[Pkg-puppet-devel] RFP: puppetdb-termini -- Enable a Puppet master to connect to PuppetDB

micah micah at debian.org
Fri Feb 3 16:55:30 UTC 2017


Hi,

Apollon Oikonomopoulos <apoikos at debian.org> writes:
>  - puppet 4.8.2-1 will (hopefully) migrate to testing tomorrow, 3 days 
>    before the Freeze. This will be the first version in Stretch 
>    supporting Puppet 3 clients.

This has migrated. I've upgraded my Stretch puppet4 server to 4.8.2-1
and am testing it.

Unfortunately, I've already found a problem. If I have a new puppet3
node and I do:

root at puppetdb:~# puppet agent -t
Exiting; no certificate found and waitforcert is disabled
root at puppetdb:~#

It doesn't generate a CSR, there is no /var/lib/puppet/ssl
directory. Yes, this is puppet3 that is failing here, but I suspect it
is because it is not getting the right response from the master.

On the master, I see nothing in the puppet logs, but I do see in the
apache logs:

newpuppetmaster:8140 0.0.0.0 - - [03/Feb/2017:08:41:30 -0800] "GET /production/certificate/puppetdb? HTTP/1.1" 404 5361 "-" "Ruby"

but nothing else. The puppetmaster has no certs pending to be signed and
only has one cert signed (the puppetmaster itself). There is nothing in
/var/lib/puppet/ssl on the master besides the puppetmaster cert bits.

I'm wondering if this works for others, or if maybe this part of the
puppet3 compatibility was missed?

micah
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 962 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-puppet-devel/attachments/20170203/2de7db8a/attachment.sig>


More information about the Pkg-puppet-devel mailing list