PuppetDB: Connection refused

puppet puppetmaster puppetdb
13,672

Make sure hostname -f gives full qualified name (if not, update /etc/hostname and update sysctl kernel.hostname={your hostname}).

Check your current certificates:

echo | openssl s_client -connect <puppetdb fqdn>:8081 | openssl x509 -noout -dates

For latest version of PuppetDB (4.2):

  1. stop puppetDB service puppetdb stop
  2. remove old certificates: rm -rf /etc/puppetlabs/puppetdb/ssl/
  3. generate new certificates, puppet DB comes with a handy tool: puppetdb ssl-setup

  4. in case you're using SSL connection to DB you might need to update keystore:

    keytool -import -alias "My CA" -file /etc/puppetlabs/puppetdb/ssl/ca.pem -keystore /etc/puppetlabs/puppetdb/ssl/truststore.jks
  5. start puppetDB service puppetdb start
Share:
13,672

Related videos on Youtube

Kai
Author by

Kai

Updated on September 18, 2022

Comments

  • Kai
    Kai almost 2 years

    I'm trying to get PuppetDB to run on my puppetmaster machine. The problem is that I always get the following message when doing an agent run:

    err: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to submit 'replace facts' command for handsoff.dc0.testing.de to PuppetDB at handsoff:8081: Connection refused - connect(2)

    The puppetmaster, puppetdb and database are all running on the same host "handsoff".

    This is my /etc/puppet/puppetdb.conf

    [main]
server = handsoff
port = 8081

    My /etc/puppetdb/jetty.ini

    [jetty]
# Hostname or IP address to listen for clear-text HTTP.  Default is localhost
# host = <host>

# Port to listen on for clear-text HTTP.
port = 8080


# The following are SSL specific settings. They can be configured
# automatically with the tool `puppetdb ssl-setup`, which is normally
# ran during package installation.

# The host or IP address to listen on for HTTPS connections
ssl-host = localhost

# The port to listen on for HTTPS connections
ssl-port = 8081

# Private key path
ssl-key = /etc/puppetdb/ssl/private.pem

# Public certificate path
ssl-cert = /etc/puppetdb/ssl/public.pem

# Certificate authority path
ssl-ca-cert = /etc/puppetdb/ssl/ca.pem

certificate-whitelist = /etc/puppetdb/ssl-whitelist

    And the ssl-whitelist file:

    localhost
handsoff
handsoff.dc0.testing.de

    lsof shows me the listening ports

    # lsof -i -P | grep puppetdb | grep 80
java     2549      puppetdb   20u  IPv6   4982      0t0  TCP localhost:8080 (LISTEN)
java     2549      puppetdb   34u  IPv6   9353      0t0  TCP localhost:8081 (LISTEN)

    In my /etc/hosts I have these lines

    127.0.0.1   localhost
127.0.1.1   handsoff handsoff.dc0.testing.de

    So from my point of view puppet should be able to connect to puppetdb on port 8081 through localhost and through handsoff. (I tested both, both with the same results)

    Any ideas what might be wrong with this setup?

    Edit: I also tried to set this in my puppetdb.conf:

    [main]
server = localhost
port = 8081

    But then I get err: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to submit 'replace facts' command for handsoff.dc0.testing.de to PuppetDB at localhost:8081: hostname does not match the server certificate

    I'm using self-signed certificates (didn't change anything on that after I did the install with apt-get). My guess was that the whitelisting would allow me to use the certificate this way. Is that wrong?

    • AWippler
      AWippler almost 10 years
      Can you telnet into the port? telnet localhost 8081
    • dawud
      dawud almost 10 years
      Can the puppet client verify the validity of the CA certificate? is it self-signed? are you using the puppet PKI for puppetdb? what versions of puppet and puppetdb are you using?
    • AWippler
      AWippler almost 10 years
      puppetdb is listening on 127.0.0.1 and your puppet master is trying to connect to 127.0.1.1 ... fix this and try again.
    • Kai
      Kai almost 10 years
      I added a few informations about that to me original post.
    • byoung
      byoung almost 10 years
      Try setting host = handsoff or host = 127.0.1.1 in jetty.conf to make PuppetDB listen on that address instead of using localhost in puppetdb.conf.
  • leeand00
    leeand00 over 5 years
    I did everything but step 4 and it appears to have worked...

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Puppet not applying config but returns without error
Puppet error : Could not create master.pid
How can I fix invalid parameter errors in puppet manifests?
Foreman displays a server as "out of sync", what could be the reason and what is the right way to troubleshoot such an issue?
Puppet:Could not find default node or by name with node test2
Puppet: How to fix "Invalid resource type file_line"?
Puppet agent -t results in error: Failed to generate additional resources using 'eval_generate:
Puppet gives SSL error because master is not running?
Setting up puppetmaster: hostname was not match with the server certificate
Puppet server hostname does not match certificate - can't authenticate. How to disable puppet authentication?