Re: [Puppet Users] "puppetserver ca migrate" error

[Molly Waggett]

On Thu, Mar 4, 2021 at 4:07 AM Erwin Bogaard 
wrote:

> Hi Molly,
>
> thanks for opening the ticket. No further info to add from my side.
> I just executed the manual migration. To me it seems that way is actually
> easier than the puppetserver migrate-way, where yhou have to look for the
> location of your config file  ;-)
>

For what it's worth, you shouldn't have to look for your config file. The
command will use your puppet.conf file by default, but you can use the
--config flag if you want to use a different config file.

>
> On Wednesday, 3 March 2021 at 22:39:08 UTC+1 Molly Waggett wrote:
>
>> Hi Erwin,
>>
>> I have opened SERVER-2979
>>  to investigate your
>> issue. Any additional info you can add to that ticket would be greatly
>> appreciated.
>>
>> In the meantime, you can manually migrate your CA directory:
>> 1. stop the puppetserver service:
>> systemctl stop puppetserver
>> 2. move your CA directory to the new location:
>> mv /etc/puppetlabs/puppet/ssl/ca /etc/puppetlabs/puppetserver/ca
>> 3. to maintain backwards compatibility, create a symlink from the new
>> location to the old location:
>> ln -sf /etc/puppetlabs/puppetserver/ca /etc/puppetlabs/puppet/ssl/ca
>> 4. restart the puppetserver service:
>> systemctl start puppetserver
>>
>> Let us know if you have any other issues.
>>
>> Thanks!
>>
>> On Fri, Feb 26, 2021 at 6:40 AM Erwin Bogaard 
>> wrote:
>>
>>> Hi Molly,
>>>
>>> We don't really run an unusual setup: just a regular machine with
>>> hostname in local DNS available, no IPv6.
>>> The installed Puppet component versions are as follows:
>>> puppet-agent-7.4.1-1.el7.x86_64
>>> puppet-client-tools-1.2.6-1.el7.x86_64
>>> puppetdb-7.2.0-1.el7.noarch
>>> puppetdb-termini-7.2.0-1.el7.noarch
>>> puppet-release-1.0.0-15.el7.noarch
>>> puppetserver-7.0.3-1.el7.noarch
>>>
>>> The requested configuration is as follows:
>>> networking => {
>>>   dhcp => "192.168.100.1",
>>>   domain => "kntr.xxx.loc",
>>>   fqdn => "puppet01.kntr.xxx.loc",
>>>   hostname => "puppet01",
>>> ...
>>> }
>>> os => {
>>>   architecture => "x86_64",
>>>   family => "RedHat",
>>>   hardware => "x86_64",
>>>   name => "CentOS",
>>>   release => {
>>> full => "7.9.2009",
>>> major => "7",
>>> minor => "9"
>>>   },
>>>   selinux => {
>>> enabled => false
>>>   }
>>> }
>>> ruby => {
>>>   platform => "x86_64-linux",
>>>   sitedir => "/opt/puppetlabs/puppet/lib/ruby/site_ruby/2.7.0",
>>>   version => "2.7.2"
>>> }
>>> On Thursday, 25 February 2021 at 19:52:23 UTC+1 Molly Waggett wrote:
>>>
 Hi Erwin,

 The puppetserver ca migrate command must be run while the puppetserver
 service is stopped, but it looks like we're not catching the particular
 connection error you're getting when we check to see whether the service is
 running.

 I'm wondering if you have an unusual networking setup, e.g. custom DNS
 config, IPv6, etc.
 I was not able to reproduce your issue on a first attempt, so it would
 also be helpful to know which version of puppetserver you're running, what
 OS platform you're running on, and which version of Ruby you're using.

 Thanks!

