[Puppet Users] PuppetDB: SSL problems

[kl . puppetuser]

Hi all,

I'm setting up puppetdb to for storing facts et cetera. I installed 
puppetdb-1.3.0-1.el6.noarch.rpm on my puppetdb.local host (which is 
puppetized). This seems to work, service starts :).

When I edit the settings on my puppetmaster (puppet.local), something goes 
wrong. I am following the guide [1]. I put the settings (storeconfigs = 
true, storeconfigs_backend=puppetdb) on my puppetmaster and restart the 
puppetmaster. When I do a --onetime on a node, I get the following error:

Error: Could not retrieve catalog from remote server: Error 400 on SERVER: 
Failed to submit 'replace facts' command for gaia.local
to PuppetDB at puppetdb.local:8081: SSL_connect SYSCALL returned=5 errno=0 
state=SSLv3 read finished A
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

I'm thinking the problem is that I'm using gaia.local as the host name. 
Puppet.local is an alias for gaia.local.


*Extra info:*
For completeness, the error on the puppetdb is:
WARN [qtp788652058-42] [io.nio] javax.net.ssl.SSLHandshakeException: null 
cert chain

keystore.jks on the puppetdb has puppetdb.local with print 
8C:E6:D1:02:89:9E:25:D3:E8:8F:63:75:8F:85:59:B5:17:BE:F8:47
truststore.jks on puppetdb has 'puppetdb ca' with print 
62:8F:76:CE:5C:9D:23:B0:1D:9D:7A:2F:39:5A:74:43:1D:BB:D9:1E

$ openssl verify -CAfile /etc/puppet/ssl/ca/ca_crt.pem `puppet master 
--configprint hostcert`
/etc/puppet/ssl/certs/puppetdb.kahuna.local.pem: OK

(yes, I have the SSL certs in /etc/puppet)

If someone could help, that would be great. I'm running in circles here.

*Thanks!*
kl

[1] http://docs.puppetlabs.com/puppetdb/1.3/connect_puppet_master.html

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] PuppetDB: SSL problems

[Stefan Schulte]

On Wed, 8 May 2013 07:01:56 -0700 (PDT)
kl.puppetu...@gmail.com wrote:

 
 Error: Could not retrieve catalog from remote server: Error 400 on
 SERVER: Failed to submit 'replace facts' command for gaia.local
 to PuppetDB at puppetdb.local:8081: SSL_connect SYSCALL returned=5
 errno=0 state=SSLv3 read finished A
 Warning: Not using cache on failed catalog
 Error: Could not retrieve catalog; skipping run
 

seems to be an issue with OpenJDK7. Reverting to Java6 solved the
problem for a lot of users.

issue is described here: http://projects.puppetlabs.com/issues/19884

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.