I have the following setup. 1) Existing PuppetServer version 1.1.3
2) New PuppetServer version 1.1.3 installation (new DC) I followed the following documentation on setting up multiple Puppet Masters https://docs.puppetlabs.com/guides/scaling_multiple_masters.html#option-1-direct-agent-nodes-to-the-ca-master Essentially I pre-generated the SSL certificate for the new puppet server from the existing puppet server, instead of letting the puppet server generate it on startup. A new node checks in and contacts server 1 (pre-existing Puppet server) for CA functions (configured via ca_server in puppet.conf). Certificate generates and node caches it. However, the puppet run (which runs against the new puppet server) generates the following error: Warning: Unable to fetch my node definition, but the agent run will continue : Warning: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read finished A Info: Retrieving pluginfacts Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read finished A Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet://aws-puppet-01.xxxxxx.com/pluginfacts: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read finished A Info: Retrieving plugin Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read finished A Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve file metadata for puppet://aws-puppet-01.xxxxxx.com/plugins: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read finished A Info: Loading facts Error: Could not retrieve catalog from remote server: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read finished A Notice: Using cached catalog Error: Could not retrieve catalog; skipping run Error: Could not send report: SSL_connect SYSCALL returned=5 errno=0 state= SSLv3 read finished A If I point the node at the other puppet server it runs fine. I have verified that the certificate being used on the new puppet server is in fact signed by the same CA that generates the node certificate and the certificate used on the pre-existing puppet server. I can also connect to the new Puppet server via OpenSSL and issue a simple HTTP GET command (don't know a valid get request so end up with a 404 response, but it shows the certificate is setup correctly). Also, I have disabled CA services on the second puppetserver as it is not providing CA capabilities. As a test I removed the SSL certificates and started up Puppetserver fresh on the new server, that way it generated the CA certificates, etc. A node then successfully checks in, gets a certificate and can apply a manifest. This indicates I am doing something wrong in creating certs from the primary server (CA) for the new Puppet server. Any help on what the issue is would be appreciated. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d40b46d1-e132-4aad-b355-4a237825c8d8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
