puppet-dashboard cert::create_key_pair and cert::request fails

[Robert Schaffar-Taurok]

Hi!

I am already successfully using puppet with puppet-dashboard in my environment and would like to extend this to display the facts in puppet-dashboard.

I understand that I need a puppetdb for that. Which I installed and I already get successfull log messages there that facts are stored. So until now everything seems to work.

Now I want to connect dashboard to puppetmaster and from the documentation I read that I need to do the following:

$ sudo -u puppet-dashboard rake cert:create_key_pair $ sudo -u puppet-dashboard rake cert:request

Well, I used the puppetlabs apt repository to install, so the users are different. But what I do is:

cd /usr/share/puppet-dashboard

su www-data -c "rake cert:create_key_pair --trace"

su www-data -c "rake cert:request --trace"

The first thing is that with create_key_pair I get a "Key(s) already exist." error message.

Because for some reason the method is called twice. I ignore this, as afterwards I successfully find a public and private key in the /usr/share/puppet-dashboard/certs directory. But nothing else. If there should be more there at this point, please tell me so. Just the public and private pem.

At issuing the cert:request command, I get the following error:

"SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed"

and I don't find any request on the puppetmaster. (puppet cert list)

My setup is that, puppetmaster, puppetdb and puppet-dashboard are all running on the same host.

What I already tried:

- Copying certs from the /var/lib/puppet/ssl directory and skip the create and sign steps. But this doesn't work. Could easily be that I copied wrong files. The puppet-dashboard issues the same error message on the node view btw. (With or without keys in the puppet-dashboard/certs directory. The only time I get another error there is when I give the files in the certs directory a wrong permission. So it looks like it is looking at the expected location)

- Debugging a little bit. But couldn't find out more. And I don't get a better error message from the ssl code.

- Playing around for a day now. So I'm giving up. I need help :)

Installed puppet packages:

ii  puppet                          3.3.1-1puppetlabs1            all          Centralized configuration management - agent startup and compatibility scripts

ii  puppet-common                   3.3.1-1puppetlabs1            all          Centralized configuration management

ii  puppet-dashboard                1.2.23-1puppetlabs1           all          Dashboard for Puppet

ii  puppetdb                        1.5.0-1puppetlabs1            all          PuppetDB Centralized Storage.

ii  puppetdb-terminus               1.5.0-1puppetlabs1            all          Connect Puppet to PuppetDB by setting up a terminus for PuppetDB.

ii  puppetlabs-release              1.0-7                         all          "Package to install Puppet Labs gpg key and apt repo"

ii  puppetmaster                    3.3.1-1puppetlabs1            all          Centralized configuration management - master startup and compatibility scripts

ii  puppetmaster-common             3.3.1-1puppetlabs1            all          Puppet master common scripts

Debian Version: wheezy

Thanks in advance for any help,

Robert

[Jeremy Anderson]

Did you ever get this resolved?  I'm running into the same thing.  If/when I get it figured out, I'll post what it was, but I'm hoping that maybe you've solved it in the meantime.

[Jeremy Anderson]

Thanks for the email, Robert -- after I replied to you, I realized I hadn't reply-all'd, so anyone on the list searching for this issue wouldn't see how I got it working.

I worked around this by moving to the sodabrew version of puppet-dashboard, and also flailing around a bit with the config.  sodabrew's version is at:

https://github.com/sodabrew/puppet-dashboard/

Once I followed the steps in that readme, everything worked great.