Hi Molly, thanks for opening the ticket. No further info to add from my side. I just executed the manual migration. To me it seems that way is actually easier than the puppetserver migrate-way, where yhou have to look for the location of your config file ;-)
On Wednesday, 3 March 2021 at 22:39:08 UTC+1 Molly Waggett wrote: > Hi Erwin, > > I have opened SERVER-2979 > <https://tickets.puppetlabs.com/browse/SERVER-2979> to investigate your > issue. Any additional info you can add to that ticket would be greatly > appreciated. > > In the meantime, you can manually migrate your CA directory: > 1. stop the puppetserver service: > systemctl stop puppetserver > 2. move your CA directory to the new location: > mv /etc/puppetlabs/puppet/ssl/ca /etc/puppetlabs/puppetserver/ca > 3. to maintain backwards compatibility, create a symlink from the new > location to the old location: > ln -sf /etc/puppetlabs/puppetserver/ca /etc/puppetlabs/puppet/ssl/ca > 4. restart the puppetserver service: > systemctl start puppetserver > > Let us know if you have any other issues. > > Thanks! > > On Fri, Feb 26, 2021 at 6:40 AM Erwin Bogaard <[email protected]> wrote: > >> Hi Molly, >> >> We don't really run an unusual setup: just a regular machine with >> hostname in local DNS available, no IPv6. >> The installed Puppet component versions are as follows: >> puppet-agent-7.4.1-1.el7.x86_64 >> puppet-client-tools-1.2.6-1.el7.x86_64 >> puppetdb-7.2.0-1.el7.noarch >> puppetdb-termini-7.2.0-1.el7.noarch >> puppet-release-1.0.0-15.el7.noarch >> puppetserver-7.0.3-1.el7.noarch >> >> The requested configuration is as follows: >> networking => { >> dhcp => "192.168.100.1", >> domain => "kntr.xxx.loc", >> fqdn => "puppet01.kntr.xxx.loc", >> hostname => "puppet01", >> ... >> } >> os => { >> architecture => "x86_64", >> family => "RedHat", >> hardware => "x86_64", >> name => "CentOS", >> release => { >> full => "7.9.2009", >> major => "7", >> minor => "9" >> }, >> selinux => { >> enabled => false >> } >> } >> ruby => { >> platform => "x86_64-linux", >> sitedir => "/opt/puppetlabs/puppet/lib/ruby/site_ruby/2.7.0", >> version => "2.7.2" >> } >> On Thursday, 25 February 2021 at 19:52:23 UTC+1 Molly Waggett wrote: >> >>> Hi Erwin, >>> >>> The puppetserver ca migrate command must be run while the puppetserver >>> service is stopped, but it looks like we're not catching the particular >>> connection error you're getting when we check to see whether the service is >>> running. >>> >>> I'm wondering if you have an unusual networking setup, e.g. custom DNS >>> config, IPv6, etc. >>> I was not able to reproduce your issue on a first attempt, so it would >>> also be helpful to know which version of puppetserver you're running, what >>> OS platform you're running on, and which version of Ruby you're using. >>> >>> Thanks! >>> >>> On Thu, Feb 25, 2021 at 2:59 AM Erwin Bogaard <[email protected]> >>> wrote: >>> >>>> >>>> Hi, >>>> >>>> I'm trying to solve the notofocation about "The cadir is currently >>>> configured to be inside the /etc/puppetlabs/puppet/ssl directory". >>>> When I follow the steps, and run: >>>> >>>> # puppetserver ca migrate --config /etc/puppetlabs/puppet/puppet.conf >>>> >>>> I get the message: "Puppetserver service is running. Please stop it >>>> before attempting to run this command." >>>> >>>> If I then stop the puppetserver service and run the command again, I >>>> get the following Error: "Fatal error when running action 'migrate' >>>> Error: Failed connecting to https://xxx.loc:8140/status/v1/simple/ca >>>> Root cause: Failed to open TCP connection to xxx.loc:8140 (Invalid >>>> argument - connect(2) for "xxx.loc" port 8140)" >>>> >>>> That no connection is possible seems logical, as I stopped the service >>>> prevously. >>>> >>>> If "puppetsever ca migrate" won't run when the service is running, but >>>> it needs to connect to the service, how is that ever going to work? I'm >>>> baffeled. >>>> >>>> As a work around: is there maybe a manual way to execute this migration? >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Puppet Users" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/puppet-users/c4627ffb-887d-490e-9dc6-7b730cdf3622n%40googlegroups.com >>>> >>>> <https://groups.google.com/d/msgid/puppet-users/c4627ffb-887d-490e-9dc6-7b730cdf3622n%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> >>> >>> -- >>> *Molly Waggett* >>> she/her >>> Senior Software Engineer @ Puppet >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> > To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/d58e26d1-1cba-4b43-997d-819df7a8381an%40googlegroups.com >> >> <https://groups.google.com/d/msgid/puppet-users/d58e26d1-1cba-4b43-997d-819df7a8381an%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > > > -- > *Molly Waggett* > she/her > Senior Software Engineer @ Puppet > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/b666010b-c11c-4a8f-b760-e8b2b8670622n%40googlegroups.com.
