Puppet users - Jun 2012 - puppetdb setup issue

Hi everyone,

I am trying to setup the new puppetdb on my environment (currently it
worked great with mysql databases). All the setup was made by package for
debian squeeze and puppet is used with passenger.


Here are the configuration files:
--
cat /etc/puppetdb/conf.d/jetty.ini
[jetty]
# Hostname to list for clear-text HTTP. Default is localhost
#host = localhost
# Port to listen on for clear-text HTTP.
host = puppetdb.fqdn
port = 8080
ssl-host = puppetdb.fqdn
ssl-port = 8081
keystore = /etc/puppetdb/ssl/keystore.jks
truststore = /etc/puppetdb/ssl/truststore.jks
key-password = uTyCY6damAQn9KInqCLuvAO53
trust-password = uTyCY6damAQn9KInqCLuvAO53
--
cat /etc/puppet/puppetdb.conf
[main]
server = pupperdb.fqdn
port = 8081
--
netstat -tulanp |egrep ''808|543''
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 16224/postgres
tcp 0 0 127.0.0.1:5432 127.0.0.1:9232 ESTABLISHED 27554/postgres: pup
tcp 0 0 127.0.0.1:5432 127.0.0.1:9230 ESTABLISHED 27552/postgres: pup
tcp 0 0 127.0.0.1:5432 127.0.0.1:9229 ESTABLISHED 27551/postgres: pup
tcp 0 0 127.0.0.1:5432 127.0.0.1:9231 ESTABLISHED 27553/postgres: pup
tcp6 0 0 10.10.200.17:8080 :::* LISTEN 27496/java
tcp6 0 0 10.10.200.17:8081 :::* LISTEN 27496/java
tcp6 0 0 127.0.0.1:9232 127.0.0.1:5432 ESTABLISHED 27496/java
tcp6 0 0 127.0.0.1:9195 127.0.0.1:5432 TIME_WAIT -
tcp6 0 0 127.0.0.1:9230 127.0.0.1:5432 ESTABLISHED 27496/java
tcp6 0 0 127.0.0.1:9193 127.0.0.1:5432 TIME_WAIT -
tcp6 0 0 127.0.0.1:9194 127.0.0.1:5432 TIME_WAIT -
tcp6 0 0 127.0.0.1:9229 127.0.0.1:5432 ESTABLISHED 27496/java
tcp6 0 0 127.0.0.1:9231 127.0.0.1:5432 ESTABLISHED 27496/java
tcp6 0 0 127.0.0.1:9192 127.0.0.1:5432 TIME_WAIT -
--
Once everything is started:
2012-06-12 16:33:13,841 DEBUG [main] [bonecp.BoneCPDataSource] JDBC URL
jdbc:postgresql://localhost:5432/puppetdb, Username = puppetdb, partitions
= 5, max (per partition) = 10, min (p
er partition) = 1, helper threads = 3, idle max age = 60 min, idle test
period = 240 min
2012-06-12 16:33:13,979 INFO [main] [cli.services] Starting broker
2012-06-12 16:33:14,729 DEBUG [main] [page.PageFile] Page File:
/usr/share/puppetdb/mq/localhost/KahaDB/db.data, Recovering page file...
2012-06-12 16:33:14,790 DEBUG [main] [index.BTreeIndex] loading
2012-06-12 16:33:14,795 DEBUG [main] [index.BTreeIndex] loading
2012-06-12 16:33:14,796 DEBUG [main] [index.BTreeIndex] loading
2012-06-12 16:33:14,796 DEBUG [main] [index.BTreeIndex] loading
2012-06-12 16:33:14,796 DEBUG [main] [index.BTreeIndex] loading
2012-06-12 16:33:14,796 DEBUG [main] [index.BTreeIndex] loading
2012-06-12 16:33:14,977 INFO [main] [journal.Journal] ignoring zero length,
partially initialised journal data file: db-1.log number = 1 , length = 0
2012-06-12 16:33:14,987 DEBUG [main] [page.PageFile] Page File:
/usr/share/puppetdb/mq/localhost/scheduler/scheduleDB.data, Recovering page
file...
2012-06-12 16:33:15,031 DEBUG [main] [index.BTreeIndex] loading
2012-06-12 16:33:15,031 DEBUG [main] [index.BTreeIndex] loading
2012-06-12 16:33:15,031 DEBUG [main] [index.BTreeIndex] loading
2012-06-12 16:33:15,034 DEBUG [main] [index.BTreeIndex] loading
2012-06-12 16:33:15,109 INFO [main] [cli.services] Starting 2 command
processor threads
2012-06-12 16:33:15,111 INFO [main] [cli.services] Starting query server
2012-06-12 16:33:15,111 INFO [main] [cli.services] Starting database
compactor (60 minute interval)
2012-06-12 16:33:15,124 INFO [clojure-agent-send-off-pool-2] [mortbay.log]
Logging to org.slf4j.impl.Log4jLoggerAdapter(org.mortbay.log) via
org.mortbay.log.Slf4jLog
2012-06-12 16:33:15,126 DEBUG [clojure-agent-send-off-pool-2] [mortbay.log]
Container Server@4f47afda +
SocketConnector@puppetdb.vitry.exploit.anticorp:8080
as connector
2012-06-12 16:33:15,131 DEBUG [clojure-agent-send-off-pool-2] [mortbay.log]
Container Server@4f47afda +
SslSocketConnector@puppetdb.vitry.exploit.anticorp:8081 as connector
2012-06-12 16:33:15,131 DEBUG [clojure-agent-send-off-pool-2] [mortbay.log]
Container Server@4f47afda + AbstractHandler$0@4da4826b as handler
2012-06-12 16:33:15,132 INFO [clojure-agent-send-off-pool-2] [mortbay.log]
jetty-6.1.x
2012-06-12 16:33:15,145 DEBUG [clojure-agent-send-off-pool-2] [mortbay.log]
Container Server@4f47afda + org.mortbay.thread.QueuedThreadPool@76bd92e4 as
threadpool
2012-06-12 16:33:15,148 DEBUG [clojure-agent-send-off-pool-2] [mortbay.log]
started org.mortbay.thread.QueuedThreadPool@76bd92e4
2012-06-12 16:33:15,151 DEBUG [clojure-agent-send-off-pool-2] [mortbay.log]
starting AbstractHandler$0@4da4826b
2012-06-12 16:33:15,151 DEBUG [clojure-agent-send-off-pool-2] [mortbay.log]
started AbstractHandler$0@4da4826b
2012-06-12 16:33:15,151 DEBUG [clojure-agent-send-off-pool-2] [mortbay.log]
starting Server@4f47afda
2012-06-12 16:33:15,153 INFO [clojure-agent-send-off-pool-2] [mortbay.log]
Started SocketConnector@puppetdb.vitry.exploit.anticorp:8080
2012-06-12 16:33:15,153 DEBUG [clojure-agent-send-off-pool-2] [mortbay.log]
started SocketConnector@puppetdb.vitry.exploit.anticorp:8080
2012-06-12 16:33:15,164 DEBUG [clojure-agent-send-off-pool-2] [mortbay.log]
Checking Resource aliases
2012-06-12 16:33:15,219 DEBUG [clojure-agent-send-off-pool-0]
[listener.DefaultMessageListenerContainer] Established shared JMS Connection
2012-06-12 16:33:15,219 DEBUG [clojure-agent-send-off-pool-1]
[listener.DefaultMessageListenerContainer] Established shared JMS Connection
2012-06-12 16:33:15,256 INFO [clojure-agent-send-off-pool-2] [mortbay.log]
Started SslSocketConnector@puppetdb.vitry.exploit.anticorp:8081
2012-06-12 16:33:15,262 DEBUG [clojure-agent-send-off-pool-2] [mortbay.log]
started SslSocketConnector@puppetdb.vitry.exploit.anticorp:8081
2012-06-12 16:33:15,262 DEBUG [clojure-agent-send-off-pool-2] [mortbay.log]
started Server@4f47afda


and once I am trying to run any agent I am having the following error with
the SSL port:
date && puppet agent -t --noop ; date
Tue Jun 12 16:31:16 CEST 2012
info: Retrieving plugin
info: Loading facts in meminbytes
info: Loading facts in facter_dot_d
info: Loading facts in root_home
info: Loading facts in puppet_vardir
info: Loading facts in meminbytes
info: Loading facts in facter_dot_d
info: Loading facts in root_home
info: Loading facts in puppet_vardir
err: Could not retrieve catalog from remote server: Error 400 on SERVER:
Failed to submit ''replace facts'' command for
lnk4c-cks01.vitry.exploit.anticorp to PuppetDB at
puppetdb.vitry.exploit.anticorp:8081: SSL_connect returned=1 errno=0
state=SSLv3 read server certificate B: certificate verify failed. This is
often because the time is out of sync on the server or client
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run Tue Jun 12 16:31:23 CEST 2012
---
2012-06-12 16:31:23,054 WARN [1130816144@qtp-844964870-6] [mortbay.log]
EXCEPTION
javax.net.ssl.SSLHandshakeException: Received fatal alert: decrypt_error
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1763)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1006)
at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1190)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1217)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1201)
at
org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:675)
at
org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)


If I change the port:
cat puppetdb.conf
[main]
server = puppetdb.vitry.exploit.anticorp
port = 8080
--
date && puppet agent -t --noop ; date Tue Jun 12 16:36:58 CEST 2012
info: Retrieving plugin
info: Loading facts in meminbytes
info: Loading facts in facter_dot_d
info: Loading facts in root_home
info: Loading facts in puppet_vardir
info: Loading facts in meminbytes
info: Loading facts in facter_dot_d
info: Loading facts in root_home
info: Loading facts in puppet_vardir
err: Could not retrieve catalog from remote server: Error 400 on SERVER:
Failed to submit ''replace facts'' command for
lnk4c-cks01.vitry.exploit.anticorp to PuppetDB at
puppetdb.vitry.exploit.anticorp:8080: SSL_connect returned=1 errno=0
state=SSLv2/v3 read server hello A: unknown protocol
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
Tue Jun 12 16:37:01 CEST 2012
--
2012-06-12 16:36:57,836 DEBUG [1255344208@qtp-1992135396-2] [mortbay.log]
uri2012-06-12 16:36:57,836 DEBUG [1255344208@qtp-1992135396-2] [mortbay.log]
fields2012-06-12 16:36:57,836 DEBUG [1255344208@qtp-1992135396-2] [mortbay.log]
EXCEPTION
HttpException(400,null,null)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:361)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212) at
org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
at
org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228)
at
org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
2012-06-12 16:36:57,844 DEBUG [1255344208@qtp-1992135396-2] [mortbay.log]
BAD


Any idea, what could cause this error?