 On Thu, Feb 25, 2021 at 2:59 AM Erwin Bogaard 
 wrote:

>
> Hi,
>
> I'm trying to solve the notofocation about "The cadir is currently
> configured to be inside the /etc/puppetlabs/puppet/ssl directory".
> When I follow the steps, and run:
>
> #  puppetserver ca migrate --config /etc/puppetlabs/puppet/puppet.conf
>
> I get the message: "Puppetserver service is running. Please stop it
> before attempting to run this command."
>
> If I then stop the puppetserver service and run the command again, I
> get the following Error: "Fatal error when running action 'migrate'
>   Error: Failed connecting to https://xxx.loc:8140/status/v1/simple/ca
>   Root cause: Failed to open TCP connection to xxx.loc:8140 (Invalid
> argument - connect(2) for "xxx.loc" port 8140)"
>
> That no connection is possible seems logical, as I stopped the service
> prevously.
>
> If "puppetsever ca migrate" won't run when the service is running, but
> it needs to connect to the service, how is that ever going to work? I'm
> baffeled.
>
> As a work around: is there maybe a manual way to execute this
> migration?
>
> --
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to puppet-users...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/c4627ffb-887d-490e-9dc6-7b730cdf3622n%40googlegroups.com
> 

Re: [Puppet Users] "puppetserver ca migrate" error

[Erwin Bogaard]

Hi Molly,

thanks for opening the ticket. No further info to add from my side.
I just executed the manual migration. To me it seems that way is actually 
easier than the puppetserver migrate-way, where yhou have to look for the 
location of your config file  ;-)

On Wednesday, 3 March 2021 at 22:39:08 UTC+1 Molly Waggett wrote:

> Hi Erwin,
>
> I have opened SERVER-2979 
>  to investigate your 
> issue. Any additional info you can add to that ticket would be greatly 
> appreciated.
>
> In the meantime, you can manually migrate your CA directory:
> 1. stop the puppetserver service:
> systemctl stop puppetserver
> 2. move your CA directory to the new location:
> mv /etc/puppetlabs/puppet/ssl/ca /etc/puppetlabs/puppetserver/ca
> 3. to maintain backwards compatibility, create a symlink from the new 
> location to the old location:
> ln -sf /etc/puppetlabs/puppetserver/ca /etc/puppetlabs/puppet/ssl/ca
> 4. restart the puppetserver service:
> systemctl start puppetserver 
>
> Let us know if you have any other issues.
>
> Thanks!
>
> On Fri, Feb 26, 2021 at 6:40 AM Erwin Bogaard  wrote:
>
>> Hi Molly,
>>
>> We don't really run an unusual setup: just a regular machine with 
>> hostname in local DNS available, no IPv6.
>> The installed Puppet component versions are as follows:
>> puppet-agent-7.4.1-1.el7.x86_64
>> puppet-client-tools-1.2.6-1.el7.x86_64
>> puppetdb-7.2.0-1.el7.noarch
>> puppetdb-termini-7.2.0-1.el7.noarch
>> puppet-release-1.0.0-15.el7.noarch
>> puppetserver-7.0.3-1.el7.noarch
>>
>> The requested configuration is as follows:
>> networking => {
>>   dhcp => "192.168.100.1",
>>   domain => "kntr.xxx.loc",
>>   fqdn => "puppet01.kntr.xxx.loc",
>>   hostname => "puppet01",
>> ...
>> }
>> os => {
>>   architecture => "x86_64",
>>   family => "RedHat",
>>   hardware => "x86_64",
>>   name => "CentOS",
>>   release => {
>> full => "7.9.2009",
>> major => "7",
>> minor => "9"
>>   },
>>   selinux => {
>> enabled => false
>>   }
>> }
>> ruby => {
>>   platform => "x86_64-linux",
>>   sitedir => "/opt/puppetlabs/puppet/lib/ruby/site_ruby/2.7.0",
>>   version => "2.7.2"
>> }
>> On Thursday, 25 February 2021 at 19:52:23 UTC+1 Molly Waggett wrote:
>>
>>> Hi Erwin,
>>>
>>> The puppetserver ca migrate command must be run while the puppetserver 
>>> service is stopped, but it looks like we're not catching the particular 
>>> connection error you're getting when we check to see whether the service is 
>>> running. 
>>>
>>> I'm wondering if you have an unusual networking setup, e.g. custom DNS 
>>> config, IPv6, etc.
>>> I was not able to reproduce your issue on a first attempt, so it would 
>>> also be helpful to know which version of puppetserver you're running, what 
>>> OS platform you're running on, and which version of Ruby you're using.
>>>
>>> Thanks!
>>>
>>> On Thu, Feb 25, 2021 at 2:59 AM Erwin Bogaard  
>>> wrote:
>>>

 Hi,

 I'm trying to solve the notofocation about "The cadir is currently 
 configured to be inside the /etc/puppetlabs/puppet/ssl directory".
 When I follow the steps, and run:

 #  puppetserver ca migrate --config /etc/puppetlabs/puppet/puppet.conf

 I get the message: "Puppetserver service is running. Please stop it 
 before attempting to run this command."

