Hi Erwin,
I have opened SERVER-2979
<https://tickets.puppetlabs.com/browse/SERVER-2979> to investigate your
issue. Any additional info you can add to that ticket would be greatly
appreciated.
In the meantime, you can manually migrate your CA directory:
1. stop the puppetserver service:
systemctl stop puppetserver
2. move your CA directory to the new location:
mv /etc/puppetlabs/puppet/ssl/ca /etc/puppetlabs/puppetserver/ca
3. to maintain backwards compatibility, create a symlink from the new
location to the old location:
ln -sf /etc/puppetlabs/puppetserver/ca /etc/puppetlabs/puppet/ssl/ca
4. restart the puppetserver service:
systemctl start puppetserver
Let us know if you have any other issues.
Thanks!
On Fri, Feb 26, 2021 at 6:40 AM Erwin Bogaard <erwin.boga...@gmail.com>
wrote:
> Hi Molly,
>
> We don't really run an unusual setup: just a regular machine with hostname
> in local DNS available, no IPv6.
> The installed Puppet component versions are as follows:
> puppet-agent-7.4.1-1.el7.x86_64
> puppet-client-tools-1.2.6-1.el7.x86_64
> puppetdb-7.2.0-1.el7.noarch
> puppetdb-termini-7.2.0-1.el7.noarch
> puppet-release-1.0.0-15.el7.noarch
> puppetserver-7.0.3-1.el7.noarch
>
> The requested configuration is as follows:
> networking => {
> dhcp => "192.168.100.1",
> domain => "kntr.xxx.loc",
> fqdn => "puppet01.kntr.xxx.loc",
> hostname => "puppet01",
> ...
> }
> os => {
> architecture => "x86_64",
> family => "RedHat",
> hardware => "x86_64",
> name => "CentOS",
> release => {
> full => "7.9.2009",
> major => "7",
> minor => "9"
> },
> selinux => {
> enabled => false
> }
> }
> ruby => {
> platform => "x86_64-linux",
> sitedir => "/opt/puppetlabs/puppet/lib/ruby/site_ruby/2.7.0",
> version => "2.7.2"
> }
> On Thursday, 25 February 2021 at 19:52:23 UTC+1 Molly Waggett wrote:
>
>> Hi Erwin,
>>
>> The puppetserver ca migrate command must be run while the puppetserver
>> service is stopped, but it looks like we're not catching the particular
>> connection error you're getting when we check to see whether the service is
>> running.
>>
>> I'm wondering if you have an unusual networking setup, e.g. custom DNS
>> config, IPv6, etc.
>> I was not able to reproduce your issue on a first attempt, so it would
>> also be helpful to know which version of puppetserver you're running, what
>> OS platform you're running on, and which version of Ruby you're using.
>>
>> Thanks!
>>
>> On Thu, Feb 25, 2021 at 2:59 AM Erwin Bogaard <erwin....@gmail.com>
>> wrote:
>>
>>>
>>> Hi,
>>>
>>> I'm trying to solve the notofocation about "The cadir is currently
>>> configured to be inside the /etc/puppetlabs/puppet/ssl directory".
>>> When I follow the steps, and run:
>>>
>>> # puppetserver ca migrate --config /etc/puppetlabs/puppet/puppet.conf
>>>
>>> I get the message: "Puppetserver service is running. Please stop it
>>> before attempting to run this command."
>>>
>>> If I then stop the puppetserver service and run the command again, I get
>>> the following Error: "Fatal error when running action 'migrate'
>>> Error: Failed connecting to https://xxx.loc:8140/status/v1/simple/ca
>>> Root cause: Failed to open TCP connection to xxx.loc:8140 (Invalid
>>> argument - connect(2) for "xxx.loc" port 8140)"
>>>
>>> That no connection is possible seems logical, as I stopped the service
>>> prevously.
>>>
>>> If "puppetsever ca migrate" won't run when the service is running, but
>>> it needs to connect to the service, how is that ever going to work? I'm
>>> baffeled.
>>>
>>> As a work around: is there maybe a manual way to execute this migration?
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Puppet Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to puppet-users...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/puppet-users/c4627ffb-887d-490e-9dc6-7b730cdf3622n%40googlegroups.com
>>> <https://groups.google.com/d/msgid/puppet-users/c4627ffb-887d-490e-9dc6-7b730cdf3622n%40googlegroups.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>>
>>
>> --
>> *Molly Waggett*
>> she/her
>> Senior Software Engineer @ Puppet
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/d58e26d1-1cba-4b43-997d-819df7a8381an%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/d58e26d1-1cba-4b43-997d-819df7a8381an%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
--
*Molly Waggett*
she/her
Senior Software Engineer @ Puppet
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAFOE68AM2wAYB1qOanZ6eEH51jvZqqv4aC-1QxXYZapyPVbMRw%40mail.gmail.com.
