A few things to verify:
1) what hostname is your puppetdb container trying to connect to
puppetserver at?
a) This should be in your docker-entrypoint.sh script in the puppetdb
container. Likely either 'puppet' or '$PUPPETSERVER_HOSTNAME' depending on
what variables you have set in your compose file and what version of the
puppetdb container you have.
2) Is the hostname your puppetdb container is trying to connect to listed
as one of the certificate names for your puppet server's cert?
a) For example, in my puppetserver container when I run `puppet cert
list --all` I see:
+ "testserver" (SHA256)
F0:31:6D:1D:03:82:C0:84:0D:FA:2B:28:5B:52:CB:18:88:87:61:5F:5A:F5:7E:AB:A2:73:29:44:BC:57:D0:99
(alt names: "DNS:testserver", "DNS:foo")
if my puppetdb container tries to connect to that host over any names
other than 'testserver' or 'foo' I get a certificate verify failed error.
On Fri, Oct 19, 2018 at 9:02 AM Rohit <shar...@edtools.psd401.net> wrote:
> Hello Morgan,
>
> If you are refferring to the cert being in the conf/ssl/certs folder, then
> yes, our.puppet.domain.pem is in the folder. When running the 'puppet cert
> list --all' I see three certificates (in the SHA256 format):
>
> - computername.our.puppet.domain
> - our.puppet.domain
> - servername.our.puppet.domain
>
> If it is a DNS issue, do I have to likely change something from the
> docker-compose side?
>
>
> On Thursday, October 18, 2018 at 2:14:54 PM UTC-7, Morgan Rhodes wrote:
>>
>> Hi Rohit,
>>
>> Is the hostname from `/CN=our.puppet.domain` showing up in your
>> puppetserver's certificate? You can verify that with `puppet cert list
>> --all` on the puppetserver container. This looks like a DNS issue.
>>
>> On Thursday, October 18, 2018 at 11:41:16 AM UTC-7, Rohit wrote:
>>>
>>> Hello, we currently have a puppet docker container setup and are
>>> experiencing certificate issues. Basically, in our docker setup (on our
>>> main server) I had generated and signed new certificates, but the puppet_db
>>> container keeps restarting. Here are logs from the puppet_db container:
>>>
>>> ‘Error: Could not retrieve catalog from remote server: SSL_connect
>>> returned=1 errno=0 state=error: certificate verify failed: [unable to get
>>> local issuer certificate for /CN=our.puppet.domain]
>>> Error: Could not retrieve catalog; skipping run
>>> Error: Could not send report: SSL_connect returned=1 errno=0
>>> state=error: certificate verify failed: [unable to get local issuer
>>> certificate for /CN=our.puppet.domain]’
>>>
>>> I have tried series of steps to solve this problem as it looks like
>>> Puppet is not functioning correctly as our servers are not properly
>>> listening to the host server. Any idea what I can do to solve this problem?
>>> For reference, we are running Puppet_DB version 4.2 and Puppet Server
>>> version 2.7.2, all of which is set up on a docker container environment on
>>> one server.
>>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/899d2bf7-ceed-4d9e-bd24-c4ba2cc93928%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/899d2bf7-ceed-4d9e-bd24-c4ba2cc93928%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
Morgan Rhodes
mor...@puppet.com
Release Engineer
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CA%2BFnDv15nGSpEuX7otQa%2B%3Dc9_FKW7YLB_FQzWWhJgRSvEHP%2BxA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