 If I then stop the puppetserver service and run the command again, I 
 get the following Error: "Fatal error when running action 'migrate'
   Error: Failed connecting to https://xxx.loc:8140/status/v1/simple/ca
   Root cause: Failed to open TCP connection to xxx.loc:8140 (Invalid 
 argument - connect(2) for "xxx.loc" port 8140)"

 That no connection is possible seems logical, as I stopped the service 
 prevously.

 If "puppetsever ca migrate" won't run when the service is running, but 
 it needs to connect to the service, how is that ever going to work? I'm 
 baffeled.

 As a work around: is there maybe a manual way to execute this migration?

 -- 
 You received this message because you are subscribed to the Google 
 Groups "Puppet Users" group.
 To unsubscribe from this group and stop receiving emails from it, send 
 an email to puppet-users...@googlegroups.com.
 To view this discussion on the web visit 
 https://groups.google.com/d/msgid/puppet-users/c4627ffb-887d-490e-9dc6-7b730cdf3622n%40googlegroups.com
  
 
 .

>>>
>>>
>>> -- 
>>> *Molly Waggett*
>>> she/her
>>> Senior Software Engineer @ Puppet
>>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to puppet-users...@googlegroups.com.
>>
> To view this discussion on 

Re: [Puppet Users] "puppetserver ca migrate" error

[Molly Waggett]

Hi Erwin,

I have opened SERVER-2979
 to investigate your
issue. Any additional info you can add to that ticket would be greatly
appreciated.

In the meantime, you can manually migrate your CA directory:
1. stop the puppetserver service:
systemctl stop puppetserver
2. move your CA directory to the new location:
mv /etc/puppetlabs/puppet/ssl/ca /etc/puppetlabs/puppetserver/ca
3. to maintain backwards compatibility, create a symlink from the new
location to the old location:
ln -sf /etc/puppetlabs/puppetserver/ca /etc/puppetlabs/puppet/ssl/ca
4. restart the puppetserver service:
systemctl start puppetserver

Let us know if you have any other issues.

Thanks!

On Fri, Feb 26, 2021 at 6:40 AM Erwin Bogaard 
wrote:

> Hi Molly,
>
> We don't really run an unusual setup: just a regular machine with hostname
> in local DNS available, no IPv6.
> The installed Puppet component versions are as follows:
> puppet-agent-7.4.1-1.el7.x86_64
> puppet-client-tools-1.2.6-1.el7.x86_64
> puppetdb-7.2.0-1.el7.noarch
> puppetdb-termini-7.2.0-1.el7.noarch
> puppet-release-1.0.0-15.el7.noarch
> puppetserver-7.0.3-1.el7.noarch
>
> The requested configuration is as follows:
> networking => {
>   dhcp => "192.168.100.1",
>   domain => "kntr.xxx.loc",
>   fqdn => "puppet01.kntr.xxx.loc",
>   hostname => "puppet01",
> ...
> }
> os => {
>   architecture => "x86_64",
>   family => "RedHat",
>   hardware => "x86_64",
>   name => "CentOS",
>   release => {
> full => "7.9.2009",
> major => "7",
> minor => "9"
>   },
>   selinux => {
> enabled => false
>   }
> }
> ruby => {
>   platform => "x86_64-linux",
>   sitedir => "/opt/puppetlabs/puppet/lib/ruby/site_ruby/2.7.0",
>   version => "2.7.2"
> }
> On Thursday, 25 February 2021 at 19:52:23 UTC+1 Molly Waggett wrote:
>
>> Hi Erwin,
>>
>> The puppetserver ca migrate command must be run while the puppetserver
>> service is stopped, but it looks like we're not catching the particular
>> connection error you're getting when we check to see whether the service is
>> running.
>>
>> I'm wondering if you have an unusual networking setup, e.g. custom DNS
>> config, IPv6, etc.
>> I was not able to reproduce your issue on a first attempt, so it would
>> also be helpful to know which version of puppetserver you're running, what
>> OS platform you're running on, and which version of Ruby you're using.
>>
>> Thanks!
>>
>> On Thu, Feb 25, 2021 at 2:59 AM Erwin Bogaard 
>> wrote:
>>
>>>
>>> Hi,
>>>
>>> I'm trying to solve the notofocation about "The cadir is currently
>>> configured to be inside the /etc/puppetlabs/puppet/ssl directory".
>>> When I follow the steps, and run:
>>>
>>> #  puppetserver ca migrate --config /etc/puppetlabs/puppet/puppet.conf
>>>
>>> I get the message: "Puppetserver service is running. Please stop it
>>> before attempting to run this command."
>>>
>>> If I then stop the puppetserver service and run the command again, I get
>>> the following Error: "Fatal error when running action 'migrate'
>>>   Error: Failed connecting to https://xxx.loc:8140/status/v1/simple/ca
>>>   Root cause: Failed to open TCP connection to xxx.loc:8140 (Invalid
>>> argument - connect(2) for "xxx.loc" port 8140)"
>>>
>>> That no connection is possible seems logical, as I stopped the service
>>> prevously.
>>>
>>> If "puppetsever ca migrate" won't run when the service is running, but
>>> it needs to connect to the service, how is that ever going to work? I'm
>>> baffeled.
>>>
>>> As a work around: is there maybe a manual way to execute this migration?
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Puppet Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to puppet-users...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/puppet-users/c4627ffb-887d-490e-9dc6-7b730cdf3622n%40googlegroups.com
>>> 
>>> .
>>>
>>
>>
>> --
>> *Molly Waggett*
>> she/her
>> Senior Software Engineer @ Puppet
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/d58e26d1-1cba-4b43-997d-819df7a8381an%40googlegroups.com
> 
> .
>


