Could not deactivate host on PuppetDB: SSL_connect SYSCALL returned=5 errno=0 state=unknown state

oliver.simon.1977 · February 2, 2017, 3:22pm

Hi Group,

I am currently running 2 clusters with foreman, puppetserver 4 and
puppetdb. Almost everything is working perfectly, only deleting hosts in
foreman throws a

Error: Could not deactivate host on PuppetDB: SSL_connect SYSCALL returned=5
errno=0 state=unknown state

on the foreman page. The other integration works fine, and for example on
the cmd I can do a

root@install.XXXX.com:/etc/puppetlabs/puppetdb# puppet node status
atf31.XXXX.com

Currently active
Last catalog: 2017-02-01T21:27:08.832Z
Last facts: 2017-02-01T21:27:06.390Z
root@install.XXXX.com:/etc/puppetlabs/puppetdb

or

root@install.XXXX.com:/etc/puppetlabs/puppetdb# puppet node deactivate
dev-a.XXXX.com <http://dev-a.cl1.audisto.com>
Submitted 'deactivate node' for dev-atf13.XXXX.com with UUID e6e79475-XXXX-
45aa-7777-157fc645e001
root@install.XXXX.com:/etc/puppetlabs/puppetdb#

which then shows the inactive host on Monitor -> Puppet DB Dashboard under
"Inactive Nodes in the population"

I already tried puppetdb ssl-setup, also with -f to force copying, and I
also tried the key/truststore thing with the (I guess) correct certificates
from puppetserver itself.

Can someone maybe answer the question WHICH certificates do I have to use
in puppetdb configuration, or isnt it possible in the setup we run here ?

puppetserver 2.7.2-1puppetlabs1
puppetdb 4.3.0-1puppetlabs1
foreman 1.14.0-1
ruby-puppetdb-foreman 2.0.0-1

foreman puppetdb settings under Administer -> Settings -> Puppetdb

("puppet" is aliassed to 127.0.0.1 in /etc/hosts on the server)
puppetdb_address https://puppet:8081/pdb/cmd/v1
puppetdb_dashboard_address http://puppet:8080/pdb/dashboard
puppetdb_enabled Yes

we also have in foreman/settings.yaml

:puppetdb:
:enabled: false
:address: 'https://puppet:8081/pdb/cmd/v1'
:dashboard_address: 'http://puppet:8080/pdb/dashboard'
:puppetdb_ssl_ca_file: '/etc/puppetlabs/puppet/ssl/
certs/ca.pem'
:puppetdb_ssl_certificate:
'/etc/puppetlabs/puppet/ssl/certs/install.XXXX.com.pem'
:puppetdb_ssl_private_key:
'/etc/puppetlabs/puppet/ssl/private_keys/install.XXXX.com.pem'

As I said, all the rest seems to work fine, only deleting hosts doesnt work.

We would really appreciate if someone could shed some light into this

thanks in advance, Oliver