The problem is that the puppetdb certificate is not for localhost, but for puppetdb hostname.
You have two options: 1. Set in /etc/hosts puppetdb as alias of localhost 2. Generate a new certificate for the puppetdb with an alias for local host as valid hostname. I would prefer option 1. Regards, El 13/06/2014 02:29, "Chris" <[email protected]> escribió: > Hi all, > > I'm trying to set up something that will have multiple puppet masters > (with one as the CA) and multiple puppet db's (they will be geographically > dispersed). > > The multi-masters stuff all works fine, but I'm struggling with multiple > puppet db's. > > Ideally I'd like puppet db to live on the same server as the puppet master > for a particular region (so a master + puppetdb in US, one in UK, one in AU > for starters) but I'm not sure if that's supported at all. > > I've got puppetdb on the master CA server and that works fine, but if I > point the other masters to 'localhost' (in puppetdb.conf) I get ssl errors > on the agent runs: > > Error: Could not retrieve catalog from remote server: Error 400 on SERVER: > Failed to submit 'replace facts' command for client1.local to PuppetDB at > localhost:8081: SSL_connect returned=1 errno=0 state=SSLv3 read server > certificate B: certificate verify failed: [certificate revoked for > /CN=puppetmaster1.local] > > I saw in the puppetdb docs about using postgres replication to do things > but if an agent has to go back to the main server for every run to report, > I don't understand why you'd want to do that. > > Any help or ideas would be great. > > Cheers, > Chris. > -- > Postgresql & php tutorials > http://www.designmagick.com/ > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/puppet-users/539A45DF.2070100%40gmail.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAF_B3ddhPWixU7H3Kfx2Y7qaSm_hLA_6_uFUZ1cFTJJduXxkVw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
