Error on first agent run on puppet master. Failed to submit 'replace facts' command to PuppetDB

asked 2013-07-31 09:13:37 -0600

derevan@cisco gravatar image

updated 2013-07-31 09:40:03 -0600

GregLarkin gravatar image

This is a continuation from thread 2219. Originally had an issue with the external_node script, but changed local host to the master's fqdn and it worked (at least from the shell prompt). Now the error is different as shown below.

Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to submit 'replace facts' command for puppetmaster3.tidalsoft.local to PuppetDB at puppetmaster3.tidalsoft.local:8081: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=puppetmaster3.tidalsoft.local]

Below is a debug listing:

  [root@puppetmaster3 ~]# puppet ...
Can you give details on how your Puppet installation is structured? Are all roles on the same server, or have you installed the master on a server separate from PuppetDB ...(more)

GregLarkin gravatar imageGregLarkin ( 2013-07-31 09:44:34 -0600 )edit

Try: mv /etc/puppetdb/ssl /etc/puppetdb/ssl.bak; puppetdb-ssl-setup -f

ken gravatar imageken ( 2013-07-31 10:07:52 -0600 )edit

@Greg, everything is on one server. It is a basic PE 3.0 install. I did have to re-install, but I used the options to delete everything when I uninstalled.

derevan@cisco gravatar imagederevan@cisco ( 2013-07-31 10:17:47 -0600 )edit

@ken, same result after puppetdb-ssl-setup

derevan@cisco gravatar imagederevan@cisco ( 2013-07-31 10:18:29 -0600 )edit

Did you restart puppetdb after running puppetdb-ssl-setup? If not, please repeat that process and then run "/sbin/service puppetdb restart".

GregLarkin gravatar imageGregLarkin ( 2013-07-31 12:55:11 -0600 )edit

answered 2013-07-31 13:58:45 -0600

derevan@cisco gravatar image

It turned out to be a proxy issue (we require a proxy to download packages and such). It worked from the shell because I had exported the "no_proxy" variable set to my puppet master fqdn. I added that to /etc/profile, restarted the services and now my Puppet run is successful.

Thank you Greg and Ken for your assistance with this!

Good to hear it!

GregLarkin gravatar imageGregLarkin ( 2013-07-31 14:27:55 -0600 )edit

Asked: 2013-07-31 09:13:37 -0600

Seen: 4,133 times

Last updated: Jul 31 '13