Regards,
JM

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Tuesday, June 12, 2012 7:39:22 AM UTC-7, A_SAAS
wrote:
>
> Hi everyone,
>
> I am trying to setup the new puppetdb on my environment (currently it 
> worked great with mysql databases). All the setup was made by package for 
> debian squeeze and puppet is used with passenger.
>
>
> Here are the configuration files:
> --
> cat /etc/puppetdb/conf.d/jetty.ini
> [jetty]
> # Hostname to list for clear-text HTTP. Default is localhost
> #host = localhost
> # Port to listen on for clear-text HTTP.
> host = puppetdb.fqdn
> port = 8080
> ssl-host = puppetdb.fqdn
> ssl-port = 8081
> keystore = /etc/puppetdb/ssl/keystore.jks
> truststore = /etc/puppetdb/ssl/truststore.jks
> key-password = uTyCY6damAQn9KInqCLuvAO53
> trust-password = uTyCY6damAQn9KInqCLuvAO53
> --
> cat /etc/puppet/puppetdb.conf
> [main]
> server = pupperdb.fqdn
> port = 8081
> --
>  netstat -tulanp |egrep ''808|543''
> tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 16224/postgres
> tcp 0 0 127.0.0.1:5432 127.0.0.1:9232 ESTABLISHED 27554/postgres: pup
> tcp 0 0 127.0.0.1:5432 127.0.0.1:9230 ESTABLISHED 27552/postgres: pup
> tcp 0 0 127.0.0.1:5432 127.0.0.1:9229 ESTABLISHED 27551/postgres: pup
> tcp 0 0 127.0.0.1:5432 127.0.0.1:9231 ESTABLISHED 27553/postgres: pup
> tcp6 0 0 10.10.200.17:8080 :::* LISTEN 27496/java
> tcp6 0 0 10.10.200.17:8081 :::* LISTEN 27496/java
> tcp6 0 0 127.0.0.1:9232 127.0.0.1:5432 ESTABLISHED 27496/java
> tcp6 0 0 127.0.0.1:9195 127.0.0.1:5432 TIME_WAIT -
> tcp6 0 0 127.0.0.1:9230 127.0.0.1:5432 ESTABLISHED 27496/java
> tcp6 0 0 127.0.0.1:9193 127.0.0.1:5432 TIME_WAIT -
> tcp6 0 0 127.0.0.1:9194 127.0.0.1:5432 TIME_WAIT -
> tcp6 0 0 127.0.0.1:9229 127.0.0.1:5432 ESTABLISHED 27496/java
> tcp6 0 0 127.0.0.1:9231 127.0.0.1:5432 ESTABLISHED 27496/java
> tcp6 0 0 127.0.0.1:9192 127.0.0.1:5432 TIME_WAIT -
> --
> Once everything is started:
> 2012-06-12 16:33:13,841 DEBUG [main] [bonecp.BoneCPDataSource] JDBC URL = 
> jdbc:postgresql://localhost:5432/puppetdb, Username = puppetdb, partitions 
> = 5, max (per partition) = 10, min (p
> er partition) = 1, helper threads = 3, idle max age = 60 min, idle test 
> period = 240 min
> 2012-06-12 16:33:13,979 INFO [main] [cli.services] Starting broker
> 2012-06-12 16:33:14,729 DEBUG [main] [page.PageFile] Page File: 
> /usr/share/puppetdb/mq/localhost/KahaDB/db.data, Recovering page file...
> 2012-06-12 16:33:14,790 DEBUG [main] [index.BTreeIndex] loading
> 2012-06-12 16:33:14,795 DEBUG [main] [index.BTreeIndex] loading
> 2012-06-12 16:33:14,796 DEBUG [main] [index.BTreeIndex] loading
> 2012-06-12 16:33:14,796 DEBUG [main] [index.BTreeIndex] loading
> 2012-06-12 16:33:14,796 DEBUG [main] [index.BTreeIndex] loading
> 2012-06-12 16:33:14,796 DEBUG [main] [index.BTreeIndex] loading
> 2012-06-12 16:33:14,977 INFO [main] [journal.Journal] ignoring zero 
> length, partially initialised journal data file: db-1.log number = 1 , 
> length = 0
> 2012-06-12 16:33:14,987 DEBUG [main] [page.PageFile] Page File: 
> /usr/share/puppetdb/mq/localhost/scheduler/scheduleDB.data, Recovering page
> file...
> 2012-06-12 16:33:15,031 DEBUG [main] [index.BTreeIndex] loading
> 2012-06-12 16:33:15,031 DEBUG [main] [index.BTreeIndex] loading
> 2012-06-12 16:33:15,031 DEBUG [main] [index.BTreeIndex] loading
> 2012-06-12 16:33:15,034 DEBUG [main] [index.BTreeIndex] loading
> 2012-06-12 16:33:15,109 INFO [main] [cli.services] Starting 2 command 
> processor threads
> 2012-06-12 16:33:15,111 INFO [main] [cli.services] Starting query server
> 2012-06-12 16:33:15,111 INFO [main] [cli.services] Starting database 
> compactor (60 minute interval)
> 2012-06-12 16:33:15,124 INFO [clojure-agent-send-off-pool-2] [mortbay.log] 
> Logging to org.slf4j.impl.Log4jLoggerAdapter(org.mortbay.log) via 
> org.mortbay.log.Slf4jLog
> 2012-06-12 16:33:15,126 DEBUG [clojure-agent-send-off-pool-2] 
> [mortbay.log] Container Server@4f47afda + 
> SocketConnector@puppetdb.vitry.exploit.anticorp:8080 as connector
> 2012-06-12 16:33:15,131 DEBUG [clojure-agent-send-off-pool-2] 
> [mortbay.log] Container Server@4f47afda + 
> SslSocketConnector@puppetdb.vitry.exploit.anticorp:8081 as connector
> 2012-06-12 16:33:15,131 DEBUG [clojure-agent-send-off-pool-2] 
> [mortbay.log] Container Server@4f47afda + AbstractHandler$0@4da4826b as 
> handler
> 2012-06-12 16:33:15,132 INFO [clojure-agent-send-off-pool-2] [mortbay.log] 
> jetty-6.1.x
> 2012-06-12 16:33:15,145 DEBUG [clojure-agent-send-off-pool-2] 
> [mortbay.log] Container Server@4f47afda + 
> org.mortbay.thread.QueuedThreadPool@76bd92e4 as threadpool
> 2012-06-12 16:33:15,148 DEBUG [clojure-agent-send-off-pool-2] 
> [mortbay.log] started org.mortbay.thread.QueuedThreadPool@76bd92e4
> 2012-06-12 16:33:15,151 DEBUG [clojure-agent-send-off-pool-2] 
> [mortbay.log] starting AbstractHandler$0@4da4826b
> 2012-06-12 16:33:15,151 DEBUG [clojure-agent-send-off-pool-2] 
> [mortbay.log] started AbstractHandler$0@4da4826b
> 2012-06-12 16:33:15,151 DEBUG [clojure-agent-send-off-pool-2] 
> [mortbay.log] starting Server@4f47afda
> 2012-06-12 16:33:15,153 INFO [clojure-agent-send-off-pool-2] [mortbay.log] 
> Started SocketConnector@puppetdb.vitry.exploit.anticorp:8080
> 2012-06-12 16:33:15,153 DEBUG [clojure-agent-send-off-pool-2] 
> [mortbay.log] started SocketConnector@puppetdb.vitry.exploit.anticorp:8080
> 2012-06-12 16:33:15,164 DEBUG [clojure-agent-send-off-pool-2] 
> [mortbay.log] Checking Resource aliases
> 2012-06-12 16:33:15,219 DEBUG [clojure-agent-send-off-pool-0] 
> [listener.DefaultMessageListenerContainer] Established shared JMS
Connection
> 2012-06-12 16:33:15,219 DEBUG [clojure-agent-send-off-pool-1] 
> [listener.DefaultMessageListenerContainer] Established shared JMS
Connection
> 2012-06-12 16:33:15,256 INFO [clojure-agent-send-off-pool-2] [mortbay.log] 
> Started SslSocketConnector@puppetdb.vitry.exploit.anticorp:8081
> 2012-06-12 16:33:15,262 DEBUG [clojure-agent-send-off-pool-2] 
> [mortbay.log] started 
> SslSocketConnector@puppetdb.vitry.exploit.anticorp:8081
> 2012-06-12 16:33:15,262 DEBUG [clojure-agent-send-off-pool-2] 
> [mortbay.log] started Server@4f47afda
>
>
> and once I am trying to run any agent I am having the following error with 
> the SSL port:
> date && puppet agent -t --noop ; date
> Tue Jun 12 16:31:16 CEST 2012
> info: Retrieving plugin
> info: Loading facts in meminbytes
> info: Loading facts in facter_dot_d
> info: Loading facts in root_home
> info: Loading facts in puppet_vardir
> info: Loading facts in meminbytes
> info: Loading facts in facter_dot_d
> info: Loading facts in root_home
> info: Loading facts in puppet_vardir
> err: Could not retrieve catalog from remote server: Error 400 on SERVER: 
> Failed to submit ''replace facts'' command for 
> lnk4c-cks01.vitry.exploit.anticorp to PuppetDB at 
> puppetdb.vitry.exploit.anticorp:8081: SSL_connect returned=1 errno=0 
> state=SSLv3 read server certificate B: certificate verify failed. This is 
> often because the time is out of sync on the server or client
> warning: Not using cache on failed catalog
> err: Could not retrieve catalog; skipping run Tue Jun 12 16:31:23 CEST 2012
> ---
> 2012-06-12 16:31:23,054 WARN [1130816144@qtp-844964870-6] [mortbay.log] 
> EXCEPTION
> javax.net.ssl.SSLHandshakeException: Received fatal alert: decrypt_error
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
> at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1763)
> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1006)
> at 
>
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1190)
> at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1217)
> at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1201)
> at 
>
org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:675)
> at 
>
org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
>
>
> If I change the port:
> cat puppetdb.conf
> [main]
> server = puppetdb.vitry.exploit.anticorp
> port = 8080
> --
> date && puppet agent -t --noop ; date Tue Jun 12 16:36:58 CEST 2012
> info: Retrieving plugin
> info: Loading facts in meminbytes
> info: Loading facts in facter_dot_d
> info: Loading facts in root_home
> info: Loading facts in puppet_vardir
> info: Loading facts in meminbytes
> info: Loading facts in facter_dot_d
> info: Loading facts in root_home
> info: Loading facts in puppet_vardir
> err: Could not retrieve catalog from remote server: Error 400 on SERVER: 
> Failed to submit ''replace facts'' command for 
> lnk4c-cks01.vitry.exploit.anticorp to PuppetDB at 
> puppetdb.vitry.exploit.anticorp:8080: SSL_connect returned=1 errno=0 
> state=SSLv2/v3 read server hello A: unknown protocol
> warning: Not using cache on failed catalog
> err: Could not retrieve catalog; skipping run
> Tue Jun 12 16:37:01 CEST 2012
> --
> 2012-06-12 16:36:57,836 DEBUG [1255344208@qtp-1992135396-2] [mortbay.log] 
> uri> 2012-06-12 16:36:57,836 DEBUG [1255344208@qtp-1992135396-2]
[mortbay.log]
> fields> 2012-06-12 16:36:57,836 DEBUG [1255344208@qtp-1992135396-2]
[mortbay.log]
> EXCEPTION
> HttpException(400,null,null)
> at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:361)
> at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212) at 
> org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
> at 
>
org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228)
> at 
>
org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
> 2012-06-12 16:36:57,844 DEBUG [1255344208@qtp-1992135396-2] [mortbay.log] 
> BAD
>
>
> Any idea, what could cause this error?
>
>
Did you run a puppet agent on the PuppetDB server before installing the 
PuppetDB package? In order to setup SSL correctly, this is currently 
necessary.

