5

I'm attempting to use puppetdb on but I'm running into some issues.

I have a node called puppet. It is the master as well as where I've installed puppetdb. It's also a node that puppet manages.

When I run puppet -t on the puppet node I get:

Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: Error 400 on SERVER: Could not retrieve facts for puppet.example.com: 
Failed to submit 'replace facts' command for puppet.example.com to PuppetDB at
puppet:8081: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate
B: certificate verify failed: [unable to get local issuer certificate for
/CN=puppet.example.com]

I'm assuming that something is wrong w/ the SSL but I'm not sure what to change or where to look.

030
  • 5,731
  • 12
  • 61
  • 107
Kyle Decot
  • 311
  • 1
  • 6
  • 13
  • 1
    What process did you follow to set up PuppetDB's cert (step 3, A or B [here](https://docs.puppetlabs.com/puppetdb/latest/install_from_source.html#step-3-option-a-run-the-ssl-configuration-script))? – Shane Madden Dec 26 '14 at 18:03

1 Answers1

1

It looks like problem with hostname on PuppetDB (master) server. Make sure that hostname -f outputs address that is resolvable from all node where puppet agent runs.

From the error log it seems that the hostname is just puppet:

Failed to submit 'replace facts' command for puppet.example.com to PuppetDB at
puppet:8081

Then move old certificates

  • for PuppetDB 2.x:

    mv /etc/puppet/puppetdb/ssl/ /etc/puppet/puppetdb/ssl-old
puppetdb-ssl-setup -f

  • for PuppetDB 3.x and newer:

    mv /etc/puppetlabs/puppetdb/ssl/ /etc/puppetlabs/puppetdb/ssl-old
puppetdb ssl-setup -f

Finally restart the service:

service puppetdb restart
Tombart
  • 2,013
  • 3
  • 27
  • 47