Ask Your Question

Error on first agent run on puppet master. Failed to submit 'replace facts' command to PuppetDB

asked 2013-07-31 09:13:37 -0600

derevan@cisco gravatar image

updated 2013-07-31 09:40:03 -0600

GregLarkin gravatar image

This is a continuation from thread 2219. Originally had an issue with the external_node script, but changed local host to the master's fqdn and it worked (at least from the shell prompt). Now the error is different as shown below.

Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to submit 'replace facts' command for puppetmaster3.tidalsoft.local to PuppetDB at puppetmaster3.tidalsoft.local:8081: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=puppetmaster3.tidalsoft.local]

Below is a debug listing:

  [root@puppetmaster3 ~]# puppet ...
edit retag flag offensive close merge delete


Can you give details on how your Puppet installation is structured? Are all roles on the same server, or have you installed the master on a server separate from PuppetDB ...(more)

GregLarkin gravatar imageGregLarkin ( 2013-07-31 09:44:34 -0600 )edit

Try: mv /etc/puppetdb/ssl /etc/puppetdb/ssl.bak; puppetdb-ssl-setup -f

ken gravatar imageken ( 2013-07-31 10:07:52 -0600 )edit

@Greg, everything is on one server. It is a basic PE 3.0 install. I did have to re-install, but I used the options to delete everything when I uninstalled.

derevan@cisco gravatar imagederevan@cisco ( 2013-07-31 10:17:47 -0600 )edit

@ken, same result after puppetdb-ssl-setup

derevan@cisco gravatar imagederevan@cisco ( 2013-07-31 10:18:29 -0600 )edit

Did you restart puppetdb after running puppetdb-ssl-setup? If not, please repeat that process and then run "/sbin/service puppetdb restart".

GregLarkin gravatar imageGregLarkin ( 2013-07-31 12:55:11 -0600 )edit

1 Answer

Sort by ยป oldest newest most voted

answered 2013-07-31 13:58:45 -0600

derevan@cisco gravatar image

It turned out to be a proxy issue (we require a proxy to download packages and such). It worked from the shell because I had exported the "no_proxy" variable set to my puppet master fqdn. I added that to /etc/profile, restarted the services and now my Puppet run is successful.

Thank you Greg and Ken for your assistance with this!

edit flag offensive delete link more


Good to hear it!

GregLarkin gravatar imageGregLarkin ( 2013-07-31 14:27:55 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2013-07-31 09:13:37 -0600

Seen: 4,133 times

Last updated: Jul 31 '13