Ask Your Question
0

Opensource Puppet Master Setup Issue causing unable to get local issuer certificate for /CN=puppet

asked 2017-06-15 21:00:51 -0600

Red Cricket gravatar image

updated 2017-06-15 23:29:56 -0600

I have to give up using PE to set up my puppet master :( and I have been thrown to the cold cruel Opensource Puppet world. I have been trying to set up a opensource puppet master on a RHEL7 system. I am planning to do this a couple of times so wrote a very simple shell script. Here's the script:

#!/bin/sh

pc_rpm_name='puppetlabs-release-pc1'
pc_yum_repo_url="https://yum.puppetlabs.com/${pc_rpm_name}-el-7.noarch.rpm"

# set up puppet collection yum repo
rpm -Uvh $pc_yum_repo_url
yum -y install puppetserver
systemctl start puppetserver
/opt/puppetlabs/bin/puppet module install puppetlabs-puppetdb --version 5.1.2

I have a puppet master puppet class I wrote it is very simple:

class my_puppetmaster {
    class { 'puppetdb': listen_address => %{::fqdn} }" 
    include puppetdb::master::config
}

I want to use hiera for my node classification so I have done this:

# pwd
/etc/puppetlabs/code/environments/production/manifests
# cat site.pp 
hiera_include('classes')

I have also created this file:

# pwd
/etc/puppetlabs/code/environments/production/hieradata/nodes
# cat puppet_master.yaml 
classes:
  - my_puppetmaster

And here is my hiera.yaml file:

# pwd
/etc/puppetlabs/puppet
# head hiera.yaml
---
:backends:
  - yaml
:hierarchy:
  - "nodes/%{::trusted.certname}"
  - "nodes/%{::role}"
...

I haven't gotten around to set up a custom fact yet. I figured I could test things out at this point by rebooting the system to give everything a good shake out and then running puppet agent -t and see what happens. When I run puppet agent -t on the puppet master I get this output:

Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=puppet]
Info: Retrieving pluginfacts
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=puppet]
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=puppet]
Info: Retrieving plugin
Error: /File[/opt/puppetlabs/puppet/cache/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=puppet]
Error: /File[/opt/puppetlabs/puppet/cache/lib]: Could not evaluate: Could not retrieve file metadata for puppet:///plugins: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=puppet]
Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=puppet]
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=puppet]

I guess I left something out ... (more)

edit retag flag offensive close merge delete

Comments

1

Doh! I feel kind of foolish. I need to change the line in my /etc/puppetlabs/puppet/puppet.conf from server = puppet to server = aos-ppt-01.example.com (the actual hostname of my puppet master)

Red Cricket gravatar imageRed Cricket ( 2017-06-15 23:43:05 -0600 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2017-06-20 00:27:17 -0600

Red Cricket gravatar image

Doh! I feel kind of foolish. I need to change the line in my /etc/puppetlabs/puppet/puppet.conf from server = puppet to server = aos-ppt-01.example.com (the actual hostname of my puppet master)

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2017-06-15 21:00:51 -0600

Seen: 822 times

Last updated: Jun 20