0

I have 3 servers set up. A puppet master using passenger (puppet-server1), dashboard using passenger (puppet-server2) and puppetdb (puppet-server3).

I cannot get the inventory service working in the dashboard.

The puppet master is able to sign certs and hand out manifests.

The nodes have checked in to the dashboard ok

The puppetdb appears to be working - logs files as follows:

2012-12-13 17:53:10,899 INFO  [command-proc-74] [puppetdb.command] [8490148f-865a-45c8-b5b5-2c8824d753dd] [replace facts] puppet-server3.test.net
2012-12-13 17:53:11,041 INFO  [command-proc-74] [puppetdb.command] [dfcc5168-06df-41d4-9a97-77b4cd3f4a2b] [replace catalog] puppet-server3.test.net
2012-12-13 17:55:28,600 INFO  [command-proc-74] [puppetdb.command] [b2cc0a96-0404-49f5-96ad-19c778508d3d] [replace facts] puppet-client2.test.net
2012-12-13 17:55:28,729 INFO  [command-proc-74] [puppetdb.command] [4dc4b8f3-06df-4dad-a89a-92ac80447b99] [replace catalog] puppet-client2.test.net

The puppet master has the following configured in puppet.conf

[master]

certname = puppet-server1.test.net
storeconfigs = true
storeconfigs_backend = puppetdb
reports = store, http
reporturl = http://puppet-server2.test.net/reports/upload

The puppet master have the following configured in auth.conf

#access for puppet dashboard facts
path /facts
auth yes
method find, search
allow dashboard

The puppet dashboard has this configured in /usr/share/puppet-dashboard/config/settings.yml

# Hostname of the inventory server.
inventory_server: 'puppet-server3.test.net'

# Port for the inventory server.
inventory_port: 8081

The inventory is on as I see a link to the inventory in the dashboard server

But I am getting this error:

Inventory
Could not retrieve facts from inventory service: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read finished A

clearly an SSL error - but I have followed the documentation and have no idea how to fix this. Can anyone help please?

Oli

Oli
  • 418
  • 3
  • 15
  • Seems like something might be wrong with that puppetdb listener - let's check on its SSL connectivity outside of puppet first. Run `openssl s_client -connect puppet-server3.test.net:8081` - let's see what output we get from that. – Shane Madden Dec 14 '12 at 02:37
  • I have run the command from another server and got this `responsesubject=/CN=puppet-server3.tcl-oob.net issuer=/CN=Puppet CA: puppet-server1.tcl-oob.net --- Acceptable client certificate CA names /CN=Puppet CA: puppet-server1.tcl-oob.net --- SSL handshake has read 2365 bytes and written 178 bytes --- Verify return code: 21 (unable to verify the first certificate)` – Oli Dec 14 '12 at 20:29
  • I was told this. "The puppetdb plugins you installed on your puppetmaster handle the communication with puppetdb. Instead of storying inventory data in a local database, your puppetmaster will send them to puppetdb. So inventory_server in dashboard's settings.yml should be pointing at your puppetmaster, not the puppetdb server". This is not how I have things configured. Is this statement correct? – Oli Dec 14 '12 at 20:32
  • Yes, that's right. So, change your dashboard config appropriately - and is your master configured to point to puppetdb as its facts terminus? – Shane Madden Dec 14 '12 at 20:52
  • The master is pointing to the puppetdb. I have run API commands against the puppetdb and can see responses so I am sure that the puppetdb is working. I am confused though as the inventory is asking for these configuration parameters. # Hostname of the inventory server.`inventory_server: 'puppet-server1.tcl-oob.net' # Port for the inventory server:inventory_port: 8081` but as far as I can tell the puppet master isn't listening on port 8081. So are you saying the `inventory_server` in the dashboard should be the puppet master. What happens if I have multiple puppet masters? Thanks for your help! – Oli Dec 14 '12 at 21:28
  • This is my puppet master config for its facts terminus `[master] certname = puppet-server1.tcl-oob.net storeconfigs = true storeconfigs_backend = puppetdb reports = store, http reporturl = http://puppet-server2.tcl-oob.net/reports/upload` and puppetdb.conf `[main] server = puppet-server3.tcl-oob.net port = 8081`. And I am using passenger but I can't believe this has anything to do with this issue. Passenger is setup correctly as the puppet-master and agents are all working – Oli Dec 14 '12 at 21:32
  • So your dashboard configuration should point to the puppet master on port 8140 - that's where the API lives that the dashboard wants. If you have multiple puppet masters and all of them point to the same puppetdb, any of them is appropriate to point the dashboard to. – Shane Madden Dec 15 '12 at 01:23
  • I installed everything again, following my set up notes and pointed the inventory server and port to my puppet master. However I have this issue `Inventory Could not retrieve facts from inventory service: 403 "Forbidden"` – Oli Dec 17 '12 at 13:27
  • And finally. Thank you very much for all your help. I have it working and understand the concepts much better after your advice and help. The reason for my 403 forbidden error was this - it has to be placed *before* the last stanza in the default config which reads: # this one is not strictly necessary, but it has the merit # to show the default policy which is deny everything else path / auth any. I am now going to add a second puppet master and see how things fair. Will open another question so hopefully if I get stuck, you'll be there ! Thanks again! – Oli Dec 17 '12 at 14:04

1 Answers1

1

I was able to fix this with the help of shane madden. I had to turn off selinux, set to permissive mode on my puppet master server. I then set up puppetdb and made sure that it was working. Once I had puppet DB and puppet master connecting fine, I then installed puppet dashboard and pointed my puppet dashboard to the puppet server. The inventory port was set to 8140.

If you need help, reply and i can share install notes

Oli
  • 418
  • 3
  • 15
  • Oli, I have been working with puppet for the last 3 months and have successfully installed the puppet-master, dashboard and puppetdb (without postgresql) on the same host. I have corrected the entries as per your posts, but am still getting the following error Inventory Could not retrieve facts from inventory service: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read finished A Could you share your install notes so that I can find where I am going wrong. –  Feb 09 '13 at 10:27
  • Yes, I have had to create a big selinux policy to handle all the stuff that puppet, puppetdb, foreman, and passenger wants to do. – lsd Feb 09 '13 at 14:49
  • do you still need help here? I missed your post.. let me know if you do. – Oli Mar 06 '13 at 07:15