PuppetDB: unable to get local issuer certificate
I'm attempting to use puppetdb on but I'm running into some issues.
I have a node called puppet. It is the master as well as where I've installed puppetdb. It's also a node that puppet manages.
When I run puppet -t on the puppet node I get:
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: Error 400 on SERVER: Could not retrieve facts for puppet.example.com:
Failed to submit 'replace facts' command for puppet.example.com to PuppetDB at
puppet:8081: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate
B: certificate verify failed: [unable to get local issuer certificate for
/CN=puppet.example.com]
I'm assuming that something is wrong w/ the SSL but I'm not sure what to change or where to look.
It looks like problem with hostname on PuppetDB (master) server. Make sure that hostname -f outputs address that is resolvable from all node where puppet agent runs.
From the error log it seems that the hostname is just puppet:
Failed to submit 'replace facts' command for puppet.example.com to PuppetDB at
puppet:8081
Then move old certificates
-
for PuppetDB 2.x:
mv /etc/puppet/puppetdb/ssl/ /etc/puppet/puppetdb/ssl-old puppetdb-ssl-setup -f -
for PuppetDB 3.x and newer:
mv /etc/puppetlabs/puppetdb/ssl/ /etc/puppetlabs/puppetdb/ssl-old puppetdb ssl-setup -f
Finally restart the service:
service puppetdb restart