Felipe Salum
2012-Nov-16 21:33 UTC
[Puppet Users] Load Balance Puppet 3 masters with PuppetDB backend
Hi there. I''m setting up a Puppet 3 + PuppetDB environment with the following architecture: 2 x puppetmaster/passenger with apache using Proxy Balance 1 x puppetdb Following the Pro Puppet book, I set Apache on both puppetmasters to proxy the CA requests to just 1 puppetmaster server, and anything else between the 2 puppetmaster servers (call them workers). Also both puppetmaster servers is set to use the puppetdb storeconfig backend. Everything looks fine when I hit the puppetmaster running as the CA, but if my request is balanced to the 2nd puppetmaster worker I got the errors below: root@puppetdb1:/# puppet agent --test --server puppet.puppet.test Warning: Unable to fetch my node definition, but the agent run will continue: Warning: Error 400 on SERVER: Could not retrieve facts for puppetdb1.puppet.test: Failed to submit ''replace facts'' command for puppetdb1.puppet.test to PuppetDB at puppetdb1.puppet.test:8081: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read finished A Info: Retrieving plugin Info: Loading facts in /var/lib/puppet/lib/facter/pe_version.rb Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb Info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb Info: Loading facts in /var/lib/puppet/lib/facter/iptables.rb Info: Loading facts in /var/lib/puppet/lib/facter/postgres_default_version.rb Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to submit ''replace facts'' command for puppetdb1.puppet.test to PuppetDB at puppetdb1.puppet.test:8081: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read finished A Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run For some reason when my puppetmaster2 worker receives the request from any of my puppet agent nodes the facts fail. 192.168.168.9 - - [16/Nov/2012:13:15:10 -0800] "GET /production/node/puppetdb1.puppet.test? HTTP/1.1" 400 513 "-" "-" 192.168.168.9 - - [16/Nov/2012:13:15:16 -0800] "GET /production/file_metadatas/plugins?recurse=true&checksum_type=md5&links=manage&ignore=---+%0A++-+%22.svn%22%0A++-+CVS%0A++-+%22.git%22& HTTP/1.1" 200 40597 "-" "-" 192.168.168.9 - - [16/Nov/2012:13:15:18 -0800] "POST /production/catalog/puppetdb1.puppet.test HTTP/1.1" 400 461 "-" "-" Can I use the architecture I described above and still have every puppetmaster from my load balance talking to PuppetDB ? I tried to delete the ssl certificates, generate them again, run puppetdb-ssl-setup, etc but still same results. Thanks, Felipe -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/Jz9sEtlR35UJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Felipe Salum
2012-Nov-20 23:16 UTC
[Puppet Users] Re: Load Balance Puppet 3 masters with PuppetDB backend
Following the http://docs.puppetlabs.com/guides/scaling_multiple_masters.html actually worked better. The Pro Puppet was missing the part of running puppet agent in the 2nd master with the dns_alt_names or I missed that part, anyway it is working now :) Felipe On Friday, November 16, 2012 1:33:03 PM UTC-8, Felipe Salum wrote:> > Hi there. > > I''m setting up a Puppet 3 + PuppetDB environment with the following > architecture: > > 2 x puppetmaster/passenger with apache using Proxy Balance > 1 x puppetdb > > Following the Pro Puppet book, I set Apache on both puppetmasters to proxy > the CA requests to just 1 puppetmaster server, and anything else between > the 2 puppetmaster servers (call them workers). > > Also both puppetmaster servers is set to use the puppetdb storeconfig > backend. > > Everything looks fine when I hit the puppetmaster running as the CA, but > if my request is balanced to the 2nd puppetmaster worker I got the errors > below: > > root@puppetdb1:/# puppet agent --test --server puppet.puppet.test > Warning: Unable to fetch my node definition, but the agent run will > continue: > Warning: Error 400 on SERVER: Could not retrieve facts for > puppetdb1.puppet.test: Failed to submit ''replace facts'' command for > puppetdb1.puppet.test to PuppetDB at puppetdb1.puppet.test:8081: > SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read finished A > Info: Retrieving plugin > Info: Loading facts in /var/lib/puppet/lib/facter/pe_version.rb > Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb > Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb > Info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb > Info: Loading facts in /var/lib/puppet/lib/facter/iptables.rb > Info: Loading facts in > /var/lib/puppet/lib/facter/postgres_default_version.rb > Error: Could not retrieve catalog from remote server: Error 400 on SERVER: > Failed to submit ''replace facts'' command for puppetdb1.puppet.test to > PuppetDB at puppetdb1.puppet.test:8081: SSL_connect SYSCALL returned=5 > errno=0 state=SSLv3 read finished A > Warning: Not using cache on failed catalog > Error: Could not retrieve catalog; skipping run > > For some reason when my puppetmaster2 worker receives the request from any > of my puppet agent nodes the facts fail. > > 192.168.168.9 - - [16/Nov/2012:13:15:10 -0800] "GET > /production/node/puppetdb1.puppet.test? HTTP/1.1" 400 513 "-" "-" > 192.168.168.9 - - [16/Nov/2012:13:15:16 -0800] "GET > /production/file_metadatas/plugins?recurse=true&checksum_type=md5&links=manage&ignore=---+%0A++-+%22.svn%22%0A++-+CVS%0A++-+%22.git%22& > HTTP/1.1" 200 40597 "-" "-" > 192.168.168.9 - - [16/Nov/2012:13:15:18 -0800] "POST > /production/catalog/puppetdb1.puppet.test HTTP/1.1" 400 461 "-" "-" > > Can I use the architecture I described above and still have every > puppetmaster from my load balance talking to PuppetDB ? > > I tried to delete the ssl certificates, generate them again, run > puppetdb-ssl-setup, etc but still same results. > > Thanks, > Felipe >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/bd11TLhzqCwJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.