Issues connecting puppet agent to master

Question

Trying to build an infrastructure based on the most recent puppet/agents available for testing purposes.

So I've been trying to run puppet agent on a node, and I'm currently getting the errors bellow, puppet master currently running on a fresh install of Foreman 1.24(EC2 Instance) and seems to be running the agent fine with no issues, different story on the agents.

I am able to reach and sign the certificates from the nodes(agents) on the master but nothing else after apart from getting the errors.

root@puppetagent02:~# puppet agent -t
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get issuer certificate): [unable to get issuer certificate for /CN=Puppet CA: puppetmaster.domain.com]
Info: Retrieving pluginfacts
Error: /File[/var/cache/puppet/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get issuer certificate): [unable to get issuer certificate for /CN=Puppet CA: puppetmaster.domain.com]
Error: /File[/var/cache/puppet/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get issuer certificate): [unable to get issuer certificate for /CN=Puppet CA: puppetmaster.domain.com]
Info: Retrieving plugin
Error: /File[/var/cache/puppet/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get issuer certificate): [unable to get issuer certificate for /CN=Puppet CA: puppetmaster.domain.com]
Error: /File[/var/cache/puppet/lib]: Could not evaluate: Could not retrieve file metadata for puppet:///plugins: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get issuer certificate): [unable to get issuer certificate for /CN=Puppet CA: puppetmaster.domain.com]
Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get issuer certificate): [unable to get issuer certificate for /CN=Puppet CA: puppetmaster.domain.com]
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get issuer certificate): [unable to get issuer certificate for /CN=Puppet CA: puppetmaster.domain.com]
root@puppetagent02:~#

So it seems that there is no puppet 6 agent for Debian 10(Buster), I was running its latest agent 5.10 which seems to handle the certificates differently from Agent 6.12, spin up a quick Centos 7 VM with the agent and got it working with no issues. — macosta, Jan 28 '20 at 19:29

score 0 · Accepted Answer · answered Jan 29 '20 at 18:54

0

So managed to sort it out by just simply downgrading to “stretch” that has the latest package of the puppet agent, working now with no issues.

answered Jan 29 '20 at 18:54

macosta

1
2

Issues connecting puppet agent to master

1 Answers1