caution purpose, I have added both.

请尝试这 2 个命令。我希望两者都能成功运行。为谨慎起见，我添加了两者。

N.B: There is no need to change the file permission. keep them as before you using.

注意：无需更改文件权限。像使用前一样保留它们。

Otherwise, if you don't want to change anything, you can downgrade java 8to java 7

否则，如果您不想更改任何内容，则可以降级java 8为java 7

Related Link:

相关链接：

1. PermGen elimination in JDK 8
2. Java HotSpot(TM) 64-Bit Server VM warning: ignoring option MaxPermSize
3. JAVA 8 XX:PERMSIZE AND XX:MAXPERMSIZE DISAPPEARING
4. JDK 8 Milestones
5. JEP 122: Remove the Permanent Generation

1. JDK 8 中的 PermGen 消除
2. Java HotSpot(TM) 64 位服务器 VM 警告：忽略选项 MaxPermSize
3. JAVA 8 XX:PERMSIZE 和 XX:MAXPERMSIZE 消失
4. JDK 8 里程碑
5. JEP 122：删除永久代

@lollercoster, you're starting your service with:

@lollercoster，您正在开始您的服务：

sudo puppet resource service puppetserver ensure=running

But your next command is not telling which user it is

但是你的下一个命令并没有告诉它是哪个用户

/usr/bin/java -Xms1g -Xmx1g -XX:MaxPermSize=1g -XX:OnOutOfMemoryError='kill -9 %%p' -Djava.security.egd=/dev/urandom -cp /opt/puppetlabs/server/apps/puppetserver/puppet-server-release.jar clojure.main -m puppetlabs.trapperkeeper.main --config /etc/puppetlabs/puppetserver/conf.d -b /etc/puppetlabs/puppetserver/bootstrap.cfg

Please run whoami directly before your run the above command:

请在运行上述命令之前直接运行 whoami：

whoami
/usr/bin/java -Xms1g -Xmx1g -XX:MaxPermSize=1g -XX:OnOutOfMemoryError='kill -9 %%p' -Djava.security.egd=/dev/urandom -cp /opt/puppetlabs/server/apps/puppetserver/puppet-server-release.jar clojure.main -m puppetlabs.trapperkeeper.main --config /etc/puppetlabs/puppetserver/conf.d -b /etc/puppetlabs/puppetserver/bootstrap.cfg

Why this commands? I am pretty confident that your issue is a permission/usercontext issue and following commands make it more worse:

为什么是这个命令？我非常有信心您的问题是权限/用户上下文问题，以下命令会使情况变得更糟：

$ sudo chown -R vagrant:vagrant /var/run/puppetlabs/
$ sudo chown -R vagrant:vagrant /var/log/puppetlabs/
$ sudo chmod -R 0755 /var/run/puppetlabs/

with the above cases you have to do a sudo on the right user context to have the files writable, but it depends if the other data is writable. So you can give it a try, but I would use the puppet user created for the service

对于上述情况，您必须在正确的用户上下文中执行 sudo 才能使文件可写，但这取决于其他数据是否可写。所以你可以试一试，但我会使用为服务创建的 puppet 用户

User=puppet

So your puppet service runs as user puppet, but your logfiles are under vagrant user control, and not writable for puppet user.

因此，您的 puppet 服务作为用户 puppet 运行，但您的日志文件受 vagrant 用户控制，并且 puppet 用户不可写。

So I would also try to switch back to:

所以我也会尝试切换回：

$ sudo chown -R puppet /var/run/puppetlabs/
$ sudo chown -R puppet /var/log/puppetlabs/
$ sudo chmod -R 0755 /var/run/puppetlabs/

Java

爪哇

Also I suggest you NOT to mess around with the JVM heap parameters, except you know what you do. Since you do not need to enforce a lower and a max bound on Java VM heap since JDK5. I would only limit to the upper bound

另外我建议你不要乱用 JVM 堆参数，除非你知道你在做什么。由于自 JDK5 以来您不需要对 Java VM 堆强制执行下限和上限。我只会限制在上限

-Xmx1g

The heap and the real allocated mem will be managed well by the javaVM. As JVM needs more it will step by step increase the heap and keep the needed size (no downsizing to a lower value will occur). So you will have a better used RAM on your machine.

堆和实际分配的内存将由 javaVM 很好地管理。随着 JVM 需要更多，它将逐步增加堆并保持所需的大小（不会发生缩小到较低值的情况）。因此，您将在您的机器上拥有更好的 RAM。

Also please switch to the Oracle JVM. I am facing often issues with security and Compatibility with OpenJDK. So my first test is to run it on the latest needed JDK of Oracle. In your case Oracle JDK8. But please try first the permission things I mentioned before.

另外请切换到 Oracle JVM。我经常面临 OpenJDK 的安全性和兼容性问题。所以我的第一个测试是在最新需要的 Oracle JDK 上运行它。在您的情况下是 Oracle JDK8。但是请先尝试我之前提到的许可事项。

Good luck, and please keep me updated.

祝你好运，请让我保持更新。

I have seen this behaviour before. Do not try to run the commands manually as root, because you will mess up the permissions.Instead read the logs carefully with journalctl -xeand try to understand why the service is failing. In my case I could not start the puppetserverservice because there was already a private key, but not yet a public certificate.

我以前见过这种行为。不要尝试以 root 用户身份手动运行这些命令，因为您会弄乱权限。而是仔细阅读日志journalctl -xe并尝试了解服务失败的原因。就我而言，我无法启动该puppetserver服务，因为已经有私钥，但还没有公共证书。

ls /etc/puppetlabs/puppet/ssl/certs/`hostname -f`.pem
ls /etc/puppetlabs/puppet/ssl/private_keys/`hostname -f`.pem

If one of them is present without the other one, the service will fail to start up. You will see something like this in the log file:

如果其中一个存在而另一个存在，则服务将无法启动。您将在日志文件中看到类似的内容：

Exception in thread "main" java.lang.IllegalStateException: Cannot initialize master with partial state; need all files or none.

If you are trying to install puppetserverfor the first time, so there is no way to break an existing deployment, then you can probably just remove the exisiting private key and puppetserverwill automatically generate a new pair.

如果您是puppetserver第一次尝试安装，因此无法破坏现有的部署，那么您可能只需删除现有的私钥并puppetserver自动生成新的一对。

rm /etc/puppetlabs/puppet/ssl/certs/`hostname -f`.pem
rm /etc/puppetlabs/puppet/ssl/private_keys/`hostname -f`.pem

And finally try again to start the puppetserverservice.

最后再次尝试启动puppetserver服务。

service puppetserver start

/usr/bin/java -Xms1g -Xmx1g -XX:MaxPermSize=1g 

Xms and Xms are less than MaxPermSize. this worked for me.

Xms 和 Xms 小于 MaxPermSize。这对我有用。