I have a need to send reports from a puppet master B in datacenter B to puppetdb on master A in datacenter A. Both are using puppet open source 3.7.1 and puppetdb 2.2 (master A) or puppetdb-terminus (master B).
I have done all steps here: https://docs.puppetlabs.com/puppetdb/2.2/connect_puppet_master.html. However, this page says nothing about using SSL certs so that puppetdb-terminus on master B can connect to https port 8081 on master A. I get errors like this: Warning: Error 400 on SERVER: Could not retrieve facts for masterB.example.com: Failed to find facts from PuppetDB at masterA.example.com:8081: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [unable to get local issuer certificate for /CN=masterA.example.com] The separate page on setting up master-less puppet agents to send puppetdb reports touches on this: https://docs.puppetlabs.com/puppetdb/2.2/connect_puppet_apply.html The most promising solution here looks like setting up an apache SSL proxy that redirects https 8081 to localhost:8080 mentioned here: https://docs.puppetlabs.com/puppetdb/2.2/connect_puppet_apply.html#option-a-set-up-an-ssl-proxy-for-puppetdb. However, I know little about configuring apache this way, and an example config isn't provided. It even says More detailed instructions for setting up this proxy will be added to this guide at a later date". The 2.3 instruction lacks this also. Any ideas? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/4bb2fdb8-d169-4fcb-9767-7cb7f5d7b9be%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