-- 
*Molly Waggett*
she/her
Senior Software Engineer @ Puppet

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 

Re: [Puppet Users] "puppetserver ca migrate" error

[Erwin Bogaard]

Hi Molly,

We don't really run an unusual setup: just a regular machine with hostname 
in local DNS available, no IPv6.
The installed Puppet component versions are as follows:
puppet-agent-7.4.1-1.el7.x86_64
puppet-client-tools-1.2.6-1.el7.x86_64
puppetdb-7.2.0-1.el7.noarch
puppetdb-termini-7.2.0-1.el7.noarch
puppet-release-1.0.0-15.el7.noarch
puppetserver-7.0.3-1.el7.noarch

The requested configuration is as follows:
networking => {
  dhcp => "192.168.100.1",
  domain => "kntr.xxx.loc",
  fqdn => "puppet01.kntr.xxx.loc",
  hostname => "puppet01",
...
}
os => {
  architecture => "x86_64",
  family => "RedHat",
  hardware => "x86_64",
  name => "CentOS",
  release => {
full => "7.9.2009",
major => "7",
minor => "9"
  },
  selinux => {
enabled => false
  }
}
ruby => {
  platform => "x86_64-linux",
  sitedir => "/opt/puppetlabs/puppet/lib/ruby/site_ruby/2.7.0",
  version => "2.7.2"
}
On Thursday, 25 February 2021 at 19:52:23 UTC+1 Molly Waggett wrote:

