Jira (PDB-4983) PuppetDB 7.0.0 can't find cert if puppet host has dash/hyphen in name

[Anne Slama (Jira)]

Anne Slama created an issue

PuppetDB / PDB-4983 PuppetDB 7.0.0 can't find cert if puppet host has dash/hyphen in name Issue Type: Bug Assignee: Unassigned Created: 2020/12/07 12:59 PM Priority: Normal Reporter: Anne Slama After a recent upgrade to puppetdb 7.0.0 we noticed the puppet agents were error-ing out with the following message: Warning: Unable to fetch my node definition, but the agent run will continue: Warning: Error 500 on SERVER: Server Error: Could not retrieve facts for rtv-mktadm02.rtv.nex.lan: Failed to find facts from PuppetDB at /etc/puppetlabs/puppet/ssl/certs/.rtv.nex.lan.pem (No such file or directory) On the puppet server (hostname is rtv-puppet01.rtv.nex.lan) the following cert exists, is valid, and was working until the puppetdb upgrade: /etc/puppetlabs/puppet/ssl/certs/rtv-puppet01.rtv.nex.lan.pem If we do " puppet config print | grep ssl" we also seem to have this set properly: hostcert = /etc/puppetlabs/puppet/ssl/certs/rtv-puppet01.rtv.nex.lan.pem We have noticed that if we simply rename the cert to anything without the '' it appears to work, but it seems counter-intuitive to allow hostnames with '' and not let the certname also have '-'. Add Comment

This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935)

[Josh Cooper (Jira)]

Josh Cooper updated an issue

PuppetDB / PDB-4983 PuppetDB 7.0.0 can't find cert if puppet host has dash/hyphen in name

Change By: Josh Cooper

After a recent upgrade to puppetdb 7.0.0 we noticed the puppet agents were error-ing out with the following message:

{code}

Warning: Unable to fetch my node definition, but the agent run will continue: Warning: Error 500 on SERVER: Server Error: Could not retrieve facts for rtv-mktadm02.rtv.nex.lan: Failed to find facts from PuppetDB at  /etc/puppetlabs/puppet/ssl/certs/.rtv.nex.lan.pem (No such file or directory)

{code}

On the puppet server (hostname is rtv-puppet01.rtv.nex.lan) the following cert exists, is valid, and was working until the puppetdb upgrade: /etc/puppetlabs/puppet/ssl/certs/rtv-puppet01.rtv.nex.lan.pem If we do " puppet config print | grep ssl" we also seem to have this set properly: hostcert = /etc/puppetlabs/puppet/ssl/certs/rtv-puppet01.rtv.nex.lan.pem

We have noticed that if we simply rename the cert to anything without the ' \ -' it appears to work, but it seems counter-intuitive to allow hostnames with ' \ -' and not let the certname also have '-'.

Add Comment

[Josh Cooper (Jira)]

Josh Cooper commented on PDB-4983

Re: PuppetDB 7.0.0 can't find cert if puppet host has dash/hyphen in name Hi Anne Slama could you include /etc/puppetlabs/puppet/puppet.conf, {{ /etc/puppetlabs/puppet/puppetdb.conf}} and the output of puppet facts show? Also it's normally not necessary to specify the hostcert property, as you have to be careful that other related settings are consistent. Is there a particular reason you're setting hostcert explicitly? Also there is an issue in facter4 see (FACT-2882) which could affect how facter resolves the fqdn, though in that case the hostname is present, but the domain is missing, which seems like the opposite issue that you're seeing.

Add Comment

[Anne Slama (Jira)]

Anne Slama commented on PDB-4983

Re: PuppetDB 7.0.0 can't find cert if puppet host has dash/hyphen in name

Is there something specific you need from the puppet facts show? It appears to have some keys and sensitive info, so I don't think I can send the whole thing without redacting some data.

Add Comment

[Josh Cooper (Jira)]

Josh Cooper commented on PDB-4983

Re: PuppetDB 7.0.0 can't find cert if puppet host has dash/hyphen in name

I'm mostly interested in the networking facts like: puppet facts show fqdn hostname domain networking And the puppet.conf & puppetdb.conf files, and whether the puppet server's cert rtv-puppet01.rtv.nex.lan matches its fqdn. Also after upgrading the puppet-agent package on the server, did you restart the puppetserver and puppetdb services? We've seen some reports of strange behavior due to running with inconsistent versions of code.

Add Comment