If you didn''t, you can run a puppet agent to generate certificates and
then
run `/usr/sbin/puppetdb-ssl-setup` to redo the SSL setup. This will put 
your password in /etc/puppetdb/ssl/puppetdb_keystore_pw.txt, and you can 
update your jetty.ini with that.

Otherwise, please run these commands for some diagnostic output:

keytool -list -keystore /etc/puppetdb/ssl/keystore.jks
keytool -list -keystore /etc/puppetdb/ssl/truststore.jks

puppet cert --fingerprint ca <puppetdb hostname>

This will give some output to ensure that the certificates being used by 
PuppetDB are what we expect them to be.

As an aside, none of this output contains the timestamp of the puppet 
master (only the agent and PuppetDB). Can you also please ensure that''s
also correct?
 
>
> Regards,
> JM
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/goDGIrarBNwJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Hi thx for the reply here are the info:
--
nslookup puppetdb.fqdn
Server: 10.10.200.29
Address: 10.10.200.29#53

puppetdb.fqdn canonical name = puppetmaster.fqdn
Name: puppetmaster.fqdn
Address: 10.10.200.17
--
keytool -list -keystore /etc/puppetdb/ssl/keystore.jks
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

puppetmaster.fqdn, Jun 12, 2012, PrivateKeyEntry,
Certificate fingerprint (MD5):
02:B5:21:B9:F7:72:4A:48:67:12:47:FF:0A:DE:B5:1D
--
keytool -list -keystore /etc/puppetdb/ssl/truststore.jks
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

puppetdb ca, Jun 12, 2012, trustedCertEntry,
Certificate fingerprint (MD5):
1F:1B:E7:2A:89:B5:87:65:4F:91:1A:8B:75:8F:AD:60
--
puppet cert --fingerprint ca puppetmaster.fqdn
ca 1F:1B:E7:2A:89:B5:87:65:4F:91:1A:8B:75:8F:AD:60

So it seems that the certificates are not right?
--
On the master:
ntpq -p
remote refid st t when poll reach delay offset jitter
=============================================================================+ntp1
198.82.1.204 3 u 986 1024 377 0.106 -1.399 0.323
*ntp2 129.70.132.32 3 u 54 1024 377 0.376 0.338 0.903
LOCAL(0) .LOCL. 12 l 14h 64 0 0.000 0.000 0.000


As you see the server is up to date.

Does that help?

