Puppet users - Dec 2013 - puppetdb not responding since 'yum update'

I did `yum update` on my puppet server about a week ago. Up to that point I 
had puppet and puppetdb running on the same machine. Since the update 
puppetdb doesn''t appear to be listening on port 8081 anymore.

When I run `puppet agent --test` on a client I get this error:

    err: Could not retrieve catalog from remote server: Error 400 on 
SERVER: Failed to submit ''replace facts'' command for
plugpc-005.client to
PuppetDB at puppet.server:8081: Connection refused - connect(2)

Looking at `nmap -P0 puppet.server` shows that port 8081 isn''t open.
Trying
`telnet puppet.server 8081` confirms this.

My configs are all set using the values from 
[here].(http://docs.puppetlabs.com/puppetdb/latest/connect_puppet_master.html).

`ps -ax` shows that the processes are running:

    2040 ?        Ss     4:55 /usr/sbin/openvpn --daemon --writepid 
/var/run/openvpn/puppet.pid --config puppet.conf --cd /etc/openvpn 
--script-security 2
    29737 ?        Sl     0:37 /usr/bin/java -XX:OnOutOfMemoryError=kill -9 
%p -Xmx192m -XX:+HeapDumpOnOutOfMemoryError 
-XX:HeapDumpPath=/var/log/puppetdb/puppetdb-oom.hprof -jar 
/usr/share/puppetdb/puppetdb.jar services -c /etc/puppetdb/conf.d
    29924 ?        Sl     0:01 Passenger AppPreloader: 
/usr/share/puppet/rack/puppetmasterd           
    29963 ?        Sl     0:00 Passenger RackApp: 
/usr/share/puppet/rack/puppetmasterd                


The output of `netstat -nap | grep 8081` is empty. 

Turning off iptables doesn''t make any difference. (not that it would - 
nobody is listening at the port anyway)

NOTE: This system was working ok before the update. I could download 
configs to clients and query the db for the results.

So - what did I break?

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/f4f93c97-a763-40c4-96c6-6c341893fc74%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

I responded to this in ask, but I''ll answer here also.

In the file /etc/puppetdb/conf.d/jetty.ini, the settings ssl-host and
ssl-port must be set to listen on the SSL port (8081). However, if
your ssl certs aren''t yet configured this may fail for you. Usually
puppetdb-ssl-setup is a good way to set these up automatically, so try
this first. For ssl-host I usually recommend something like ::1 or
0.0.0.0 to listen on all ports for simplicity, but you can make this
explicit if you like.

ken.



On Thu, Dec 5, 2013 at 7:48 PM, Jon Yeargers <ethrbunny@gmail.com>
wrote:
> I did `yum update` on my puppet server about a week ago. Up to that point I
> had puppet and puppetdb running on the same machine. Since the update
> puppetdb doesn''t appear to be listening on port 8081 anymore.
>
> When I run `puppet agent --test` on a client I get this error:
>
>     err: Could not retrieve catalog from remote server: Error 400 on
SERVER:
> Failed to submit ''replace facts'' command for
plugpc-005.client to PuppetDB
> at puppet.server:8081: Connection refused - connect(2)
>
> Looking at `nmap -P0 puppet.server` shows that port 8081 isn''t
open. Trying
> `telnet puppet.server 8081` confirms this.
>
> My configs are all set using the values from
>
[here].(http://docs.puppetlabs.com/puppetdb/latest/connect_puppet_master.html).
>
> `ps -ax` shows that the processes are running:
>
>     2040 ?        Ss     4:55 /usr/sbin/openvpn --daemon --writepid
> /var/run/openvpn/puppet.pid --config puppet.conf --cd /etc/openvpn
> --script-security 2
>     29737 ?        Sl     0:37 /usr/bin/java -XX:OnOutOfMemoryError=kill -9
> %p -Xmx192m -XX:+HeapDumpOnOutOfMemoryError
> -XX:HeapDumpPath=/var/log/puppetdb/puppetdb-oom.hprof -jar
> /usr/share/puppetdb/puppetdb.jar services -c /etc/puppetdb/conf.d
>     29924 ?        Sl     0:01 Passenger AppPreloader:
> /usr/share/puppet/rack/puppetmasterd
>     29963 ?        Sl     0:00 Passenger RackApp:
> /usr/share/puppet/rack/puppetmasterd
>
>
> The output of `netstat -nap | grep 8081` is empty.
>
> Turning off iptables doesn''t make any difference. (not that it
would -
> nobody is listening at the port anyway)
>
> NOTE: This system was working ok before the update. I could download
configs
> to clients and query the db for the results.
>
> So - what did I break?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscribe@googlegroups.com.
> To view this discussion on the web visit
>
https://groups.google.com/d/msgid/puppet-users/f4f93c97-a763-40c4-96c6-6c341893fc74%40googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAE4bNT%3DfF77%3DfzN3U_qphxLzRpCvXwx%2Bj2zX9X7kk0BVS9i6Kw%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

I used ''puppetdb-ssl-setup'' (after removing the ssl folder) to
no avail.

