Thanks for your reply Ken, On Fri, May 10, 2013 at 2:11 PM, Ken Barber <k...@puppetlabs.com> wrote: > How did you setup your SSL certificates? You didn't mention a manual > certificate setup.
I did it manually after the automatic way did not work. I followed this guide ( http://goo.gl/m4PIH ) and reviewed your comments in this thread: http://goo.gl/NzS5M . >Perhaps you can get away with just re-initializing > your certificates using 'puppetdb-ssl-setup'? Just backup your > /etc/puppetdb/ssl directory first, and then remove it and re-run the > tool and see if that helps: > > # mv /etc/puppetdb/ssl /etc/puppetdb/ssl.bak > # puppetdb-ssl-setup Just tried that. Also put the new pass in jetty.ini, as this was changed. I also did: # openssl verify -CAfile /etc/puppet/ssl/ca/ca_crt.pem `puppet master --configprint hostcert` /etc/puppet/ssl/certs/puppetdb.local.pem: OK > Try that first, and if it doesn't help let us know what any resulting > errors are ... even if its exactly the same error. Exact output of puppet-onetime on a host after configuring puppetdb: ================================================ Info: Retrieving plugin Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb Info: Loading facts in /var/lib/puppet/lib/facter/pe_version.rb Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to submit 'replace facts' command for kayak.local to PuppetDB at puppetdb.local:8081: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read finished A Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run ================================================ Tail of /var/log/puppetdb/puppetdb.log: ================================================ 2013-05-10 15:12:55,421 INFO [main] [cli.services] Starting 1 command processor threads 2013-05-10 15:12:55,432 INFO [main] [cli.services] Starting query server 2013-05-10 15:12:55,462 INFO [pool-2-thread-1] [cli.services] Starting database garbage collection 2013-05-10 15:12:55,473 INFO [clojure-agent-send-off-pool-2] [server.Server] jetty-7.x.y-SNAPSHOT 2013-05-10 15:12:55,494 INFO [pool-2-thread-1] [cli.services] Finished database garbage collection 2013-05-10 15:12:55,505 INFO [pool-2-thread-1] [cli.services] Starting sweep of stale reports (threshold: 14 days) 2013-05-10 15:12:55,525 INFO [pool-2-thread-1] [cli.services] Finished sweep of stale reports (threshold: 14 days) 2013-05-10 15:12:55,545 INFO [clojure-agent-send-off-pool-2] [server.AbstractConnector] Started SelectChannelConnector@localhost:8080 2013-05-10 15:12:56,038 INFO [clojure-agent-send-off-pool-2] [ssl.SslContextFactory] Enabled Protocols [SSLv2Hello, SSLv3, TLSv1] of [SSLv2Hello, SSLv3, TLSv1] 2013-05-10 15:12:56,053 INFO [clojure-agent-send-off-pool-2] [server.AbstractConnector] Started SslSelectChannelConnector@puppetdb.local:8081 2013-05-10 15:13:38,374 WARN [qtp283362979-38] [io.nio] javax.net.ssl.SSLHandshakeException: null cert chain ================================================ Puppet master log line: ================================================ May 10 15:13:38 gaia puppet-master[5686]: Failed to submit 'replace facts' command for kayak.kahuna.local to PuppetDB at puppetdb.kahuna.local:8081: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read finished A ================================================ Hope this helps. Thanks for your time (and the previous -comprehensive- responses on this mailing list), kl -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