Regards,
JM



On Tue, Jun 12, 2012 at 10:46 PM, Nick Lewis <nick@puppetlabs.com> wrote:
> On Tuesday, June 12, 2012 7:39:22 AM UTC-7, A_SAAS wrote:
>>
>> Hi everyone,
>>
>> I am trying to setup the new puppetdb on my environment (currently it
>> worked great with mysql databases). All the setup was made by package
for
>> debian squeeze and puppet is used with passenger.
>>
>>
>> Here are the configuration files:
>> --
>> cat /etc/puppetdb/conf.d/jetty.ini
>> [jetty]
>> # Hostname to list for clear-text HTTP. Default is localhost
>> #host = localhost
>> # Port to listen on for clear-text HTTP.
>> host = puppetdb.fqdn
>> port = 8080
>> ssl-host = puppetdb.fqdn
>> ssl-port = 8081
>> keystore = /etc/puppetdb/ssl/keystore.jks
>> truststore = /etc/puppetdb/ssl/truststore.jks
>> key-password = uTyCY6damAQn9KInqCLuvAO53
>> trust-password = uTyCY6damAQn9KInqCLuvAO53
>> --
>> cat /etc/puppet/puppetdb.conf
>> [main]
>> server = pupperdb.fqdn
>> port = 8081
>> --
>>  netstat -tulanp |egrep ''808|543''
>> tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 16224/postgres
>> tcp 0 0 127.0.0.1:5432 127.0.0.1:9232 ESTABLISHED 27554/postgres: pup
>> tcp 0 0 127.0.0.1:5432 127.0.0.1:9230 ESTABLISHED 27552/postgres: pup
>> tcp 0 0 127.0.0.1:5432 127.0.0.1:9229 ESTABLISHED 27551/postgres: pup
>> tcp 0 0 127.0.0.1:5432 127.0.0.1:9231 ESTABLISHED 27553/postgres: pup
>> tcp6 0 0 10.10.200.17:8080 :::* LISTEN 27496/java
>> tcp6 0 0 10.10.200.17:8081 :::* LISTEN 27496/java
>> tcp6 0 0 127.0.0.1:9232 127.0.0.1:5432 ESTABLISHED 27496/java
>> tcp6 0 0 127.0.0.1:9195 127.0.0.1:5432 TIME_WAIT -
>> tcp6 0 0 127.0.0.1:9230 127.0.0.1:5432 ESTABLISHED 27496/java
>> tcp6 0 0 127.0.0.1:9193 127.0.0.1:5432 TIME_WAIT -
>> tcp6 0 0 127.0.0.1:9194 127.0.0.1:5432 TIME_WAIT -
>> tcp6 0 0 127.0.0.1:9229 127.0.0.1:5432 ESTABLISHED 27496/java
>> tcp6 0 0 127.0.0.1:9231 127.0.0.1:5432 ESTABLISHED 27496/java
>> tcp6 0 0 127.0.0.1:9192 127.0.0.1:5432 TIME_WAIT -
>> --
>> Once everything is started:
>> 2012-06-12 16:33:13,841 DEBUG [main] [bonecp.BoneCPDataSource] JDBC URL
>> jdbc:postgresql://localhost:5432/puppetdb, Username = puppetdb,
partitions
>> = 5, max (per partition) = 10, min (p
>> er partition) = 1, helper threads = 3, idle max age = 60 min, idle test
>> period = 240 min
>> 2012-06-12 16:33:13,979 INFO [main] [cli.services] Starting broker
>> 2012-06-12 16:33:14,729 DEBUG [main] [page.PageFile] Page File:
>> /usr/share/puppetdb/mq/localhost/KahaDB/db.data, Recovering page
file...
>> 2012-06-12 16:33:14,790 DEBUG [main] [index.BTreeIndex] loading
>> 2012-06-12 16:33:14,795 DEBUG [main] [index.BTreeIndex] loading
>> 2012-06-12 16:33:14,796 DEBUG [main] [index.BTreeIndex] loading
>> 2012-06-12 16:33:14,796 DEBUG [main] [index.BTreeIndex] loading
>> 2012-06-12 16:33:14,796 DEBUG [main] [index.BTreeIndex] loading
>> 2012-06-12 16:33:14,796 DEBUG [main] [index.BTreeIndex] loading
>> 2012-06-12 16:33:14,977 INFO [main] [journal.Journal] ignoring zero
>> length, partially initialised journal data file: db-1.log number = 1 ,
>> length = 0
>> 2012-06-12 16:33:14,987 DEBUG [main] [page.PageFile] Page File:
>> /usr/share/puppetdb/mq/localhost/scheduler/scheduleDB.data, Recovering
page
>> file...
>> 2012-06-12 16:33:15,031 DEBUG [main] [index.BTreeIndex] loading
>> 2012-06-12 16:33:15,031 DEBUG [main] [index.BTreeIndex] loading
>> 2012-06-12 16:33:15,031 DEBUG [main] [index.BTreeIndex] loading
>> 2012-06-12 16:33:15,034 DEBUG [main] [index.BTreeIndex] loading
>> 2012-06-12 16:33:15,109 INFO [main] [cli.services] Starting 2 command
>> processor threads
>> 2012-06-12 16:33:15,111 INFO [main] [cli.services] Starting query
server
>> 2012-06-12 16:33:15,111 INFO [main] [cli.services] Starting database
>> compactor (60 minute interval)
>> 2012-06-12 16:33:15,124 INFO [clojure-agent-send-off-pool-2]
>> [mortbay.log] Logging to
org.slf4j.impl.Log4jLoggerAdapter(org.mortbay.log)
>> via org.mortbay.log.Slf4jLog
>> 2012-06-12 16:33:15,126 DEBUG [clojure-agent-send-off-pool-2]
>> [mortbay.log] Container Server@4f47afda +
>> SocketConnector@puppetdb.vitry.exploit.anticorp:8080 as connector
>> 2012-06-12 16:33:15,131 DEBUG [clojure-agent-send-off-pool-2]
>> [mortbay.log] Container Server@4f47afda +
>> SslSocketConnector@puppetdb.vitry.exploit.anticorp:8081 as connector
>> 2012-06-12 16:33:15,131 DEBUG [clojure-agent-send-off-pool-2]
>> [mortbay.log] Container Server@4f47afda + AbstractHandler$0@4da4826b as
>> handler
>> 2012-06-12 16:33:15,132 INFO [clojure-agent-send-off-pool-2]
>> [mortbay.log] jetty-6.1.x
>> 2012-06-12 16:33:15,145 DEBUG [clojure-agent-send-off-pool-2]
>> [mortbay.log] Container Server@4f47afda +
>> org.mortbay.thread.QueuedThreadPool@76bd92e4 as threadpool
>> 2012-06-12 16:33:15,148 DEBUG [clojure-agent-send-off-pool-2]
>> [mortbay.log] started org.mortbay.thread.QueuedThreadPool@76bd92e4
>> 2012-06-12 16:33:15,151 DEBUG [clojure-agent-send-off-pool-2]
>> [mortbay.log] starting AbstractHandler$0@4da4826b
>> 2012-06-12 16:33:15,151 DEBUG [clojure-agent-send-off-pool-2]
>> [mortbay.log] started AbstractHandler$0@4da4826b
>> 2012-06-12 16:33:15,151 DEBUG [clojure-agent-send-off-pool-2]
>> [mortbay.log] starting Server@4f47afda
>> 2012-06-12 16:33:15,153 INFO [clojure-agent-send-off-pool-2]
>> [mortbay.log] Started SocketConnector@puppetdb.vitry.exploit.anticorp
>> :8080
>> 2012-06-12 16:33:15,153 DEBUG [clojure-agent-send-off-pool-2]
>> [mortbay.log] started SocketConnector@puppetdb.vitry.exploit.anticorp
>> :8080
>> 2012-06-12 16:33:15,164 DEBUG [clojure-agent-send-off-pool-2]
>> [mortbay.log] Checking Resource aliases
>> 2012-06-12 16:33:15,219 DEBUG [clojure-agent-send-off-pool-0]
>> [listener.DefaultMessageListenerContainer] Established shared JMS
Connection
>> 2012-06-12 16:33:15,219 DEBUG [clojure-agent-send-off-pool-1]
>> [listener.DefaultMessageListenerContainer] Established shared JMS
Connection
>> 2012-06-12 16:33:15,256 INFO [clojure-agent-send-off-pool-2]
>> [mortbay.log] Started
SslSocketConnector@puppetdb.vitry.exploit.anticorp
>> :8081
>> 2012-06-12 16:33:15,262 DEBUG [clojure-agent-send-off-pool-2]
>> [mortbay.log] started
SslSocketConnector@puppetdb.vitry.exploit.anticorp
>> :8081
>> 2012-06-12 16:33:15,262 DEBUG [clojure-agent-send-off-pool-2]
>> [mortbay.log] started Server@4f47afda
>>
>>
>> and once I am trying to run any agent I am having the following error
>> with the SSL port:
>> date && puppet agent -t --noop ; date
>> Tue Jun 12 16:31:16 CEST 2012
>> info: Retrieving plugin
>> info: Loading facts in meminbytes
>> info: Loading facts in facter_dot_d
>> info: Loading facts in root_home
>> info: Loading facts in puppet_vardir
>> info: Loading facts in meminbytes
>> info: Loading facts in facter_dot_d
>> info: Loading facts in root_home
>> info: Loading facts in puppet_vardir
>> err: Could not retrieve catalog from remote server: Error 400 on
SERVER:
>> Failed to submit ''replace facts'' command for
>> lnk4c-cks01.vitry.exploit.anticorp to PuppetDB at
>> puppetdb.vitry.exploit.anticorp:8081: SSL_connect returned=1 errno=0
>> state=SSLv3 read server certificate B: certificate verify failed. This
is
>> often because the time is out of sync on the server or client
>> warning: Not using cache on failed catalog
>> err: Could not retrieve catalog; skipping run Tue Jun 12 16:31:23 CEST
>> 2012
>> ---
>> 2012-06-12 16:31:23,054 WARN [1130816144@qtp-844964870-6] [mortbay.log]
>> EXCEPTION
>> javax.net.ssl.SSLHandshakeException: Received fatal alert:
decrypt_error
>> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
>> at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
>> at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1763)
>> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1006)
>> at
>>
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1190)
>> at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1217)
>> at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1201)
>> at
>>
org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:675)
>> at
>>
org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
>>
>>
>> If I change the port:
>> cat puppetdb.conf
>> [main]
>> server = puppetdb.vitry.exploit.anticorp
>> port = 8080
>> --
>> date && puppet agent -t --noop ; date Tue Jun 12 16:36:58 CEST
2012
>> info: Retrieving plugin
>> info: Loading facts in meminbytes
>> info: Loading facts in facter_dot_d
>> info: Loading facts in root_home
>> info: Loading facts in puppet_vardir
>> info: Loading facts in meminbytes
>> info: Loading facts in facter_dot_d
>> info: Loading facts in root_home
>> info: Loading facts in puppet_vardir
>> err: Could not retrieve catalog from remote server: Error 400 on
SERVER:
>> Failed to submit ''replace facts'' command for
>> lnk4c-cks01.vitry.exploit.anticorp to PuppetDB at
>> puppetdb.vitry.exploit.anticorp:8080: SSL_connect returned=1 errno=0
>> state=SSLv2/v3 read server hello A: unknown protocol
>> warning: Not using cache on failed catalog
>> err: Could not retrieve catalog; skipping run
>> Tue Jun 12 16:37:01 CEST 2012
>> --
>> 2012-06-12 16:36:57,836 DEBUG [1255344208@qtp-1992135396-2]
>> [mortbay.log] uri>> 2012-06-12 16:36:57,836 DEBUG
[1255344208@qtp-1992135396-2]
>> [mortbay.log] fields>> 2012-06-12 16:36:57,836 DEBUG
[1255344208@qtp-1992135396-2]
>> [mortbay.log] EXCEPTION
>> HttpException(400,null,null)
>> at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:361)
>> at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212) at
>> org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
>> at
>>
org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228)
>> at
>>
org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
>> 2012-06-12 16:36:57,844 DEBUG [1255344208@qtp-1992135396-2]
>> [mortbay.log] BAD
>>
>>
>> Any idea, what could cause this error?
>>
>>
> Did you run a puppet agent on the PuppetDB server before installing the
> PuppetDB package? In order to setup SSL correctly, this is currently
> necessary.
>
> If you didn''t, you can run a puppet agent to generate certificates
and
> then run `/usr/sbin/puppetdb-ssl-setup` to redo the SSL setup. This will
> put your password in /etc/puppetdb/ssl/puppetdb_keystore_pw.txt, and you
> can update your jetty.ini with that.
>
> Otherwise, please run these commands for some diagnostic output:
>
> keytool -list -keystore /etc/puppetdb/ssl/keystore.jks
> keytool -list -keystore /etc/puppetdb/ssl/truststore.jks
>
> puppet cert --fingerprint ca <puppetdb hostname>
>
> This will give some output to ensure that the certificates being used by
> PuppetDB are what we expect them to be.
>
> As an aside, none of this output contains the timestamp of the puppet
> master (only the agent and PuppetDB). Can you also please ensure
that''s
> also correct?
>
>
>>
>> Regards,
>> JM
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/goDGIrarBNwJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