(sorry about cross posting - I thought I had removed the ''ask''
entry)

On Thursday, December 5, 2013 12:25:24 PM UTC-8, Ken Barber
wrote:
>
> I responded to this in ask, but I''ll answer here also. 
>
> In the file /etc/puppetdb/conf.d/jetty.ini, the settings ssl-host and 
> ssl-port must be set to listen on the SSL port (8081). However, if 
> your ssl certs aren''t yet configured this may fail for you.
Usually
> puppetdb-ssl-setup is a good way to set these up automatically, so try 
> this first. For ssl-host I usually recommend something like ::1 or 
> 0.0.0.0 to listen on all ports for simplicity, but you can make this 
> explicit if you like. 
>
> ken. 
>
>
>
> On Thu, Dec 5, 2013 at 7:48 PM, Jon Yeargers
<ethr...@gmail.com<javascript:>>
> wrote: 
> > I did `yum update` on my puppet server about a week ago. Up to that 
> point I 
> > had puppet and puppetdb running on the same machine. Since the update 
> > puppetdb doesn''t appear to be listening on port 8081 anymore.
> > 
> > When I run `puppet agent --test` on a client I get this error: 
> > 
> >     err: Could not retrieve catalog from remote server: Error 400 on 
> SERVER: 
> > Failed to submit ''replace facts'' command for
plugpc-005.client to
> PuppetDB 
> > at puppet.server:8081: Connection refused - connect(2) 
> > 
> > Looking at `nmap -P0 puppet.server` shows that port 8081
isn''t open.
> Trying 
> > `telnet puppet.server 8081` confirms this. 
> > 
> > My configs are all set using the values from 
> > [here].(
> http://docs.puppetlabs.com/puppetdb/latest/connect_puppet_master.html). 
> > 
> > `ps -ax` shows that the processes are running: 
> > 
> >     2040 ?        Ss     4:55 /usr/sbin/openvpn --daemon --writepid 
> > /var/run/openvpn/puppet.pid --config puppet.conf --cd /etc/openvpn 
> > --script-security 2 
> >     29737 ?        Sl     0:37 /usr/bin/java
-XX:OnOutOfMemoryError=kill
> -9 
> > %p -Xmx192m -XX:+HeapDumpOnOutOfMemoryError 
> > -XX:HeapDumpPath=/var/log/puppetdb/puppetdb-oom.hprof -jar 
> > /usr/share/puppetdb/puppetdb.jar services -c /etc/puppetdb/conf.d 
> >     29924 ?        Sl     0:01 Passenger AppPreloader: 
> > /usr/share/puppet/rack/puppetmasterd 
> >     29963 ?        Sl     0:00 Passenger RackApp: 
> > /usr/share/puppet/rack/puppetmasterd 
> > 
> > 
> > The output of `netstat -nap | grep 8081` is empty. 
> > 
> > Turning off iptables doesn''t make any difference. (not that
it would -
> > nobody is listening at the port anyway) 
> > 
> > NOTE: This system was working ok before the update. I could download 
> configs 
> > to clients and query the db for the results. 
> > 
> > So - what did I break? 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups 
> > "Puppet Users" group. 
> > To unsubscribe from this group and stop receiving emails from it, send
> an 
> > email to puppet-users...@googlegroups.com <javascript:>. 
> > To view this discussion on the web visit 
> > 
>
https://groups.google.com/d/msgid/puppet-users/f4f93c97-a763-40c4-96c6-6c341893fc74%40googlegroups.com.
>
> > For more options, visit https://groups.google.com/groups/opt_out. 
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/6e94f3ef-4320-4b49-b430-10f646f220cc%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Can you show your jetty.ini? And the results of running
puppetdb-ssl-setup ... the more information the better in these kinds
of cases.

Also - is PuppetDB listening to port 8080?

