After installing master, while adding classes for multiple operating system, when i run puppet agent -t on master, it fails with curl certificate issue even after it has all certificates. Master running Amazon Linux.

asked 2018-02-12 13:29:43 -0500

updated 2018-02-13 07:39:53 -0500

DarylW gravatar image

After installing master, when i try to add class for multiple operating systems, and then run puppet agent -t on master, it fails with curl certificate failure.

Please let me know which certificated i need to add for curl and how to add certificates for curl specifically. I already have certificates installed but seems like curl is the only thing having issues with it.

pc64el.tar.gz]/Pe_staging::File[puppet-agent-ubuntu-16.04-ppc64el.tar.gz]/Exec[/opt/puppetlabs/server/data/staging/pe_repo-puppet-agent-5.3.3/puppet-agent-ubuntu-16.04-ppc64el.tar.gz]/returns: curl: (60) SSL certificate problem: unable to get local issuer certificate
Notice: /Stage[main]/Pe_repo::Platform::Ubuntu_1604_ppc64el/Pe_repo::Debian[ubuntu-16.04-ppc64el]/Pe_repo::Repo[ubuntu-16.04-ppc64el 2017.3.2]/Pe_staging::Deploy[puppet-agent-ubuntu-16.04-ppc64el.tar.gz]/Pe_staging::File[puppet-agent-ubuntu-16.04-ppc64el.tar.gz]/Exec[/opt/puppetlabs/server/data/staging/pe_repo-puppet-agent-5.3.3/puppet-agent-ubuntu-16.04-ppc64el.tar.gz]/returns: More details here: https://curl.haxx.se/docs/sslcerts.html
Notice: /Stage[main]/Pe_repo::Platform::Ubuntu_1604_ppc64el/Pe_repo::Debian[ubuntu-16.04-ppc64el]/Pe_repo::Repo[ubuntu-16.04-ppc64el 2017.3.2]/Pe_staging::Deploy[puppet-agent-ubuntu-16.04-ppc64el.tar.gz]/Pe_staging::File[puppet-agent-ubuntu-16.04-ppc64el.tar.gz]/Exec[/opt/puppetlabs/server/data/staging/pe_repo-puppet-agent-5.3.3/puppet-agent-ubuntu-16.04-ppc64el.tar.gz]/returns:
Notice: /Stage[main]/Pe_repo::Platform::Ubuntu_1604_ppc64el/Pe_repo::Debian[ubuntu-16.04-ppc64el]/Pe_repo::Repo[ubuntu-16.04-ppc64el 2017.3.2]/Pe_staging::Deploy[puppet-agent-ubuntu-16.04-ppc64el.tar.gz]/Pe_staging::File[puppet-agent-ubuntu-16.04-ppc64el.tar.gz]/Exec[/opt/puppetlabs/server/data/staging/pe_repo-puppet-agent-5.3.3/puppet-agent-ubuntu-16.04-ppc64el.tar.gz]/returns: curl failed to verify the legitimacy of the server and therefore could not
Notice: /Stage[main]/Pe_repo::Platform::Ubuntu_1604_ppc64el/Pe_repo::Debian[ubuntu-16.04-ppc64el]/Pe_repo::Repo[ubuntu-16.04-ppc64el 2017.3.2]/Pe_staging::Deploy[puppet-agent-ubuntu-16.04-ppc64el.tar.gz]/Pe_staging::File[puppet-agent-ubuntu-16.04-ppc64el.tar.gz]/Exec[/opt/puppetlabs/server/data/staging/pe_repo-puppet-agent-5.3.3/puppet-agent-ubuntu-16.04-ppc64el.tar.gz]/returns: establish a secure connection to it. To learn more about this situation and
Notice: /Stage[main]/Pe_repo::Platform::Ubuntu_1604_ppc64el/Pe_repo::Debian[ubuntu-16.04-ppc64el]/Pe_repo::Repo[ubuntu-16.04-ppc64el 2017.3.2]/Pe_staging::Deploy[puppet-agent-ubuntu-16.04-ppc64el.tar.gz]/Pe_staging::File[puppet-agent-ubuntu-16.04-ppc64el.tar.gz]/Exec[/opt/puppetlabs/server/data/staging/pe_repo-puppet-agent-5.3.3/puppet-agent-ubuntu-16.04-ppc64el.tar.gz]/returns: how to fix it, please visit the web page mentioned above.
Error: 'curl  -f -L -o puppet-agent-ubuntu-16.04-ppc64el.tar.gz https://pm.puppetlabs.com/puppet-agent/2017.3.2/5.3.3/repos/puppet-agent-ubuntu-16.04-ppc64el.tar.gz' returned 60 instead of one of [0]
Error: /Stage[main]/Pe_repo::Platform::Ubuntu_1604_ppc64el/Pe_repo::Debian[ubuntu-16.04-ppc64el]/Pe_repo::Repo[ubuntu-16.04-ppc64el 2017.3.2]/Pe_staging::Deploy[puppet-agent-ubuntu-16.04-ppc64el.tar.gz]/Pe_staging::File[puppet-agent-ubuntu-16.04-ppc64el.tar.gz]/Exec[/opt/puppetlabs/server/data/staging/pe_repo-puppet-agent-5.3.3/puppet-agent-ubuntu-16.04-ppc64el.tar.gz]/returns: change from 'notrun' to ['0'] failed: 'curl  -f -L -o puppet-agent-ubuntu-16.04-ppc64el.tar.gz https://pm.puppetlabs.com/puppet-agent/2017.3.2/5.3.3/repos/puppet-agent-ubuntu-16.04-ppc64el.tar.gz' returned 60 instead of one of [0]
edit retag flag offensive close merge delete

Comments

what is the pe_staging module? Is it your own fork of the staging module at https://forge.puppet.com/puppet/staging ? If so, it doesn't look like it has a parameter to supply a truststore, one could be added to the module, using the `--cacert` or `--capath` variable on the curl command.

DarylW gravatar imageDarylW ( 2018-02-13 07:45:05 -0500 )edit