OK,

I have manged to have the same signature (Apparently using --config
doesn''t
help for generating certificats :D)
So now is the deal:
# keytool -list -keystore /etc/puppetdb/ssl/keystore.jks
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
puppetmaster.fqdn, Jun 13, 2012, PrivateKeyEntry,
Certificate fingerprint (MD5):
FE:EA:B4:FE:C4:2C:07:9B:15:B7:F2:DB:3A:78:B3:47
--
# puppet cert fingerprint puppetmaster.fqdn --digest=md5
--config=/etc/puppet/conf/puppet.conf
puppetmaster.fqdn FE:EA:B4:FE:C4:2C:07:9B:15:B7:F2:DB:3A:78:B3:47
--

But still not the same for truststore.jks:
# keytool -list -keystore /etc/puppetdb/ssl/truststore.jks
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
puppetdb ca, Jun 13, 2012, trustedCertEntry,
Certificate fingerprint (MD5):
DA:38:CE:13:8A:20:8B:C1:4C:1C:2C:99:27:5F:53:05
--

And stil having the issue with the agent:
# date && puppet agent -t --noop ; date
Wed Jun 13 12:18:51 CEST 2012
info: Retrieving plugin
info: Loading facts in meminbytes
info: Loading facts in facter_dot_d
info: Loading facts in root_home
info: Loading facts in puppet_vardir
info: Loading facts in meminbytes
info: Loading facts in facter_dot_d
info: Loading facts in root_home
info: Loading facts in puppet_vardir
err: Could not retrieve catalog from remote server: Error 400 on SERVER:
Failed to submit ''replace facts'' command for test-puppet.fqdn
to PuppetDB
at puppetmaster.fqdn:8081: SSL_connect returned=1 errno=0 state=SSLv3 read
server certificate B: certificate verify failed. This is often because the
time is out of sync on the server or client
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
Wed Jun 13 12:18:54 CEST 2012

On the master:
2012-06-13 12:28:51,828 WARN [789688662@qtp-1034385146-6] [mortbay.log]
EXCEPTION
javax.net.ssl.SSLHandshakeException: Received fatal alert: decrypt_error
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1763)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1006)
at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1190)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1217)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1201)
at
org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:675)
at
org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)


As you can see in the log the date seems pretty the same.