On Thu, Dec 5, 2013 at 9:15 PM, Jon Yeargers <ethrbunny@gmail.com>
wrote:
> I used ''puppetdb-ssl-setup'' (after removing the ssl
folder) to no avail.
>
> (sorry about cross posting - I thought I had removed the
''ask'' entry)
>
>
> On Thursday, December 5, 2013 12:25:24 PM UTC-8, Ken Barber wrote:
>>
>> I responded to this in ask, but I''ll answer here also.
>>
>> In the file /etc/puppetdb/conf.d/jetty.ini, the settings ssl-host and
>> ssl-port must be set to listen on the SSL port (8081). However, if
>> your ssl certs aren''t yet configured this may fail for you.
Usually
>> puppetdb-ssl-setup is a good way to set these up automatically, so try
>> this first. For ssl-host I usually recommend something like ::1 or
>> 0.0.0.0 to listen on all ports for simplicity, but you can make this
>> explicit if you like.
>>
>> ken.
>>
>>
>>
>> On Thu, Dec 5, 2013 at 7:48 PM, Jon Yeargers <ethr...@gmail.com>
wrote:
>> > I did `yum update` on my puppet server about a week ago. Up to
that
>> > point I
>> > had puppet and puppetdb running on the same machine. Since the
update
>> > puppetdb doesn''t appear to be listening on port 8081
anymore.
>> >
>> > When I run `puppet agent --test` on a client I get this error:
>> >
>> >     err: Could not retrieve catalog from remote server: Error 400
on
>> > SERVER:
>> > Failed to submit ''replace facts'' command for
plugpc-005.client to
>> > PuppetDB
>> > at puppet.server:8081: Connection refused - connect(2)
>> >
>> > Looking at `nmap -P0 puppet.server` shows that port 8081
isn''t open.
>> > Trying
>> > `telnet puppet.server 8081` confirms this.
>> >
>> > My configs are all set using the values from
>> >
>> >
[here].(http://docs.puppetlabs.com/puppetdb/latest/connect_puppet_master.html).
>> >
>> > `ps -ax` shows that the processes are running:
>> >
>> >     2040 ?        Ss     4:55 /usr/sbin/openvpn --daemon
--writepid
>> > /var/run/openvpn/puppet.pid --config puppet.conf --cd /etc/openvpn
>> > --script-security 2
>> >     29737 ?        Sl     0:37 /usr/bin/java
-XX:OnOutOfMemoryError=kill
>> > -9
>> > %p -Xmx192m -XX:+HeapDumpOnOutOfMemoryError
>> > -XX:HeapDumpPath=/var/log/puppetdb/puppetdb-oom.hprof -jar
>> > /usr/share/puppetdb/puppetdb.jar services -c /etc/puppetdb/conf.d
>> >     29924 ?        Sl     0:01 Passenger AppPreloader:
>> > /usr/share/puppet/rack/puppetmasterd
>> >     29963 ?        Sl     0:00 Passenger RackApp:
>> > /usr/share/puppet/rack/puppetmasterd
>> >
>> >
>> > The output of `netstat -nap | grep 8081` is empty.
>> >
>> > Turning off iptables doesn''t make any difference. (not
that it would -
>> > nobody is listening at the port anyway)
>> >
>> > NOTE: This system was working ok before the update. I could
download
>> > configs
>> > to clients and query the db for the results.
>> >
>> > So - what did I break?
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "Puppet Users" group.
>> > To unsubscribe from this group and stop receiving emails from it,
send
>> > an
>> > email to puppet-users...@googlegroups.com.
>> > To view this discussion on the web visit
>> >
>> >
https://groups.google.com/d/msgid/puppet-users/f4f93c97-a763-40c4-96c6-6c341893fc74%40googlegroups.com.
>> > For more options, visit https://groups.google.com/groups/opt_out.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscribe@googlegroups.com.
> To view this discussion on the web visit
>
https://groups.google.com/d/msgid/puppet-users/6e94f3ef-4320-4b49-b430-10f646f220cc%40googlegroups.com.
>
> For more options, visit https://groups.google.com/groups/opt_out.
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAE4bNT%3DWEPeDpGX%2B8kWh8FebSgLjpYVDR6V8Evk2d_f%3DHqMeCQ%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Setting the ''ssl_host='' param to 0.0.0.0 turned the trick (so
to speak). I
kept trying variations on what the ssl cert was created for.

Thank you for clearing this up for me.

