"puppetserver ca migrate" error
593 views
Skip to first unread message
Erwin Bogaard
Feb 25, 2021, 10:59:11 AM2/25/21
to Puppet Users
Hi,
I'm trying to solve the notofocation about "The cadir is currently configured to be inside the /etc/puppetlabs/puppet/ssl directory".
When I follow the steps, and run:
# puppetserver ca migrate --config /etc/puppetlabs/puppet/puppet.conf
I get the message: "Puppetserver service is running. Please stop it before attempting to run this command."
If I then stop the puppetserver service and run the command again, I get the following Error: "Fatal error when running action 'migrate'
Error: Failed connecting to https://xxx.loc:8140/status/v1/simple/ca
Root cause: Failed to open TCP connection to xxx.loc:8140 (Invalid argument - connect(2) for "xxx.loc" port 8140)"
Error: Failed connecting to https://xxx.loc:8140/status/v1/simple/ca
Root cause: Failed to open TCP connection to xxx.loc:8140 (Invalid argument - connect(2) for "xxx.loc" port 8140)"
That no connection is possible seems logical, as I stopped the service prevously.
If "puppetsever ca migrate" won't run when the service is running, but it needs to connect to the service, how is that ever going to work? I'm baffeled.
As a work around: is there maybe a manual way to execute this migration?
Molly Waggett
Feb 25, 2021, 6:52:23 PM2/25/21
to puppet...@googlegroups.com
Hi Erwin,
The puppetserver ca migrate command must be run while the puppetserver service is stopped, but it looks like we're not catching the particular connection error you're getting when we check to see whether the service is running.
I'm wondering if you have an unusual networking setup, e.g. custom DNS config, IPv6, etc.
I was not able to reproduce your issue on a first attempt, so it would also be helpful to know which version of puppetserver you're running, what OS platform you're running on, and which version of Ruby you're using.
Thanks!
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/c4627ffb-887d-490e-9dc6-7b730cdf3622n%40googlegroups.com.
Molly Waggett
she/her
Senior Software Engineer @ Puppet
Erwin Bogaard
Feb 26, 2021, 2:40:23 PM2/26/21
to Puppet Users
Hi Molly,
We don't really run an unusual setup: just a regular machine with hostname in local DNS available, no IPv6.
The installed Puppet component versions are as follows:
puppet-agent-7.4.1-1.el7.x86_64
puppet-client-tools-1.2.6-1.el7.x86_64
puppetdb-7.2.0-1.el7.noarch
puppetdb-termini-7.2.0-1.el7.noarch
puppet-release-1.0.0-15.el7.noarch
puppetserver-7.0.3-1.el7.noarch
puppet-client-tools-1.2.6-1.el7.x86_64
puppetdb-7.2.0-1.el7.noarch
puppetdb-termini-7.2.0-1.el7.noarch
puppet-release-1.0.0-15.el7.noarch
puppetserver-7.0.3-1.el7.noarch
The requested configuration is as follows:
networking => {
dhcp => "192.168.100.1",
domain => "kntr.xxx.loc",
fqdn => "puppet01.kntr.xxx.loc",
hostname => "puppet01",
dhcp => "192.168.100.1",
domain => "kntr.xxx.loc",
fqdn => "puppet01.kntr.xxx.loc",
hostname => "puppet01",
...
}
os => {
architecture => "x86_64",
family => "RedHat",
hardware => "x86_64",
name => "CentOS",
release => {
full => "7.9.2009",
major => "7",
minor => "9"
},
selinux => {
enabled => false
}
}
ruby => {architecture => "x86_64",
family => "RedHat",
hardware => "x86_64",
name => "CentOS",
release => {
full => "7.9.2009",
major => "7",
minor => "9"
},
selinux => {
enabled => false
}
}
platform => "x86_64-linux",
sitedir => "/opt/puppetlabs/puppet/lib/ruby/site_ruby/2.7.0",
version => "2.7.2"
Molly Waggett
Mar 3, 2021, 9:39:08 PM3/3/21
to puppet...@googlegroups.com
Hi Erwin,
I have opened SERVER-2979 to investigate your issue. Any additional info you can add to that ticket would be greatly appreciated.
In the meantime, you can manually migrate your CA directory:
1. stop the puppetserver service:
I have opened SERVER-2979 to investigate your issue. Any additional info you can add to that ticket would be greatly appreciated.
In the meantime, you can manually migrate your CA directory:
1. stop the puppetserver service:
systemctl stop puppetserver
2. move your CA directory to the new location:
mv /etc/puppetlabs/puppet/ssl/ca /etc/puppetlabs/puppetserver/ca
3. to maintain backwards compatibility, create a symlink from the new location to the old location:
3. to maintain backwards compatibility, create a symlink from the new location to the old location:
ln -sf /etc/puppetlabs/puppetserver/ca /etc/puppetlabs/puppet/ssl/ca
4. restart the puppetserver service:
4. restart the puppetserver service:
systemctl start puppetserver
Let us know if you have any other issues.
Thanks!
Let us know if you have any other issues.
Thanks!
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d58e26d1-1cba-4b43-997d-819df7a8381an%40googlegroups.com.
Erwin Bogaard
Mar 4, 2021, 12:07:00 PM3/4/21
to Puppet Users
Hi Molly,
thanks for opening the ticket. No further info to add from my side.
I just executed the manual migration. To me it seems that way is actually easier than the puppetserver migrate-way, where yhou have to look for the location of your config file ;-)
Molly Waggett
Mar 5, 2021, 6:23:45 PM3/5/21
to puppet...@googlegroups.com
On Thu, Mar 4, 2021 at 4:07 AM Erwin Bogaard <erwin....@gmail.com> wrote:
Hi Molly,
thanks for opening the ticket. No further info to add from my side.I just executed the manual migration. To me it seems that way is actually easier than the puppetserver migrate-way, where yhou have to look for the location of your config file ;-)
For what it's worth, you shouldn't have to look for your config file. The command will use your puppet.conf file by default, but you can use the --config flag if you want to use a different config file.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/b666010b-c11c-4a8f-b760-e8b2b8670622n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages