puppetmaster can not connect with puppetdb with ssl error.

asked 2017-06-03 10:06:09 -0500

xjg2010 gravatar image

updated 2017-06-03 10:21:55 -0500

I have installed puppetdb and puppetmaster(4.8),and I have exec "puppet agent -t and puppetdb ssl-setup -f " on the puppetdb server, when I exec "puppet agent -t" on puppet agent node,I get ssl error, I use "curl" command to check 8081 port of the puppetdb server on puppet master server, The puppetdb server looks like working normally. the curl command follow this:

 #curl  'https://bizpuppetdb.server:8081/pdb/query/v4/nodes'      --cacert /var/lib/puppetlabs/ssl/certs/ca.pem   --cert /var/lib/puppetlabs/ssl/certs/puppetserver.sogou.pem    --key /var/lib/puppetlabs/ssl/private_keys/puppetserver.sogou.pem

It return follow this:
[{"deactivated":null,"latestreporthash":null,"factsenvironment":"production","cachedcatalogstatus":null,"reportenvironment":null.......}]

the ssl error like this:

2017-06-03 22:52:04 +0800 Puppet (warning): Error connecting to bizpuppetdb.server on 8081 at route /pdb/cmd/v1?checksum=330733bc8ffddc06ba3486ab3b62fd9723d0eb48&version=8&certname=bjzw_49_28.sogou-in.domain&command=store_report&producer-timestamp=1496501524, error message received was 'SSL_connect SYSCALL returned=5 errno=0 state=unknown state'. Failing over to the next PuppetDB server_url in the 'server_urls' list
 2017-06-03 22:52:04 +0800 Puppet (err): Failed to execute '/pdb/cmd/v1?checksum=330733bc8ffddc06ba3486ab3b62fd9723d0eb48&version=8&certname=bjzw_49_28.sogou-in.domain&command=store_report&producer-timestamp=1496501524' on at least 1 of the following 'server_urls': https://bizpuppetdb.server:8081

This question bothers me for days,Could any body help me? thank you.

john

edit retag flag offensive close merge delete

Comments

Did you check : your date on both Puppet agent & server ("date" ; "ntpq -p" ...) ? Puppet server ; DB ; agent releases Try to generate new certificates "puppet cert clean your_node" on server "rm -fr /etc/puppetlabs/puppet/ssl" on node "puppet agent -tv --waitforcert=60" "puppet cert sign"

unixmind gravatar imageunixmind ( 2017-06-06 08:42:46 -0500 )edit