3

I'm using Puppet with PuppetDb. The two are connected and I can see PuppetDb update whenever I add or update a node.

But when I try to deactivate a node with puppet node deactivate nodeName I get back:

Warning: Error connecting to puppetdb on 8081 at route /pdb/cmd/v1?checksum=36a4313be5bac718badc45495f0266bf87c7a806&version=3&certname=v-hub-1.5659710c-33d5-45f2-a477-6
ccf1357e1ac.local.dockerapp.io&command=deactivate_node, error message received was 'SSL_connect SYSCALL returned=5 errno=0 state=unknown state'. Failing over to the next
 PuppetDB server_url in the 'server_urls' list

Error: Failed to execute '/pdb/cmd/v1?checksum=36a4313be5bac718badc45495f0266bf87c7a806&version=3&certname=v-hub-1.5659710c-33d5-45f2-a477-6ccf1357e1ac.local.dockerapp.i
o&command=deactivate_node' on at least 1 of the following 'server_urls': https://puppetdb:8081                                                                           
Error: undefined method `[]' for #<Puppet::Util::Log:0x00000003a15178>                                                                                                   
Error: Try 'puppet help node deactivate' for usage

Any suggestions on how to debug this? I've tried deleting and regenerating the certificate with puppet cert generate puppetdb. As mentioned when it comes to creating or updating nodes on PuppetDb there is no problem.

Puppetserver version: 2.7.2

Philip Kirkbride
  • 21,381
  • 38
  • 125
  • 225
  • It looks like it can't complete the SSL connection to the PuppetDB instance, I've seen similar issues when OpenSSL can't verify the certificate chain. Are you trying to run the deactivate command from the master? – Andrew Williams Jun 29 '17 at 15:29
  • @AndrewWilliams I am, the strange thing about the SSL issue is that there is no issue when new data is posted to the DB. – Philip Kirkbride Jun 29 '17 at 15:31
  • [This link](https://stackoverflow.com/questions/35809491/puppet-4-3-2-client-node-unable-to-connect-via-ssl-to-puppet-server) just gave me a idea. You don't have any folder overrides in your `puppet.conf` under the agent section do you? – Andrew Williams Jun 29 '17 at 15:35
  • @AndrewWilliams No I don't have an agent section in my `puppet.conf`. – Philip Kirkbride Jun 29 '17 at 16:07
  • Do you run the command directly, when logged with `root` or do you use `sudo`? Also, do you run `puppet node clean nodeName` ? – g00dy Jul 10 '17 at 08:41
  • @g00dy logged in as root – Philip Kirkbride Jul 10 '17 at 12:04
  • @PhilipKirkbride - what about the `puppet node clean nodeName` command? Do you execute it after `puppet node deactivate nodeName` ? – g00dy Jul 11 '17 at 06:21
  • @g00dy that works, thanks! – Philip Kirkbride Jul 11 '17 at 12:27
  • @PhilipKirkbride - Shall I formulate that as an answer? Did you mean that the command just worked, or this additional command solved your issue ? Let me know. – g00dy Jul 11 '17 at 12:37
  • @g00dy nevermind. This cleans the SSH cert but the item will still be in PuppetDb. I've just been deleting items from Postgres for now. – Philip Kirkbride Jul 11 '17 at 12:39
  • @PhilipKirkbride I am having this same problem, exactly the same error message. Did you ever determine the cause of the problem? – Ashley Sommer Jul 17 '19 at 07:28

0 Answers0