The problem is that the puppetdb certificate is not for localhost, but for puppetdb hostname.
You have two options: 1. Set in /etc/hosts puppetdb as alias of localhost 2. Generate a new certificate for the puppetdb with an alias for local host as valid hostname. I would prefer option 1. Regards, El 13/06/2014 02:29, "Chris" <dmag...@gmail.com> escribió: > Hi all, > > I'm trying to set up something that will have multiple puppet masters > (with one as the CA) and multiple puppet db's (they will be geographically > dispersed). > > The multi-masters stuff all works fine, but I'm struggling with multiple > puppet db's. > > Ideally I'd like puppet db to live on the same server as the puppet master > for a particular region (so a master + puppetdb in US, one in UK, one in AU > for starters) but I'm not sure if that's supported at all. > > I've got puppetdb on the master CA server and that works fine, but if I > point the other masters to 'localhost' (in puppetdb.conf) I get ssl errors > on the agent runs: > > Error: Could not retrieve catalog from remote server: Error 400 on SERVER: > Failed to submit 'replace facts' command for client1.local to PuppetDB at > localhost:8081: SSL_connect returned=1 errno=0 state=SSLv3 read server > certificate B: certificate verify failed: [certificate revoked for > /CN=puppetmaster1.local] > > I saw in the puppetdb docs about using postgres replication to do things > but if an agent has to go back to the main server for every run to report, > I don't understand why you'd want to do that. > > Any help or ideas would be great. > > Cheers, > Chris. > -- > Postgresql & php tutorials > http://www.designmagick.com/ > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/puppet-users/539A45DF.2070100%40gmail.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAF_B3ddhPWixU7H3Kfx2Y7qaSm_hLA_6_uFUZ1cFTJJduXxkVw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
