[Puppet Users] Re: Thu Nov 29 10:17:51 +0000 2012 Puppet (err): Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to submit 'replace facts' command for XXX to PuppetDB at puppetdb.aus-tx.colo:8081: SSL_connect SYSCALL returne

Thu, 29 Nov 2012 10:25:11 -0800 

I had the same setup issue.

Go to your CA server and copy the puppet master unique certname .pem  from 
/var/lib/puppet/ssl/{certs,private_key/ to both your puppet master workers 
and restart apache.

Also make sure to follow this: 
http://docs.puppetlabs.com/guides/scaling_multiple_masters.html

The dns_alt_names part is very important:

 $ sudo puppet agent --test --dns_alt_names 
"master2.example.com,puppet,puppet.example.com"


I hope it helps, I spent a few hours until I got it figured out :)

Regards,
Felipe

On Thursday, November 29, 2012 3:31:59 AM UTC-8, Kalyana sundaram wrote:
>
> I have set up two puppet masters (load balanced) with a separate ca 
> server(ca is set false on masters). I brought up a new server for puppetDB. 
> It got certs signed from ca_server and ran puppet agent without any issue. 
> But when I started puppetdb and changed puppet master's conf to use 
> puppetdb(as per docs for puppetdb). This error started to come and 
> basically stopped puppet run
>  
>
>> Thu Nov 29 10:17:51 +0000 2012 Puppet (err): Could not retrieve catalog 
>> from remote server: Error 400 on SERVER: Failed to submit 'replace facts' 
>> command for XXX to PuppetDB at puppetdb.aus-tx.colo:8081: SSL_connect 
>> SYSCALL returned=5 errno=0 state=SSLv3 read finished A
>
>
> The puppetdb log throws
>   
>
>>    [qtp665563146-341] [io.nio] javax.net.ssl.SSLHandshakeException: null 
>> cert chain
>
>
> I tested a https curl using command
>
>>  curl -H "Accept: application/json" 'https://puppetdb:8081/facts' 
>> --cacert /var/lib/puppet/ssl/certs/ca.pem --cert 
>> /var/lib/puppet/ssl/certs/puppetmaster.pem --key 
>> /var/lib/puppet/ssl/private_keys/puppetmaster.pem 
>
>   
> The curl didnt throw any error
>
> I am struck here for a long time. Pls do share your expertise
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/0g0BjWoGEnoJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Reply via email to