Setting the 'ssl_host=' param to 0.0.0.0 turned the trick (so to speak). I kept trying variations on what the ssl cert was created for.
Thank you for clearing this up for me. On Thursday, December 5, 2013 1:17:51 PM UTC-8, Ken Barber wrote: > > Can you show your jetty.ini? And the results of running > puppetdb-ssl-setup ... the more information the better in these kinds > of cases. > > Also - is PuppetDB listening to port 8080? > > On Thu, Dec 5, 2013 at 9:15 PM, Jon Yeargers <[email protected]<javascript:>> > wrote: > > I used 'puppetdb-ssl-setup' (after removing the ssl folder) to no avail. > > > > (sorry about cross posting - I thought I had removed the 'ask' entry) > > > > > > On Thursday, December 5, 2013 12:25:24 PM UTC-8, Ken Barber wrote: > >> > >> I responded to this in ask, but I'll answer here also. > >> > >> In the file /etc/puppetdb/conf.d/jetty.ini, the settings ssl-host and > >> ssl-port must be set to listen on the SSL port (8081). However, if > >> your ssl certs aren't yet configured this may fail for you. Usually > >> puppetdb-ssl-setup is a good way to set these up automatically, so try > >> this first. For ssl-host I usually recommend something like ::1 or > >> 0.0.0.0 to listen on all ports for simplicity, but you can make this > >> explicit if you like. > >> > >> ken. > >> > >> > >> > >> On Thu, Dec 5, 2013 at 7:48 PM, Jon Yeargers <[email protected]> > wrote: > >> > I did `yum update` on my puppet server about a week ago. Up to that > >> > point I > >> > had puppet and puppetdb running on the same machine. Since the update > >> > puppetdb doesn't appear to be listening on port 8081 anymore. > >> > > >> > When I run `puppet agent --test` on a client I get this error: > >> > > >> > err: Could not retrieve catalog from remote server: Error 400 on > >> > SERVER: > >> > Failed to submit 'replace facts' command for plugpc-005.client to > >> > PuppetDB > >> > at puppet.server:8081: Connection refused - connect(2) > >> > > >> > Looking at `nmap -P0 puppet.server` shows that port 8081 isn't open. > >> > Trying > >> > `telnet puppet.server 8081` confirms this. > >> > > >> > My configs are all set using the values from > >> > > >> > [here].( > http://docs.puppetlabs.com/puppetdb/latest/connect_puppet_master.html). > >> > > >> > `ps -ax` shows that the processes are running: > >> > > >> > 2040 ? Ss 4:55 /usr/sbin/openvpn --daemon --writepid > >> > /var/run/openvpn/puppet.pid --config puppet.conf --cd /etc/openvpn > >> > --script-security 2 > >> > 29737 ? Sl 0:37 /usr/bin/java > -XX:OnOutOfMemoryError=kill > >> > -9 > >> > %p -Xmx192m -XX:+HeapDumpOnOutOfMemoryError > >> > -XX:HeapDumpPath=/var/log/puppetdb/puppetdb-oom.hprof -jar > >> > /usr/share/puppetdb/puppetdb.jar services -c /etc/puppetdb/conf.d > >> > 29924 ? Sl 0:01 Passenger AppPreloader: > >> > /usr/share/puppet/rack/puppetmasterd > >> > 29963 ? Sl 0:00 Passenger RackApp: > >> > /usr/share/puppet/rack/puppetmasterd > >> > > >> > > >> > The output of `netstat -nap | grep 8081` is empty. > >> > > >> > Turning off iptables doesn't make any difference. (not that it would > - > >> > nobody is listening at the port anyway) > >> > > >> > NOTE: This system was working ok before the update. I could download > >> > configs > >> > to clients and query the db for the results. > >> > > >> > So - what did I break? > >> > > >> > -- > >> > You received this message because you are subscribed to the Google > >> > Groups > >> > "Puppet Users" group. > >> > To unsubscribe from this group and stop receiving emails from it, > send > >> > an > >> > email to [email protected]. > >> > To view this discussion on the web visit > >> > > >> > > https://groups.google.com/d/msgid/puppet-users/f4f93c97-a763-40c4-96c6-6c341893fc74%40googlegroups.com. > > > >> > For more options, visit https://groups.google.com/groups/opt_out. > > > > -- > > You received this message because you are subscribed to the Google > Groups > > "Puppet Users" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > To view this discussion on the web visit > > > https://groups.google.com/d/msgid/puppet-users/6e94f3ef-4320-4b49-b430-10f646f220cc%40googlegroups.com. > > > > > > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/ebec75a1-e06c-4931-9b31-b1955908cd02%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
