puppetdb_foreman icon indicating copy to clipboard operation
puppetdb_foreman copied to clipboard

Published 20 hours ago verified publisher icon theforeman

deleting hosts in foreman gives SSL error no matter what we change

Open Simoliv opened this issue 8 years ago • 4 comments

we are currently having a problem with deleting hosts in foreman, which always leads to a

Error: Could not deactivate host on PuppetDB: SSL_connect SYSCALL returned=5 errno=0 state=unknown state

It doesnt matter what we try to change, it seems we cannot get around this error. Can someone shed some light into this and tell us

  • which ssl certificates must be used in puppetdb in /etc/puppetlabs/puppetdb/conf.d/jetty.ini
  • which is the correct URL for puppetdb_address in foreman (:8081/v2/commands ? /pdb/cmd/.. ?) Found so many different suggestions .. not sure which one is correct now
  • does the name that is being used in foreman for puppetdb play any role ? for verification or whatever it does ?

We currently run foreman 1.14.0-1 ruby-puppetdb-foreman 2.0.0-1 puppetserver 2.7.2-1puppetlabs1 puppetdb 4.3.0-1puppetlabs1

When we run commands from the cmd, everything looks good, but of course, then foreman is out of the game, right ?

We would really appreciate if someone could help here.

regards, Oliver

Simoliv avatar Feb 01 '17 22:02 Simoliv

adding a me too to this

Puppet 3.8 foreman 1.14.3 ruby-puppetdb-foreman 2.0.0-1 puppetdb 2.3 (later versions don't appear to support puppet < 4.0

anthonysomerset avatar Apr 25 '17 21:04 anthonysomerset

which ssl certificates must be used in puppetdb in /etc/puppetlabs/puppetdb/conf.d/jetty.ini

You need to use the puppet certificates of your Foreman server. Just run the following commands:

# Foreman setting: puppetdb_ssl_certificate
puppet config print hostcert
# Foreman setting: puppetdb_ssl_private_key
puppet config print hostprivkey
# Foreman setting: puppetdb_ssl_ca_file
puppet config print localcacert

which is the correct URL for puppetdb_address in foreman (:8081/v2/commands ? /pdb/cmd/.. ?) Found so many different suggestions .. not sure which one is correct now

This depends on your environment. These values should work if you have a fairly standard setup.

For PuppetDB 4: https://puppetdb.example.com:8081/pdb/cmd/v1 For PuppetDB 2.3: https://puppetdb.example.com:8081/v3/commands

does the name that is being used in foreman for puppetdb play any role ? for verification or whatever it does ?

I don't know what name you mean exactly, but this should not matter.

@anthonysomerset: foreman_puppetdb 2.0.0 has some issues with an older puppetdb. Try with the latest 1.0 release or wait for 3.0.1, that addresses these issues and should be available in repos by tomorrow.

Guys, let me know if that helps.

timogoebel avatar Apr 26 '17 06:04 timogoebel

tried the relevant SSL settings with no joy - had to download to the 1.0.x plugin from foreman repo's

looking forward to v3.x

if only i could update puppetdb to a more current version but its the last version to support anything lower than puppet 4.0 and we not quite ready to make that jump yet

anthonysomerset avatar Apr 26 '17 14:04 anthonysomerset

@anthonysomerset , @Oliver-Si: Has the 3.0.2 version fixed your issues?

timogoebel avatar May 11 '17 13:05 timogoebel