Ask Your Question

PuppetDB SSL Error

asked 2015-08-24 09:30:26 -0600

Hello dear Puppeteers,

I am having a very frustrating issue, and after breaking two keyboards and one mouse during my rage on the errors I get, I think it is time for professional help :D

So here it goes:

I am building up a new puppet master parallel to the already existing puppet master. I have one node dedicated to testing the puppet modules.

Both my new master and test agent node use Puppet 3.7.3, the puppet master is also the CA and on the puppet master I am tryint to configure PuppetDB 1.6

I generated CA certificate according to the Puppetlabs documentation, I have run the puppetdb-ssl-setup, checked the jetty.ini configuration several thousand times, made sure that NTP is in sync on both nodes, but still i am getting the following errors:

  1. On the puppet agent, when I run "puppet agent -t" I get: Could not retrieve resources from the PuppetDB at SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read finished A on node

  2. In /var/log/puppetdb/puppetdb.log I get: 2015-08-24 15:49:54,242 WARN [qtp-173459449-68] [io.nio] Invalid Padding length: 176

I have tryed googling for both this errors but I seem to be going in a circle. Please HELP! What does the first SSL error mean? How can I get ridof it? Why is it so god damn hard to setup a new puppet master?

Thanks in advance and peace :)

Konstantin Boyanov

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted

answered 2015-08-30 10:07:41 -0600

updated 2015-12-02 07:40:49 -0600

Besides reading the manual, the solution that finaly worked out for me was hidden in the SSL Cyphers Java uses by default (or prohibits after the infamous Poodle-Attack). If one sets the allowed cypher suites in jetty.ini to the exact values used dy default by the JVM everything works fine.

Hope that helps someone who is stuck like myself :)

Note to self: RTFM

edit flag offensive delete link more

answered 2015-11-25 02:06:08 -0600

Senza gravatar image

Is there any solution other than regenerating ALL certificates?

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2015-08-24 09:30:26 -0600

Seen: 835 times

Last updated: Dec 02 '15