Skip to content

deleting hosts in foreman gives SSL error no matter what we change #29

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Simoliv opened this issue Feb 1, 2017 · 4 comments
Open

deleting hosts in foreman gives SSL error no matter what we change #29

Simoliv opened this issue Feb 1, 2017 · 4 comments

Comments

@Simoliv
Copy link

Simoliv commented Feb 1, 2017
edited
Loading

we are currently having a problem with deleting hosts in foreman, which always leads to a

Error: Could not deactivate host on PuppetDB: SSL_connect SYSCALL returned=5 errno=0 state=unknown state

It doesnt matter what we try to change, it seems we cannot get around this error. Can someone shed some light into this and tell us

  • which ssl certificates must be used in puppetdb in /etc/puppetlabs/puppetdb/conf.d/jetty.ini
  • which is the correct URL for puppetdb_address in foreman (:8081/v2/commands ? /pdb/cmd/.. ?) Found so many different suggestions .. not sure which one is correct now
  • does the name that is being used in foreman for puppetdb play any role ? for verification or whatever it does ?

We currently run
foreman 1.14.0-1
ruby-puppetdb-foreman 2.0.0-1
puppetserver 2.7.2-1puppetlabs1
puppetdb 4.3.0-1puppetlabs1

When we run commands from the cmd, everything looks good, but of course, then foreman is out of the game, right ?

We would really appreciate if someone could help here.

regards, Oliver
@anthonysomerset
Copy link

adding a me too to this

Puppet 3.8
foreman 1.14.3
ruby-puppetdb-foreman 2.0.0-1
puppetdb 2.3 (later versions don't appear to support puppet < 4.0

@timogoebel
Copy link
Member

which ssl certificates must be used in puppetdb in /etc/puppetlabs/puppetdb/conf.d/jetty.ini

You need to use the puppet certificates of your Foreman server. Just run the following commands:

# Foreman setting: puppetdb_ssl_certificate
puppet config print hostcert
# Foreman setting: puppetdb_ssl_private_key
puppet config print hostprivkey
# Foreman setting: puppetdb_ssl_ca_file
puppet config print localcacert

which is the correct URL for puppetdb_address in foreman (:8081/v2/commands ? /pdb/cmd/.. ?) Found so many different suggestions .. not sure which one is correct now

This depends on your environment. These values should work if you have a fairly standard setup.

For PuppetDB 4: https://puppetdb.example.com:8081/pdb/cmd/v1
For PuppetDB 2.3: https://puppetdb.example.com:8081/v3/commands

does the name that is being used in foreman for puppetdb play any role ? for verification or whatever it does ?

I don't know what name you mean exactly, but this should not matter.

@anthonysomerset:
foreman_puppetdb 2.0.0 has some issues with an older puppetdb. Try with the latest 1.0 release or wait for 3.0.1, that addresses these issues and should be available in repos by tomorrow.

Guys, let me know if that helps.

@anthonysomerset
Copy link

tried the relevant SSL settings with no joy - had to download to the 1.0.x plugin from foreman repo's

looking forward to v3.x

if only i could update puppetdb to a more current version but its the last version to support anything lower than puppet 4.0 and we not quite ready to make that jump yet

@timogoebel
Copy link
Member

@anthonysomerset , @oliver-si: Has the 3.0.2 version fixed your issues?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@anthonysomerset @timogoebel @Simoliv