On Wed, Jun 13, 2012 at 10:20 AM, Antidot SAS <antidotsas@gmail.com>
wrote:
> Hi thx for the reply here are the info:
> --
> nslookup puppetdb.fqdn
> Server: 10.10.200.29
> Address: 10.10.200.29#53
>
> puppetdb.fqdn canonical name = puppetmaster.fqdn
> Name: puppetmaster.fqdn
> Address: 10.10.200.17
> --
> keytool -list -keystore /etc/puppetdb/ssl/keystore.jks
> Enter keystore password:
>
> Keystore type: JKS
> Keystore provider: SUN
>
> Your keystore contains 1 entry
>
> puppetmaster.fqdn, Jun 12, 2012, PrivateKeyEntry,
> Certificate fingerprint (MD5):
> 02:B5:21:B9:F7:72:4A:48:67:12:47:FF:0A:DE:B5:1D
> --
> keytool -list -keystore /etc/puppetdb/ssl/truststore.jks
> Enter keystore password:
>
> Keystore type: JKS
> Keystore provider: SUN
>
> Your keystore contains 1 entry
>
> puppetdb ca, Jun 12, 2012, trustedCertEntry,
> Certificate fingerprint (MD5):
> 1F:1B:E7:2A:89:B5:87:65:4F:91:1A:8B:75:8F:AD:60
> --
> puppet cert --fingerprint ca puppetmaster.fqdn
> ca 1F:1B:E7:2A:89:B5:87:65:4F:91:1A:8B:75:8F:AD:60
>
> So it seems that the certificates are not right?
> --
> On the master:
> ntpq -p
> remote refid st t when poll reach delay offset jitter
>
>
=============================================================================>
+ntp1 198.82.1.204 3 u 986 1024 377 0.106 -1.399 0.323
> *ntp2 129.70.132.32 3 u 54 1024 377 0.376 0.338 0.903
> LOCAL(0) .LOCL. 12 l 14h 64 0 0.000 0.000 0.000
>
>
> As you see the server is up to date.
>
> Does that help?
>
> Regards,
> JM
>
>
>
> On Tue, Jun 12, 2012 at 10:46 PM, Nick Lewis <nick@puppetlabs.com>
wrote:
>
>> On Tuesday, June 12, 2012 7:39:22 AM UTC-7, A_SAAS wrote:
>>>
>>> Hi everyone,
>>>
>>> I am trying to setup the new puppetdb on my environment (currently
it
>>> worked great with mysql databases). All the setup was made by
package for
>>> debian squeeze and puppet is used with passenger.
>>>
>>>
>>> Here are the configuration files:
>>> --
>>> cat /etc/puppetdb/conf.d/jetty.ini
>>> [jetty]
>>> # Hostname to list for clear-text HTTP. Default is localhost
>>> #host = localhost
>>> # Port to listen on for clear-text HTTP.
>>> host = puppetdb.fqdn
>>> port = 8080
>>> ssl-host = puppetdb.fqdn
>>> ssl-port = 8081
>>> keystore = /etc/puppetdb/ssl/keystore.jks
>>> truststore = /etc/puppetdb/ssl/truststore.jks
>>> key-password = uTyCY6damAQn9KInqCLuvAO53
>>> trust-password = uTyCY6damAQn9KInqCLuvAO53
>>> --
>>> cat /etc/puppet/puppetdb.conf
>>> [main]
>>> server = pupperdb.fqdn
>>> port = 8081
>>> --
>>>  netstat -tulanp |egrep ''808|543''
>>> tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 16224/postgres
>>> tcp 0 0 127.0.0.1:5432 127.0.0.1:9232 ESTABLISHED 27554/postgres:
pup
>>> tcp 0 0 127.0.0.1:5432 127.0.0.1:9230 ESTABLISHED 27552/postgres:
pup
>>> tcp 0 0 127.0.0.1:5432 127.0.0.1:9229 ESTABLISHED 27551/postgres:
pup
>>> tcp 0 0 127.0.0.1:5432 127.0.0.1:9231 ESTABLISHED 27553/postgres:
pup
>>> tcp6 0 0 10.10.200.17:8080 :::* LISTEN 27496/java
>>> tcp6 0 0 10.10.200.17:8081 :::* LISTEN 27496/java
>>> tcp6 0 0 127.0.0.1:9232 127.0.0.1:5432 ESTABLISHED 27496/java
>>> tcp6 0 0 127.0.0.1:9195 127.0.0.1:5432 TIME_WAIT -
>>> tcp6 0 0 127.0.0.1:9230 127.0.0.1:5432 ESTABLISHED 27496/java
>>> tcp6 0 0 127.0.0.1:9193 127.0.0.1:5432 TIME_WAIT -
>>> tcp6 0 0 127.0.0.1:9194 127.0.0.1:5432 TIME_WAIT -
>>> tcp6 0 0 127.0.0.1:9229 127.0.0.1:5432 ESTABLISHED 27496/java
>>> tcp6 0 0 127.0.0.1:9231 127.0.0.1:5432 ESTABLISHED 27496/java
>>> tcp6 0 0 127.0.0.1:9192 127.0.0.1:5432 TIME_WAIT -
>>> --
>>> Once everything is started:
>>> 2012-06-12 16:33:13,841 DEBUG [main] [bonecp.BoneCPDataSource] JDBC
URL
>>> = jdbc:postgresql://localhost:5432/puppetdb, Username = puppetdb,
>>> partitions = 5, max (per partition) = 10, min (p
>>> er partition) = 1, helper threads = 3, idle max age = 60 min, idle
test
>>> period = 240 min
>>> 2012-06-12 16:33:13,979 INFO [main] [cli.services] Starting broker
>>> 2012-06-12 16:33:14,729 DEBUG [main] [page.PageFile] Page File:
>>> /usr/share/puppetdb/mq/localhost/KahaDB/db.data, Recovering page
file...
>>> 2012-06-12 16:33:14,790 DEBUG [main] [index.BTreeIndex] loading
>>> 2012-06-12 16:33:14,795 DEBUG [main] [index.BTreeIndex] loading
>>> 2012-06-12 16:33:14,796 DEBUG [main] [index.BTreeIndex] loading
>>> 2012-06-12 16:33:14,796 DEBUG [main] [index.BTreeIndex] loading
>>> 2012-06-12 16:33:14,796 DEBUG [main] [index.BTreeIndex] loading
>>> 2012-06-12 16:33:14,796 DEBUG [main] [index.BTreeIndex] loading
>>> 2012-06-12 16:33:14,977 INFO [main] [journal.Journal] ignoring zero
>>> length, partially initialised journal data file: db-1.log number =
1 ,
>>> length = 0
>>> 2012-06-12 16:33:14,987 DEBUG [main] [page.PageFile] Page File:
>>> /usr/share/puppetdb/mq/localhost/scheduler/scheduleDB.data,
Recovering page
>>> file...
>>> 2012-06-12 16:33:15,031 DEBUG [main] [index.BTreeIndex] loading
>>> 2012-06-12 16:33:15,031 DEBUG [main] [index.BTreeIndex] loading
>>> 2012-06-12 16:33:15,031 DEBUG [main] [index.BTreeIndex] loading
>>> 2012-06-12 16:33:15,034 DEBUG [main] [index.BTreeIndex] loading
>>> 2012-06-12 16:33:15,109 INFO [main] [cli.services] Starting 2
command
>>> processor threads
>>> 2012-06-12 16:33:15,111 INFO [main] [cli.services] Starting query
server
>>> 2012-06-12 16:33:15,111 INFO [main] [cli.services] Starting
database
>>> compactor (60 minute interval)
>>> 2012-06-12 16:33:15,124 INFO [clojure-agent-send-off-pool-2]
>>> [mortbay.log] Logging to
org.slf4j.impl.Log4jLoggerAdapter(org.mortbay.log)
>>> via org.mortbay.log.Slf4jLog
>>> 2012-06-12 16:33:15,126 DEBUG [clojure-agent-send-off-pool-2]
>>> [mortbay.log] Container Server@4f47afda +
>>> SocketConnector@puppetdb.vitry.exploit.anticorp:8080 as connector
>>> 2012-06-12 16:33:15,131 DEBUG [clojure-agent-send-off-pool-2]
>>> [mortbay.log] Container Server@4f47afda +
>>> SslSocketConnector@puppetdb.vitry.exploit.anticorp:8081 as
connector
>>> 2012-06-12 16:33:15,131 DEBUG [clojure-agent-send-off-pool-2]
>>> [mortbay.log] Container Server@4f47afda +
AbstractHandler$0@4da4826b as
>>> handler
>>> 2012-06-12 16:33:15,132 INFO [clojure-agent-send-off-pool-2]
>>> [mortbay.log] jetty-6.1.x
>>> 2012-06-12 16:33:15,145 DEBUG [clojure-agent-send-off-pool-2]
>>> [mortbay.log] Container Server@4f47afda +
>>> org.mortbay.thread.QueuedThreadPool@76bd92e4 as threadpool
>>> 2012-06-12 16:33:15,148 DEBUG [clojure-agent-send-off-pool-2]
>>> [mortbay.log] started org.mortbay.thread.QueuedThreadPool@76bd92e4
>>> 2012-06-12 16:33:15,151 DEBUG [clojure-agent-send-off-pool-2]
>>> [mortbay.log] starting AbstractHandler$0@4da4826b
>>> 2012-06-12 16:33:15,151 DEBUG [clojure-agent-send-off-pool-2]
>>> [mortbay.log] started AbstractHandler$0@4da4826b
>>> 2012-06-12 16:33:15,151 DEBUG [clojure-agent-send-off-pool-2]
>>> [mortbay.log] starting Server@4f47afda
>>> 2012-06-12 16:33:15,153 INFO [clojure-agent-send-off-pool-2]
>>> [mortbay.log] Started
SocketConnector@puppetdb.vitry.exploit.anticorp
>>> :8080
>>> 2012-06-12 16:33:15,153 DEBUG [clojure-agent-send-off-pool-2]
>>> [mortbay.log] started
SocketConnector@puppetdb.vitry.exploit.anticorp
>>> :8080
>>> 2012-06-12 16:33:15,164 DEBUG [clojure-agent-send-off-pool-2]
>>> [mortbay.log] Checking Resource aliases
>>> 2012-06-12 16:33:15,219 DEBUG [clojure-agent-send-off-pool-0]
>>> [listener.DefaultMessageListenerContainer] Established shared JMS
Connection
>>> 2012-06-12 16:33:15,219 DEBUG [clojure-agent-send-off-pool-1]
>>> [listener.DefaultMessageListenerContainer] Established shared JMS
Connection
>>> 2012-06-12 16:33:15,256 INFO [clojure-agent-send-off-pool-2]
>>> [mortbay.log] Started
SslSocketConnector@puppetdb.vitry.exploit.anticorp
>>> :8081
>>> 2012-06-12 16:33:15,262 DEBUG [clojure-agent-send-off-pool-2]
>>> [mortbay.log] started
SslSocketConnector@puppetdb.vitry.exploit.anticorp
>>> :8081
>>> 2012-06-12 16:33:15,262 DEBUG [clojure-agent-send-off-pool-2]
>>> [mortbay.log] started Server@4f47afda
>>>
>>>
>>> and once I am trying to run any agent I am having the following
error
>>> with the SSL port:
>>> date && puppet agent -t --noop ; date
>>> Tue Jun 12 16:31:16 CEST 2012
>>> info: Retrieving plugin
>>> info: Loading facts in meminbytes
>>> info: Loading facts in facter_dot_d
>>> info: Loading facts in root_home
>>> info: Loading facts in puppet_vardir
>>> info: Loading facts in meminbytes
>>> info: Loading facts in facter_dot_d
>>> info: Loading facts in root_home
>>> info: Loading facts in puppet_vardir
>>> err: Could not retrieve catalog from remote server: Error 400 on
SERVER:
>>> Failed to submit ''replace facts'' command for
>>> lnk4c-cks01.vitry.exploit.anticorp to PuppetDB at
>>> puppetdb.vitry.exploit.anticorp:8081: SSL_connect returned=1
errno=0
>>> state=SSLv3 read server certificate B: certificate verify failed.
This is
>>> often because the time is out of sync on the server or client
>>> warning: Not using cache on failed catalog
>>> err: Could not retrieve catalog; skipping run Tue Jun 12 16:31:23
CEST
>>> 2012
>>> ---
>>> 2012-06-12 16:31:23,054 WARN [1130816144@qtp-844964870-6]
[mortbay.log]
>>> EXCEPTION
>>> javax.net.ssl.SSLHandshakeException: Received fatal alert:
decrypt_error
>>> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
>>> at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
>>> at
sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1763)
>>> at
sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1006)
>>> at
>>>
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1190)
>>> at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1217)
>>> at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1201)
>>> at
>>>
org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:675)
>>> at
>>>
org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
>>>
>>>
>>> If I change the port:
>>> cat puppetdb.conf
>>> [main]
>>> server = puppetdb.vitry.exploit.anticorp
>>> port = 8080
>>> --
>>> date && puppet agent -t --noop ; date Tue Jun 12 16:36:58
CEST 2012
>>> info: Retrieving plugin
>>> info: Loading facts in meminbytes
>>> info: Loading facts in facter_dot_d
>>> info: Loading facts in root_home
>>> info: Loading facts in puppet_vardir
>>> info: Loading facts in meminbytes
>>> info: Loading facts in facter_dot_d
>>> info: Loading facts in root_home
>>> info: Loading facts in puppet_vardir
>>> err: Could not retrieve catalog from remote server: Error 400 on
SERVER:
>>> Failed to submit ''replace facts'' command for
>>> lnk4c-cks01.vitry.exploit.anticorp to PuppetDB at
>>> puppetdb.vitry.exploit.anticorp:8080: SSL_connect returned=1
errno=0
>>> state=SSLv2/v3 read server hello A: unknown protocol
>>> warning: Not using cache on failed catalog
>>> err: Could not retrieve catalog; skipping run
>>> Tue Jun 12 16:37:01 CEST 2012
>>> --
>>> 2012-06-12 16:36:57,836 DEBUG [1255344208@qtp-1992135396-2]
>>> [mortbay.log] uri>>> 2012-06-12 16:36:57,836 DEBUG
[1255344208@qtp-1992135396-2]
>>> [mortbay.log] fields>>> 2012-06-12 16:36:57,836 DEBUG
[1255344208@qtp-1992135396-2]
>>> [mortbay.log] EXCEPTION
>>> HttpException(400,null,null)
>>> at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:361)
>>> at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
at
>>> org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
>>> at
>>>
org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228)
>>> at
>>>
org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
>>> 2012-06-12 16:36:57,844 DEBUG [1255344208@qtp-1992135396-2]
>>> [mortbay.log] BAD
>>>
>>>
>>> Any idea, what could cause this error?
>>>
>>>
>> Did you run a puppet agent on the PuppetDB server before installing the
>> PuppetDB package? In order to setup SSL correctly, this is currently
>> necessary.
>>
>> If you didn''t, you can run a puppet agent to generate
certificates and
>> then run `/usr/sbin/puppetdb-ssl-setup` to redo the SSL setup. This
will
>> put your password in /etc/puppetdb/ssl/puppetdb_keystore_pw.txt, and
you
>> can update your jetty.ini with that.
>>
>> Otherwise, please run these commands for some diagnostic output:
>>
>> keytool -list -keystore /etc/puppetdb/ssl/keystore.jks
>> keytool -list -keystore /etc/puppetdb/ssl/truststore.jks
>>
>> puppet cert --fingerprint ca <puppetdb hostname>
>>
>> This will give some output to ensure that the certificates being used
by
>> PuppetDB are what we expect them to be.
>>
>> As an aside, none of this output contains the timestamp of the puppet
>> master (only the agent and PuppetDB). Can you also please ensure
that''s
>> also correct?
>>
>>
>>>
>>> Regards,
>>> JM
>>>
>> --
>> You received this message because you are subscribed to the Google
Groups
>> "Puppet Users" group.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msg/puppet-users/-/goDGIrarBNwJ.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscribe@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

HI everyone,

Finally got it, once the certificats were recreated forgot to restart
puppetdb... Sorry.


