Issue #22340 has been updated by Sean Millichamp.
I just encountered this on a dev/test Puppetmaster with PE 2.8.2. It has its own set of everything (PuppetDB, console, Puppetmaster, etc.) running local on the box EXCEPT for the CA (which it shares with production). I was trying to deactivate a node in the PuppetDB on this test box and got the error mentioned in this bug report. After some digging I realized that, for whatever reason, I had the 'certname' setting in puppet.conf in the [master] and [agent] sections, but not in [main]. In our environment certname != FQDN so it has to be explicitly specified. When I moved certname to [main] and removed it from the [master] and [agent] section I was able to successfully submit a node deactivate from the box. My guess is that the SSL certificate it was trying to authenticate with PuppetDB was the FQDN of the box as the certname, not the correct (manually specified) certname, and PuppetDB was legitimately refusing the invalid cert. Certainly the error messages could be more useful on both ends (at the very least, including which certname it was attempting to use) Hope that helps. ---------------------------------------- Bug #22340: puppet node deactivate <node> fails with SSL error https://projects.puppetlabs.com/issues/22340#change-98559 * Author: bruce lysik * Status: Duplicate * Priority: Normal * Assignee: * Category: * Target version: * Affected Puppet version: * Keywords: puppetdb * Branch: ---------------------------------------- puppet master: RHEL 6u2 upgraded with most errata and puppet 3.2.3 packages. puppetdb: RHEL 6u4, and puppetdb-1.4.0, jre1.7.0_13 -bash-4.1$ sudo puppet node deactivate <hostname> Error: Failed to submit 'deactivate node' command for <hostname> to PuppetDB at <puppetdb hostname>:8081: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read finished A Error: Try 'puppet help node deactivate' for usage -bash-4.1$ Other functionality of the puppetdb server is working fine. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/groups/opt_out.