> Hi Erwin,
>
> The puppetserver ca migrate command must be run while the puppetserver 
> service is stopped, but it looks like we're not catching the particular 
> connection error you're getting when we check to see whether the service is 
> running. 
>
> I'm wondering if you have an unusual networking setup, e.g. custom DNS 
> config, IPv6, etc.
> I was not able to reproduce your issue on a first attempt, so it would 
> also be helpful to know which version of puppetserver you're running, what 
> OS platform you're running on, and which version of Ruby you're using.
>
> Thanks!
>
> On Thu, Feb 25, 2021 at 2:59 AM Erwin Bogaard  wrote:
>
>>
>> Hi,
>>
>> I'm trying to solve the notofocation about "The cadir is currently 
>> configured to be inside the /etc/puppetlabs/puppet/ssl directory".
>> When I follow the steps, and run:
>>
>> #  puppetserver ca migrate --config /etc/puppetlabs/puppet/puppet.conf
>>
>> I get the message: "Puppetserver service is running. Please stop it 
>> before attempting to run this command."
>>
>> If I then stop the puppetserver service and run the command again, I get 
>> the following Error: "Fatal error when running action 'migrate'
>>   Error: Failed connecting to https://xxx.loc:8140/status/v1/simple/ca
>>   Root cause: Failed to open TCP connection to xxx.loc:8140 (Invalid 
>> argument - connect(2) for "xxx.loc" port 8140)"
>>
>> That no connection is possible seems logical, as I stopped the service 
>> prevously.
>>
>> If "puppetsever ca migrate" won't run when the service is running, but it 
>> needs to connect to the service, how is that ever going to work? I'm 
>> baffeled.
>>
>> As a work around: is there maybe a manual way to execute this migration?
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to puppet-users...@googlegroups.com.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/puppet-users/c4627ffb-887d-490e-9dc6-7b730cdf3622n%40googlegroups.com
>>  
>> 
>> .
>>
>
>
> -- 
> *Molly Waggett*
> she/her
> Senior Software Engineer @ Puppet
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/d58e26d1-1cba-4b43-997d-819df7a8381an%40googlegroups.com.

Re: [Puppet Users] "puppetserver ca migrate" error

[Molly Waggett]

Hi Erwin,

The puppetserver ca migrate command must be run while the puppetserver
service is stopped, but it looks like we're not catching the particular
connection error you're getting when we check to see whether the service is
running.

I'm wondering if you have an unusual networking setup, e.g. custom DNS
config, IPv6, etc.
I was not able to reproduce your issue on a first attempt, so it would also
be helpful to know which version of puppetserver you're running, what OS
platform you're running on, and which version of Ruby you're using.

Thanks!

On Thu, Feb 25, 2021 at 2:59 AM Erwin Bogaard 
wrote:

>
> Hi,
>
> I'm trying to solve the notofocation about "The cadir is currently
> configured to be inside the /etc/puppetlabs/puppet/ssl directory".
> When I follow the steps, and run:
>
> #  puppetserver ca migrate --config /etc/puppetlabs/puppet/puppet.conf
>
> I get the message: "Puppetserver service is running. Please stop it before
> attempting to run this command."
>
> If I then stop the puppetserver service and run the command again, I get
> the following Error: "Fatal error when running action 'migrate'
>   Error: Failed connecting to https://xxx.loc:8140/status/v1/simple/ca
>   Root cause: Failed to open TCP connection to xxx.loc:8140 (Invalid
> argument - connect(2) for "xxx.loc" port 8140)"
>
> That no connection is possible seems logical, as I stopped the service
> prevously.
>
> If "puppetsever ca migrate" won't run when the service is running, but it
> needs to connect to the service, how is that ever going to work? I'm
> baffeled.
>
> As a work around: is there maybe a manual way to execute this migration?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/c4627ffb-887d-490e-9dc6-7b730cdf3622n%40googlegroups.com
> 
> .
>


-- 
*Molly Waggett*
she/her
Senior Software Engineer @ Puppet

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAFOE68BoFH--d632-qBiB%2BsfL80BX%3Do7JXExOiN04HU1p9d2NQ%40mail.gmail.com.

[Puppet Users] "puppetserver ca migrate" error

[Erwin Bogaard]

Hi,

I'm trying to solve the notofocation about "The cadir is currently 
configured to be inside the /etc/puppetlabs/puppet/ssl directory".
When I follow the steps, and run:

#  puppetserver ca migrate --config /etc/puppetlabs/puppet/puppet.conf

I get the message: "Puppetserver service is running. Please stop it before 
attempting to run this command."

If I then stop the puppetserver service and run the command again, I get 
the following Error: "Fatal error when running action 'migrate'
  Error: Failed connecting to https://xxx.loc:8140/status/v1/simple/ca
  Root cause: Failed to open TCP connection to xxx.loc:8140 (Invalid 
argument - connect(2) for "xxx.loc" port 8140)"

That no connection is possible seems logical, as I stopped the service 
prevously.

If "puppetsever ca migrate" won't run when the service is running, but it 
needs to connect to the service, how is that ever going to work? I'm 
baffeled.

As a work around: is there maybe a manual way to execute this migration?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/c4627ffb-887d-490e-9dc6-7b730cdf3622n%40googlegroups.com.