Thx for the tips :D


On Wed, Jun 13, 2012 at 12:31 PM, Antidot SAS <antidotsas@gmail.com>
wrote:
> OK,
>
> I have manged to have the same signature (Apparently using --config
> doesn''t help for generating certificats :D)
> So now is the deal:
> # keytool -list -keystore /etc/puppetdb/ssl/keystore.jks
>
> Enter keystore password:
> Keystore type: JKS
> Keystore provider: SUN
> Your keystore contains 1 entry
> puppetmaster.fqdn, Jun 13, 2012, PrivateKeyEntry,
> Certificate fingerprint (MD5):
> FE:EA:B4:FE:C4:2C:07:9B:15:B7:F2:DB:3A:78:B3:47
> --
> # puppet cert fingerprint puppetmaster.fqdn --digest=md5
> --config=/etc/puppet/conf/puppet.conf
> puppetmaster.fqdn FE:EA:B4:FE:C4:2C:07:9B:15:B7:F2:DB:3A:78:B3:47
> --
>
> But still not the same for truststore.jks:
> # keytool -list -keystore /etc/puppetdb/ssl/truststore.jks
>
> Enter keystore password:
> Keystore type: JKS
> Keystore provider: SUN
> Your keystore contains 1 entry
> puppetdb ca, Jun 13, 2012, trustedCertEntry,
> Certificate fingerprint (MD5):
> DA:38:CE:13:8A:20:8B:C1:4C:1C:2C:99:27:5F:53:05
> --
>
> And stil having the issue with the agent:
> # date && puppet agent -t --noop ; date
> Wed Jun 13 12:18:51 CEST 2012
>
> info: Retrieving plugin
> info: Loading facts in meminbytes
> info: Loading facts in facter_dot_d
> info: Loading facts in root_home
> info: Loading facts in puppet_vardir
> info: Loading facts in meminbytes
> info: Loading facts in facter_dot_d
> info: Loading facts in root_home
> info: Loading facts in puppet_vardir
> err: Could not retrieve catalog from remote server: Error 400 on SERVER:
> Failed to submit ''replace facts'' command for
test-puppet.fqdn to PuppetDB
> at puppetmaster.fqdn:8081: SSL_connect returned=1 errno=0 state=SSLv3 read
> server certificate B: certificate verify failed. This is often because the
> time is out of sync on the server or client
>
> warning: Not using cache on failed catalog
> err: Could not retrieve catalog; skipping run
> Wed Jun 13 12:18:54 CEST 2012
>
> On the master:
> 2012-06-13 12:28:51,828 WARN [789688662@qtp-1034385146-6] [mortbay.log]
> EXCEPTION
>
> javax.net.ssl.SSLHandshakeException: Received fatal alert: decrypt_error
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
> at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1763)
> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1006)
> at
>
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1190)
> at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1217)
> at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1201)
> at
>
org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:675)
> at
>
org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
>
>
> As you can see in the log the date seems pretty the same.
>
>
>
>
> On Wed, Jun 13, 2012 at 10:20 AM, Antidot SAS
<antidotsas@gmail.com>wrote:
>
>> Hi thx for the reply here are the info:
>> --
>> nslookup puppetdb.fqdn
>> Server: 10.10.200.29
>> Address: 10.10.200.29#53
>>
>> puppetdb.fqdn canonical name = puppetmaster.fqdn
>> Name: puppetmaster.fqdn
>> Address: 10.10.200.17
>> --
>> keytool -list -keystore /etc/puppetdb/ssl/keystore.jks
>> Enter keystore password:
>>
>> Keystore type: JKS
>> Keystore provider: SUN
>>
>> Your keystore contains 1 entry
>>
>> puppetmaster.fqdn, Jun 12, 2012, PrivateKeyEntry,
>> Certificate fingerprint (MD5):
>> 02:B5:21:B9:F7:72:4A:48:67:12:47:FF:0A:DE:B5:1D
>> --
>> keytool -list -keystore /etc/puppetdb/ssl/truststore.jks
>> Enter keystore password:
>>
>> Keystore type: JKS
>> Keystore provider: SUN
>>
>> Your keystore contains 1 entry
>>
>> puppetdb ca, Jun 12, 2012, trustedCertEntry,
>> Certificate fingerprint (MD5):
>> 1F:1B:E7:2A:89:B5:87:65:4F:91:1A:8B:75:8F:AD:60
>> --
>> puppet cert --fingerprint ca puppetmaster.fqdn
>> ca 1F:1B:E7:2A:89:B5:87:65:4F:91:1A:8B:75:8F:AD:60
>>
>> So it seems that the certificates are not right?
>> --
>> On the master:
>> ntpq -p
>> remote refid st t when poll reach delay offset jitter
>>
>>
=============================================================================>>
+ntp1 198.82.1.204 3 u 986 1024 377 0.106 -1.399 0.323
>> *ntp2 129.70.132.32 3 u 54 1024 377 0.376 0.338 0.903
>> LOCAL(0) .LOCL. 12 l 14h 64 0 0.000 0.000 0.000
>>
>>
>> As you see the server is up to date.
>>
>> Does that help?
>>
>> Regards,
>> JM
>>
>>
>>
>> On Tue, Jun 12, 2012 at 10:46 PM, Nick Lewis
<nick@puppetlabs.com> wrote:
>>
>>> On Tuesday, June 12, 2012 7:39:22 AM UTC-7, A_SAAS wrote:
>>>>
>>>> Hi everyone,
>>>>
>>>> I am trying to setup the new puppetdb on my environment
(currently it
>>>> worked great with mysql databases). All the setup was made by
package for
>>>> debian squeeze and puppet is used with passenger.
>>>>
>>>>
>>>> Here are the configuration files:
>>>> --
>>>> cat /etc/puppetdb/conf.d/jetty.ini
>>>> [jetty]
>>>> # Hostname to list for clear-text HTTP. Default is localhost
>>>> #host = localhost
>>>> # Port to listen on for clear-text HTTP.
>>>> host = puppetdb.fqdn
>>>> port = 8080
>>>> ssl-host = puppetdb.fqdn
>>>> ssl-port = 8081
>>>> keystore = /etc/puppetdb/ssl/keystore.jks
>>>> truststore = /etc/puppetdb/ssl/truststore.jks
>>>> key-password = uTyCY6damAQn9KInqCLuvAO53
>>>> trust-password = uTyCY6damAQn9KInqCLuvAO53
>>>> --
>>>> cat /etc/puppet/puppetdb.conf
>>>> [main]
>>>> server = pupperdb.fqdn
>>>> port = 8081
>>>> --
>>>>  netstat -tulanp |egrep ''808|543''
>>>> tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 16224/postgres
>>>> tcp 0 0 127.0.0.1:5432 127.0.0.1:9232 ESTABLISHED
27554/postgres: pup
>>>> tcp 0 0 127.0.0.1:5432 127.0.0.1:9230 ESTABLISHED
27552/postgres: pup
>>>> tcp 0 0 127.0.0.1:5432 127.0.0.1:9229 ESTABLISHED
27551/postgres: pup
>>>> tcp 0 0 127.0.0.1:5432 127.0.0.1:9231 ESTABLISHED
27553/postgres: pup
>>>> tcp6 0 0 10.10.200.17:8080 :::* LISTEN 27496/java
>>>> tcp6 0 0 10.10.200.17:8081 :::* LISTEN 27496/java
>>>> tcp6 0 0 127.0.0.1:9232 127.0.0.1:5432 ESTABLISHED 27496/java
>>>> tcp6 0 0 127.0.0.1:9195 127.0.0.1:5432 TIME_WAIT -
>>>> tcp6 0 0 127.0.0.1:9230 127.0.0.1:5432 ESTABLISHED 27496/java
>>>> tcp6 0 0 127.0.0.1:9193 127.0.0.1:5432 TIME_WAIT -
>>>> tcp6 0 0 127.0.0.1:9194 127.0.0.1:5432 TIME_WAIT -
>>>> tcp6 0 0 127.0.0.1:9229 127.0.0.1:5432 ESTABLISHED 27496/java
>>>> tcp6 0 0 127.0.0.1:9231 127.0.0.1:5432 ESTABLISHED 27496/java
>>>> tcp6 0 0 127.0.0.1:9192 127.0.0.1:5432 TIME_WAIT -
>>>> --
>>>> Once everything is started:
>>>> 2012-06-12 16:33:13,841 DEBUG [main] [bonecp.BoneCPDataSource]
JDBC URL
>>>> = jdbc:postgresql://localhost:5432/puppetdb, Username =
puppetdb,
>>>> partitions = 5, max (per partition) = 10, min (p
>>>> er partition) = 1, helper threads = 3, idle max age = 60 min,
idle test
>>>> period = 240 min
>>>> 2012-06-12 16:33:13,979 INFO [main] [cli.services] Starting
broker
>>>> 2012-06-12 16:33:14,729 DEBUG [main] [page.PageFile] Page File:
>>>> /usr/share/puppetdb/mq/localhost/KahaDB/db.data, Recovering
page file...
>>>> 2012-06-12 16:33:14,790 DEBUG [main] [index.BTreeIndex] loading
>>>> 2012-06-12 16:33:14,795 DEBUG [main] [index.BTreeIndex] loading
>>>> 2012-06-12 16:33:14,796 DEBUG [main] [index.BTreeIndex] loading
>>>> 2012-06-12 16:33:14,796 DEBUG [main] [index.BTreeIndex] loading
>>>> 2012-06-12 16:33:14,796 DEBUG [main] [index.BTreeIndex] loading
>>>> 2012-06-12 16:33:14,796 DEBUG [main] [index.BTreeIndex] loading
>>>> 2012-06-12 16:33:14,977 INFO [main] [journal.Journal] ignoring
zero
>>>> length, partially initialised journal data file: db-1.log
number = 1 ,
>>>> length = 0
>>>> 2012-06-12 16:33:14,987 DEBUG [main] [page.PageFile] Page File:
>>>> /usr/share/puppetdb/mq/localhost/scheduler/scheduleDB.data,
Recovering page
>>>> file...
>>>> 2012-06-12 16:33:15,031 DEBUG [main] [index.BTreeIndex] loading
>>>> 2012-06-12 16:33:15,031 DEBUG [main] [index.BTreeIndex] loading
>>>> 2012-06-12 16:33:15,031 DEBUG [main] [index.BTreeIndex] loading
>>>> 2012-06-12 16:33:15,034 DEBUG [main] [index.BTreeIndex] loading
>>>> 2012-06-12 16:33:15,109 INFO [main] [cli.services] Starting 2
command
>>>> processor threads
