Thanks for your reply Ken,
On Fri, May 10, 2013 at 2:11 PM, Ken Barber <
k...@puppetlabs.com> wrote:
> How did you setup your SSL certificates? You didn't mention a manual
> certificate setup.
I did it manually after the automatic way did not work. I followed
this guide (
http://goo.gl/m4PIH ) and reviewed your comments in this
thread:
http://goo.gl/NzS5M .
>Perhaps you can get away with just re-initializing
> your certificates using 'puppetdb-ssl-setup'? Just backup your
> /etc/puppetdb/ssl directory first, and then remove it and re-run the
> tool and see if that helps:
>
> # mv /etc/puppetdb/ssl /etc/puppetdb/ssl.bak
> # puppetdb-ssl-setup
Just tried that. Also put the new pass in jetty.ini, as this was
changed. I also did:
# openssl verify -CAfile /etc/puppet/ssl/ca/ca_crt.pem `puppet master
--configprint hostcert`
/etc/puppet/ssl/certs/puppetdb.local.pem: OK
> Try that first, and if it doesn't help let us know what any resulting
> errors are ... even if its exactly the same error.
Exact output of puppet-onetime on a host after configuring puppetdb:
================================================
Info: Retrieving plugin
Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb
Info: Loading facts in /var/lib/puppet/lib/facter/pe_version.rb
Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb
Error: Could not retrieve catalog from remote server: Error 400 on
SERVER: Failed to submit 'replace facts' command for kayak.local to
PuppetDB at puppetdb.local:8081: SSL_connect SYSCALL returned=5
errno=0 state=SSLv3 read finished A
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
================================================
Tail of /var/log/puppetdb/puppetdb.log:
================================================
2013-05-10 15:12:55,421 INFO [main] [cli.services] Starting 1 command
processor threads
2013-05-10 15:12:55,432 INFO [main] [cli.services] Starting query server
2013-05-10 15:12:55,462 INFO [pool-2-thread-1] [cli.services] Starting
database garbage collection
2013-05-10 15:12:55,473 INFO [clojure-agent-send-off-pool-2]
[server.Server] jetty-7.x.y-SNAPSHOT
2013-05-10 15:12:55,494 INFO [pool-2-thread-1] [cli.services] Finished
database garbage collection
2013-05-10 15:12:55,505 INFO [pool-2-thread-1] [cli.services] Starting
sweep of stale reports (threshold: 14 days)
2013-05-10 15:12:55,525 INFO [pool-2-thread-1] [cli.services] Finished
sweep of stale reports (threshold: 14 days)
2013-05-10 15:12:55,545 INFO [clojure-agent-send-off-pool-2]
[server.AbstractConnector] Started
SelectChannelConnector@localhost:8080
2013-05-10 15:12:56,038 INFO [clojure-agent-send-off-pool-2]
[ssl.SslContextFactory] Enabled Protocols [SSLv2Hello, SSLv3, TLSv1]
of [SSLv2Hello, SSLv3, TLSv1]
2013-05-10 15:12:56,053 INFO [clojure-agent-send-off-pool-2]
[server.AbstractConnector] Started
SslSelectCha...@puppetdb.local:8081
2013-05-10 15:13:38,374 WARN [qtp283362979-38] [io.nio]
javax.net.ssl.SSLHandshakeException: null cert chain
================================================
Puppet master log line:
================================================
May 10 15:13:38 gaia puppet-master[5686]: Failed to submit 'replace
facts' command for kayak.kahuna.local to PuppetDB at
puppetdb.kahuna.local:8081: SSL_connect SYSCALL returned=5 errno=0
state=SSLv3 read finished A
================================================
Hope this helps. Thanks for your time (and the previous -comprehensive- responses on this mailing list),
kl