Puppet db certs dissapear?

0

Nothing in the configuration has changed since the launch of the service, only the license key. The "cacerts" file itself is a symbolic link. Someone faced a similar problem?

root@puppet:/home/user# journalctl -u pe-puppetdb
-- Logs begin at Thu 2019-05-02 17:48:14 UTC, end at Thu 2019-05-02 17:54:26 UTC. --
Starting pe-puppetdb Service...
The [database] classname setting has been retired and will be ignored.
The [database] subprotocol setting has been retired and will be ignored.
The [database] classname setting has been retired and will be ignored.
The [database] subprotocol setting has been retired and will be ignored.
 java.io.FileNotFoundException: /opt/puppetlabs/server/apps/java/lib/jvm/java/jre/lib/security/cacerts (No such file or directory)
         at java.io.FileInputStream.open0(Native Method)
         at java.io.FileInputStream.open(FileInputStream.java:195)
         at java.io.FileInputStream.<init>(FileInputStream.java:138)
         at sun.security.util.AnchorCertificates$1.run(AnchorCertificates.java:60)
         at sun.security.util.AnchorCertificates$1.run(AnchorCertificates.java:52)
         at java.security.AccessController.doPrivileged(Native Method)
         at sun.security.util.AnchorCertificates.<clinit>(AnchorCertificates.java:52)
         at sun.security.provider.certpath.AlgorithmChecker.checkFingerprint(AlgorithmChecker.java:214)
         at sun.security.provider.certpath.AlgorithmChecker.<init>(AlgorithmChecker.java:164)
         at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:177)
         at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:141)
         at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:80)
         at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)
         at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:357)
         at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:259)
         at sun.security.validator.Validator.validate(Validator.java:260)
         at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
         at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
         at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
         at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
         at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
         at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
         at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
         at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
         at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
         at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
         at org.postgresql.ssl.MakeSSL.convert(MakeSSL.java:62)
         at org.postgresql.core.v3.ConnectionFactoryImpl.enableSSL(ConnectionFactoryImpl.java:351)
         at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:137)
         at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:66)
         at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:215)
         at org.postgresql.Driver.makeConnection(Driver.java:406)
         at org.postgresql.Driver.connect(Driver.java:274)
         at com.zaxxer.hikari.util.DriverDataSource.getConnection(DriverDataSource.java:95)
         at com.zaxxer.hikari.util.DriverDataSource.getConnection(DriverDataSource.java:101)
         at com.zaxxer.hikari.pool.PoolBase.newConnection(PoolBase.java:356)
         at com.zaxxer.hikari.pool.PoolBase.newPoolEntry(PoolBase.java:199)
         at com.zaxxer.hikari.pool.HikariPool.createPoolEntry(HikariPool.java:444)
         at com.zaxxer.hikari.pool.HikariPool.access$200(HikariPool.java:71)
         at com.zaxxer.hikari.pool.HikariPool$PoolEntryCreator.call(HikariPool.java:631)
         at com.zaxxer.hikari.pool.HikariPool$PoolEntryCreator.call(HikariPool.java:617)
         at java.util.concurrent.FutureTask.run(FutureTask.java:266)
         at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
         at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
         at java.lang.Thread.run(Thread.java:748)
pe-puppetdb.service: Start operation timed out. Terminating.
Startup script was terminated before completion
pe-puppetdb.service: State 'stop-final-sigterm' timed out. Killing.
pe-puppetdb.service: Control process exited, code=killed status=9
Failed to start pe-puppetdb Service.
pe-puppetdb.service: Unit entered failed state.
pe-puppetdb.service: Failed with result 'signal'.
pe-puppetdb.service: Service hold-off time over, scheduling restart.

Krama

Posted 2019-05-02T18:12:51.077

Reputation: 1

Answers

0

The problem was solved

  1. Go to folder - /opt/puppetlabs/server/apps/puppetdb/bin
  2. Run ./puppetdb ssl-setup -f  which will generate certificates(note: After completing this step, you will miss one certificate.)
  3. Copy the certificate /etc/puppetlabs/orchestration-services/ssl/FQDN.cert.pem to /etc/puppetlabs/puppetdb/ssl/
  4. Start the installation via ./puppet-enterprise-installer -c < path to .../conf.d/pe.conf > he will correct all errors.

Cons of this method

  1. It will be necessary to add all the nodes again
  2. To find out this solution, I spent about 30 hours of time.

Krama

Posted 2019-05-02T18:12:51.077

Reputation: 1

Asked: 2019-05-02T18:12:51.077

Viewed: 85 times

Active: 2019-05-04T12:37:28.253