>>>> 2012-06-12 16:33:15,111 INFO [main] [cli.services] Starting
query server
>>>> 2012-06-12 16:33:15,111 INFO [main] [cli.services] Starting
database
>>>> compactor (60 minute interval)
>>>> 2012-06-12 16:33:15,124 INFO [clojure-agent-send-off-pool-2]
>>>> [mortbay.log] Logging to
org.slf4j.impl.Log4jLoggerAdapter(org.mortbay.log)
>>>> via org.mortbay.log.Slf4jLog
>>>> 2012-06-12 16:33:15,126 DEBUG [clojure-agent-send-off-pool-2]
>>>> [mortbay.log] Container Server@4f47afda +
>>>> SocketConnector@puppetdb.vitry.exploit.anticorp:8080 as
connector
>>>> 2012-06-12 16:33:15,131 DEBUG [clojure-agent-send-off-pool-2]
>>>> [mortbay.log] Container Server@4f47afda +
>>>> SslSocketConnector@puppetdb.vitry.exploit.anticorp:8081 as
connector
>>>> 2012-06-12 16:33:15,131 DEBUG [clojure-agent-send-off-pool-2]
>>>> [mortbay.log] Container Server@4f47afda +
AbstractHandler$0@4da4826bas handler
>>>> 2012-06-12 16:33:15,132 INFO [clojure-agent-send-off-pool-2]
>>>> [mortbay.log] jetty-6.1.x
>>>> 2012-06-12 16:33:15,145 DEBUG [clojure-agent-send-off-pool-2]
>>>> [mortbay.log] Container Server@4f47afda +
>>>> org.mortbay.thread.QueuedThreadPool@76bd92e4 as threadpool
>>>> 2012-06-12 16:33:15,148 DEBUG [clojure-agent-send-off-pool-2]
>>>> [mortbay.log] started
org.mortbay.thread.QueuedThreadPool@76bd92e4
>>>> 2012-06-12 16:33:15,151 DEBUG [clojure-agent-send-off-pool-2]
>>>> [mortbay.log] starting AbstractHandler$0@4da4826b
>>>> 2012-06-12 16:33:15,151 DEBUG [clojure-agent-send-off-pool-2]
>>>> [mortbay.log] started AbstractHandler$0@4da4826b
>>>> 2012-06-12 16:33:15,151 DEBUG [clojure-agent-send-off-pool-2]
>>>> [mortbay.log] starting Server@4f47afda
>>>> 2012-06-12 16:33:15,153 INFO [clojure-agent-send-off-pool-2]
>>>> [mortbay.log] Started
SocketConnector@puppetdb.vitry.exploit.anticorp
>>>> :8080
>>>> 2012-06-12 16:33:15,153 DEBUG [clojure-agent-send-off-pool-2]
>>>> [mortbay.log] started
SocketConnector@puppetdb.vitry.exploit.anticorp
>>>> :8080
>>>> 2012-06-12 16:33:15,164 DEBUG [clojure-agent-send-off-pool-2]
>>>> [mortbay.log] Checking Resource aliases
>>>> 2012-06-12 16:33:15,219 DEBUG [clojure-agent-send-off-pool-0]
>>>> [listener.DefaultMessageListenerContainer] Established shared
JMS Connection
>>>> 2012-06-12 16:33:15,219 DEBUG [clojure-agent-send-off-pool-1]
>>>> [listener.DefaultMessageListenerContainer] Established shared
JMS Connection
>>>> 2012-06-12 16:33:15,256 INFO [clojure-agent-send-off-pool-2]
>>>> [mortbay.log] Started
SslSocketConnector@puppetdb.vitry.exploit.anticorp
>>>> :8081
>>>> 2012-06-12 16:33:15,262 DEBUG [clojure-agent-send-off-pool-2]
>>>> [mortbay.log] started
SslSocketConnector@puppetdb.vitry.exploit.anticorp
>>>> :8081
>>>> 2012-06-12 16:33:15,262 DEBUG [clojure-agent-send-off-pool-2]
>>>> [mortbay.log] started Server@4f47afda
>>>>
>>>>
>>>> and once I am trying to run any agent I am having the following
error
>>>> with the SSL port:
>>>> date && puppet agent -t --noop ; date
>>>> Tue Jun 12 16:31:16 CEST 2012
>>>> info: Retrieving plugin
>>>> info: Loading facts in meminbytes
>>>> info: Loading facts in facter_dot_d
>>>> info: Loading facts in root_home
>>>> info: Loading facts in puppet_vardir
>>>> info: Loading facts in meminbytes
>>>> info: Loading facts in facter_dot_d
>>>> info: Loading facts in root_home
>>>> info: Loading facts in puppet_vardir
>>>> err: Could not retrieve catalog from remote server: Error 400
on
>>>> SERVER: Failed to submit ''replace facts''
command for
>>>> lnk4c-cks01.vitry.exploit.anticorp to PuppetDB at
>>>> puppetdb.vitry.exploit.anticorp:8081: SSL_connect returned=1
errno=0
>>>> state=SSLv3 read server certificate B: certificate verify
failed. This is
>>>> often because the time is out of sync on the server or client
>>>> warning: Not using cache on failed catalog
>>>> err: Could not retrieve catalog; skipping run Tue Jun 12
16:31:23 CEST
>>>> 2012
>>>> ---
>>>> 2012-06-12 16:31:23,054 WARN [1130816144@qtp-844964870-6]
>>>> [mortbay.log] EXCEPTION
>>>> javax.net.ssl.SSLHandshakeException: Received fatal alert:
decrypt_error
>>>> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
>>>> at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
>>>> at
sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1763)
>>>> at
sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1006)
>>>> at
>>>>
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1190)
>>>> at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1217)
>>>> at
>>>>
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1201)
>>>> at
>>>>
org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:675)
>>>> at
>>>>
org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
>>>>
>>>>
>>>> If I change the port:
>>>> cat puppetdb.conf
>>>> [main]
>>>> server = puppetdb.vitry.exploit.anticorp
>>>> port = 8080
>>>> --
>>>> date && puppet agent -t --noop ; date Tue Jun 12
16:36:58 CEST 2012
>>>> info: Retrieving plugin
>>>> info: Loading facts in meminbytes
>>>> info: Loading facts in facter_dot_d
>>>> info: Loading facts in root_home
>>>> info: Loading facts in puppet_vardir
>>>> info: Loading facts in meminbytes
>>>> info: Loading facts in facter_dot_d
>>>> info: Loading facts in root_home
>>>> info: Loading facts in puppet_vardir
>>>> err: Could not retrieve catalog from remote server: Error 400
on
>>>> SERVER: Failed to submit ''replace facts''
command for
>>>> lnk4c-cks01.vitry.exploit.anticorp to PuppetDB at
>>>> puppetdb.vitry.exploit.anticorp:8080: SSL_connect returned=1
errno=0
>>>> state=SSLv2/v3 read server hello A: unknown protocol
>>>> warning: Not using cache on failed catalog
>>>> err: Could not retrieve catalog; skipping run
>>>> Tue Jun 12 16:37:01 CEST 2012
>>>> --
>>>> 2012-06-12 16:36:57,836 DEBUG [1255344208@qtp-1992135396-2]
>>>> [mortbay.log] uri>>>> 2012-06-12 16:36:57,836 DEBUG
[1255344208@qtp-1992135396-2]
>>>> [mortbay.log] fields>>>> 2012-06-12 16:36:57,836
DEBUG [1255344208@qtp-1992135396-2]
>>>> [mortbay.log] EXCEPTION
>>>> HttpException(400,null,null)
>>>> at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:361)
>>>> at
org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212) at
>>>>
org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
>>>> at
>>>>
org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228)
>>>> at
>>>>
org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
>>>> 2012-06-12 16:36:57,844 DEBUG [1255344208@qtp-1992135396-2]
>>>> [mortbay.log] BAD
>>>>
>>>>
>>>> Any idea, what could cause this error?
>>>>
>>>>
>>> Did you run a puppet agent on the PuppetDB server before installing
the
>>> PuppetDB package? In order to setup SSL correctly, this is
currently
>>> necessary.
>>>
>>> If you didn''t, you can run a puppet agent to generate
certificates and
>>> then run `/usr/sbin/puppetdb-ssl-setup` to redo the SSL setup. This
will
>>> put your password in /etc/puppetdb/ssl/puppetdb_keystore_pw.txt,
and you
>>> can update your jetty.ini with that.
>>>
>>> Otherwise, please run these commands for some diagnostic output:
>>>
>>> keytool -list -keystore /etc/puppetdb/ssl/keystore.jks
>>> keytool -list -keystore /etc/puppetdb/ssl/truststore.jks
>>>
>>> puppet cert --fingerprint ca <puppetdb hostname>
>>>
>>> This will give some output to ensure that the certificates being
used by
>>> PuppetDB are what we expect them to be.
>>>
>>> As an aside, none of this output contains the timestamp of the
puppet
>>> master (only the agent and PuppetDB). Can you also please ensure
that''s
>>> also correct?
>>>
>>>
>>>>
>>>> Regards,
>>>> JM
>>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Puppet Users" group.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msg/puppet-users/-/goDGIrarBNwJ.
>>> To post to this group, send email to puppet-users@googlegroups.com.
>>> To unsubscribe from this group, send email to
>>> puppet-users+unsubscribe@googlegroups.com.
>>> For more options, visit this group at
>>> http://groups.google.com/group/puppet-users?hl=en.
>>>
>>
>>
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.