On Thursday, December 5, 2013 1:17:51 PM UTC-8, Ken Barber
wrote:
>
> Can you show your jetty.ini? And the results of running 
> puppetdb-ssl-setup ... the more information the better in these kinds 
> of cases. 
>
> Also - is PuppetDB listening to port 8080? 
>
> On Thu, Dec 5, 2013 at 9:15 PM, Jon Yeargers
<ethr...@gmail.com<javascript:>>
> wrote: 
> > I used ''puppetdb-ssl-setup'' (after removing the ssl
folder) to no avail.
> > 
> > (sorry about cross posting - I thought I had removed the
''ask'' entry)
> > 
> > 
> > On Thursday, December 5, 2013 12:25:24 PM UTC-8, Ken Barber wrote: 
> >> 
> >> I responded to this in ask, but I''ll answer here also. 
> >> 
> >> In the file /etc/puppetdb/conf.d/jetty.ini, the settings ssl-host
and
> >> ssl-port must be set to listen on the SSL port (8081). However, if
> >> your ssl certs aren''t yet configured this may fail for
you. Usually
> >> puppetdb-ssl-setup is a good way to set these up automatically, so
try
> >> this first. For ssl-host I usually recommend something like ::1 or
> >> 0.0.0.0 to listen on all ports for simplicity, but you can make
this
> >> explicit if you like. 
> >> 
> >> ken. 
> >> 
> >> 
> >> 
> >> On Thu, Dec 5, 2013 at 7:48 PM, Jon Yeargers
<ethr...@gmail.com>
> wrote: 
> >> > I did `yum update` on my puppet server about a week ago. Up
to that
> >> > point I 
> >> > had puppet and puppetdb running on the same machine. Since
the update
> >> > puppetdb doesn''t appear to be listening on port 8081
anymore.
> >> > 
> >> > When I run `puppet agent --test` on a client I get this
error:
> >> > 
> >> >     err: Could not retrieve catalog from remote server: Error
400 on
> >> > SERVER: 
> >> > Failed to submit ''replace facts'' command
for plugpc-005.client to
> >> > PuppetDB 
> >> > at puppet.server:8081: Connection refused - connect(2) 
> >> > 
> >> > Looking at `nmap -P0 puppet.server` shows that port 8081
isn''t open.
> >> > Trying 
> >> > `telnet puppet.server 8081` confirms this. 
> >> > 
> >> > My configs are all set using the values from 
> >> > 
> >> > [here].(
> http://docs.puppetlabs.com/puppetdb/latest/connect_puppet_master.html). 
> >> > 
> >> > `ps -ax` shows that the processes are running: 
> >> > 
> >> >     2040 ?        Ss     4:55 /usr/sbin/openvpn --daemon
--writepid
> >> > /var/run/openvpn/puppet.pid --config puppet.conf --cd
/etc/openvpn
> >> > --script-security 2 
> >> >     29737 ?        Sl     0:37 /usr/bin/java 
> -XX:OnOutOfMemoryError=kill 
> >> > -9 
> >> > %p -Xmx192m -XX:+HeapDumpOnOutOfMemoryError 
> >> > -XX:HeapDumpPath=/var/log/puppetdb/puppetdb-oom.hprof -jar 
> >> > /usr/share/puppetdb/puppetdb.jar services -c
/etc/puppetdb/conf.d
> >> >     29924 ?        Sl     0:01 Passenger AppPreloader: 
> >> > /usr/share/puppet/rack/puppetmasterd 
> >> >     29963 ?        Sl     0:00 Passenger RackApp: 
> >> > /usr/share/puppet/rack/puppetmasterd 
> >> > 
> >> > 
> >> > The output of `netstat -nap | grep 8081` is empty. 
> >> > 
> >> > Turning off iptables doesn''t make any difference.
(not that it would
> - 
> >> > nobody is listening at the port anyway) 
> >> > 
> >> > NOTE: This system was working ok before the update. I could
download
> >> > configs 
> >> > to clients and query the db for the results. 
> >> > 
> >> > So - what did I break? 
> >> > 
> >> > -- 
> >> > You received this message because you are subscribed to the
Google
> >> > Groups 
> >> > "Puppet Users" group. 
> >> > To unsubscribe from this group and stop receiving emails from
it,
> send 
> >> > an 
> >> > email to puppet-users...@googlegroups.com. 
> >> > To view this discussion on the web visit 
> >> > 
> >> > 
>
https://groups.google.com/d/msgid/puppet-users/f4f93c97-a763-40c4-96c6-6c341893fc74%40googlegroups.com.
>
> >> > For more options, visit
https://groups.google.com/groups/opt_out.
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups 
> > "Puppet Users" group. 
> > To unsubscribe from this group and stop receiving emails from it, send
> an 
> > email to puppet-users...@googlegroups.com <javascript:>. 
> > To view this discussion on the web visit 
> > 
>
https://groups.google.com/d/msgid/puppet-users/6e94f3ef-4320-4b49-b430-10f646f220cc%40googlegroups.com.
>
> > 
> > For more options, visit https://groups.google.com/groups/opt_out. 
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/ebec75a1-e06c-4931-9b31-b1955908cd02%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.