On Tue, Oct 13, 2015 at 11:13 PM, Dan <d...@ifunky.net> wrote: > Excellent thanks guys that got me going on the right path looking at the > certs. I'm using puppet apply to build the initial puppet master so the > agent won't have executed when it gets to installing puppetdb so I'll need > to work around this somehow. > > Dan
Use puppet cert generate to make the certs before building your master perhaps? ie. take the step the master normally does for you out of band, and do it yourself. afaik its own certificate generation steps are totally reproducible. If you're building masters from scratch its good to have control of this step anyway, since you often want to manage the CA. > On Friday, 9 October 2015 21:01:00 UTC+1, Ken Barber wrote: >> >> On Fri, Oct 9, 2015 at 4:35 AM, Dan <d...@ifunky.net> wrote: >> > Hi Wyatt, >> > >> > Thanks for the pointer! I found the full stack trace which gives a >> > better >> > error: >> > >> > I just need to workout how to configure the SSL configuration now. >> >> Try `puppetdb ssl-setup` on the command line. It requires that you've >> done a full puppet agent run first, since it re-uses Puppet's SSL >> certs/key files. Otherwise, you can create new ones manually using the >> `puppet cert` tooling: >> https://docs.puppetlabs.com/references/4.2.0/man/cert.html. Just be >> mindful that normal SSL validation rules apply here with the >> certificate hostnames. So you must match the real clients hostname, >> much like a browser, or the client will reject the server. >> >> > >> > >> > 2015-10-09 20:28:24,184 INFO [p.p.pdb-routing] Starting PuppetDB, >> > entering >> > maintenance mode >> > 2015-10-09 20:28:24,257 INFO [p.t.s.n.nrepl-service] nREPL service >> > disabled, not starting >> > 2015-10-09 20:28:24,258 INFO [p.t.s.w.jetty9-service] Starting web >> > server(s). >> > 2015-10-09 20:28:24,293 ERROR [p.t.internal] Error during service >> > start!!! >> > java.lang.IllegalArgumentException: Missing some SSL configuration; must >> > provide either :ssl-cert, :ssl-key, and :ssl-ca-cert, OR :truststore, >> > :trust-password, :keystor >> > e, and :key-password. >> > at >> > >> > puppetlabs.trapperkeeper.services.webserver.jetty9_config$eval28763$get_jks_keystore_config_BANG___28764$fn__28768.invoke(jetty9_config.clj:288) >> > ~[na:na] >> > at >> > >> > puppetlabs.trapperkeeper.services.webserver.jetty9_config$eval28763$get_jks_keystore_config_BANG___28764.invoke(jetty9_config.clj:282) >> > ~[na:na] >> > at >> > >> > puppetlabs.trapperkeeper.services.webserver.jetty9_config$eval28787$get_keystore_config_BANG___28788$fn__28789.invoke(jetty9_config.clj:307) >> > ~[na:na] >> > at >> > >> > puppetlabs.trapperkeeper.services.webserver.jetty9_config$eval28787$get_keystore_config_BANG___28788.invoke(jetty9_config.clj:300) >> > ~[na:na] >> > at >> > >> > puppetlabs.trapperkeeper.services.webserver.jetty9_config$eval28963$maybe_get_https_connector__28964$fn__28965.invoke(jetty9_config.clj:399) >> > ~[na:na] >> > at >> > >> > puppetlabs.trapperkeeper.services.webserver.jetty9_config$eval28963$maybe_get_https_connector__28964.invoke(jetty9_config.clj:390) >> > ~[na:na] >> > at >> > >> > puppetlabs.trapperkeeper.services.webserver.jetty9_config$eval29004$maybe_add_https_connector__29005$fn__29006.invoke(jetty9_config.clj >> > >> > >> > Thanks >> > >> > Dan >> > >> > On Friday, 9 October 2015 01:18:08 UTC+1, Wyatt Alt wrote: >> >> >> >> Hey Dan, >> >> >> >> I see the bottom of a java stacktrace in your log snippet there -- >> >> could >> >> you get the full stacktrace from journalctl and stick it in a gist? >> >> >> >> Wyatt >> > >> > -- >> > You received this message because you are subscribed to the Google >> > Groups >> > "Puppet Users" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to puppet-users...@googlegroups.com. >> > To view this discussion on the web visit >> > >> > https://groups.google.com/d/msgid/puppet-users/03974e18-839d-4aab-bddc-f4c42a9928c7%40googlegroups.com. >> > >> > For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/b5e6cbdc-02c8-49a9-8d66-a0aa0373e85f%40googlegroups.com. > > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAE4bNT%3DE0csKma9kZH%2B5gn0qLAZevb5%2B4nXo4QrunO%2BWEZJtTw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
