puppetdb not responding since 'yum update'

[Jon Yeargers]

I did `yum update` on my puppet server about a week ago. Up to that point I had puppet and puppetdb running on the same machine. Since the update puppetdb doesn't appear to be listening on port 8081 anymore.

When I run `puppet agent --test` on a client I get this error:

    err: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to submit 'replace facts' command for plugpc-005.client to PuppetDB at puppet.server:8081: Connection refused - connect(2)

Looking at `nmap -P0 puppet.server` shows that port 8081 isn't open. Trying `telnet puppet.server 8081` confirms this.

My configs are all set using the values from [here].(http://docs.puppetlabs.com/puppetdb/latest/connect_puppet_master.html).

`ps -ax` shows that the processes are running:

    2040 ?        Ss     4:55 /usr/sbin/openvpn --daemon --writepid /var/run/openvpn/puppet.pid --config puppet.conf --cd /etc/openvpn --script-security 2

    29737 ?        Sl     0:37 /usr/bin/java -XX:OnOutOfMemoryError=kill -9 %p -Xmx192m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/log/puppetdb/puppetdb-oom.hprof -jar /usr/share/puppetdb/puppetdb.jar services -c /etc/puppetdb/conf.d

    29924 ?        Sl     0:01 Passenger AppPreloader: /usr/share/puppet/rack/puppetmasterd           

    29963 ?        Sl     0:00 Passenger RackApp: /usr/share/puppet/rack/puppetmasterd                

The output of `netstat -nap | grep 8081` is empty. 

Turning off iptables doesn't make any difference. (not that it would - nobody is listening at the port anyway)

NOTE: This system was working ok before the update. I could download configs to clients and query the db for the results.

So - what did I break?

[Ken Barber]

I responded to this in ask, but I'll answer here also.

In the file /etc/puppetdb/conf.d/jetty.ini, the settings ssl-host and
ssl-port must be set to listen on the SSL port (8081). However, if
your ssl certs aren't yet configured this may fail for you. Usually
puppetdb-ssl-setup is a good way to set these up automatically, so try
this first. For ssl-host I usually recommend something like ::1 or
0.0.0.0 to listen on all ports for simplicity, but you can make this
explicit if you like.

ken.

> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/f4f93c97-a763-40c4-96c6-6c341893fc74%40googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.

[Jon Yeargers]

I used 'puppetdb-ssl-setup' (after removing the ssl folder) to no avail.

(sorry about cross posting - I thought I had removed the 'ask' entry)

[Ken Barber]

Can you show your jetty.ini? And the results of running
puppetdb-ssl-setup ... the more information the better in these kinds
of cases.

Also - is PuppetDB listening to port 8080?

> https://groups.google.com/d/msgid/puppet-users/6e94f3ef-4320-4b49-b430-10f646f220cc%40googlegroups.com.

[Jon Yeargers]

Setting the 'ssl_host=' param to 0.0.0.0 turned the trick (so to speak). I kept trying variations on what the ssl cert was created for.

Thank you for clearing this up for me.