Puppet version compatibility problems

asked 2018-04-27 06:23:43 -0500

I am runnign puppet to manage my servers. We use different Linux-Version from different vendors:

  • SuSE SLES 11SP4 ... SLES12SP3
  • openSuSE 42.x
  • Ubuntu LTS 14.04 ... Ubuntu LTS 16.04 (in the near future: Ubuntu 18.04)

Up to now I am running a puppet server on SLES12SP3 the latest SLES version which provides a package with puppet-server 3.8.5. On the clients I have Version from 3.4.3 to 3.8.7.

Using this setup everything still works fine, I have no compatibility issues.

Now very recenrtly Ubuntu LTS 18.04 came out and the puppet version here is 5.4.0 and it seems to me that this version is no longer compatible with my 3.8.7 puppet server. Trying to request a cert from the puppet server results in an error message. The cert is generated after all, but even if I sign it on the master the next puppet agent call on the Ubuntu18 client results in the same error again:

root@ubuntu2:~# puppet agent -t Warning: Downgrading to PSON for future requests Error: Could not request certificate: Error 400 on SERVER: The environment must be purely alphanumeric, not 'puppet-ca' Exiting; failed to retrieve certificate and waitforcert is disabled

The problem is there is no more recent puppet server version for SLES from SuSE. There is a version offered by puppet: A 5.3 version for download for Ubuntu as well as SLES. The problem is that I read that this server needs at least puppet agents with version 5, which in turn I cannort find for my older e.g SLES11 systems.

At the moment its puzzling for me to find out what agent is compatible with what server. Is there somewhere a kind of compatibility matrix to see which agent is compatible with which server version?

Is there another way to get all my Linux versions managed by one puppet server, if possible without replacing puppet on all my clients ?

Thanks a lot for your help Rainer

answered 2018-05-07 18:33:20 -0500

SLES11 is supported as an agent. Follow the directions on this page,

Puppet 3.x is over a year EOL, so I'd suggest upgrading your infrastructure as soon as you can.

