You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When I run octocatalog-diff it succeeds gathering facts from puppetdb but later fails compiling the catalog while collecting exported resources indicating errors with OpenSSL.
What did you do?
run octocatalog-diff against any node
What happened?
could not retrieve stuff from puppetdb, failing with e.g. openssl errors
What did you expect to happen?
octocatalog-diff output
How can someone reproduce the problem?
set up puppet using external CA (in my case FreeIPA)
set up puppetdb to use this CA
get another certificate for running octocatalog-diff, signed by FreeIPA's CA
set up octocatalog-diff with puppetdb-ssl-ca, puppetdb-ssl-key and puppetdb-ssl-cert set according to docs
The problem appears to lie in the file names used by ssl client cert and private key used for authenticating against puppetdb. While using the content of the certs in .octocatalog-diff.cfg.rb works fine for using those credentials for gathering facts etc, running puppet master --compile later fails because it can't pick up the files. The files are stored with just the host name as their file names and not the fqdn, so puppet won't pick it up automatically. c.f.
Replacing this line with host = Socket.gethostbyname(Socket.gethostname).first fixed the issue by resolving the hostname to its FQDN, requires working DNS on the client, though. host = `hostname -f` works under unixoid systems, etc.
Not sure if this is part of this issue, or should open a new issue.
I am using puppet's CA.
Running with puppet 6 I also encountered that puppet is missing CRL. I've managed to get it installed with the following hack (inside enc_wrapper script):
# Do you ENC thingy# Need to manually install missing CRL file
cp /etc/puppetlabs/puppet/ssl/crl.pem $(readlink -f ../../../*builddir*)/var/ssl
When I run
octocatalog-diff
it succeeds gathering facts from puppetdb but later fails compiling the catalog while collecting exported resources indicating errors with OpenSSL.run octocatalog-diff against any node
could not retrieve stuff from puppetdb, failing with e.g. openssl errors
octocatalog-diff
outputCommand used:
octocatalog-diff -n puppet.example.com --debug
Debugging output:
ruby 2.3.1p112 (2016-04-26) [x86_64-linux-gnu]
from Ubuntu 16.04gem install octocatalog-diff
yes
The text was updated successfully, but these errors were encountered: