Hi,
After some struggles I got Katello upgraded from 3.1 to 3.4 and
everthing appears to be working.
But when I do a yum upgrade on the clients it upgrades from puppet to
puppet-agent from the pc1 repo. After that the hosts don't report to
foreman/katello anymore and running "puppet agent -t" gives:
Debug: Creating new connection for https://puppet:8140
Error: Could not request certificate: getaddrinfo: Name or service
not known
Exiting; failed to retrieve certificate and waitforcert is disabled
Checking "/etc/puppetlabs/puppet/puppet.conf" it is empty and no server
or certname is configured. So I tried copying
"/etc/puppet/puppet.conf.rpmsave" over
"/etc/puppetlabs/puppet/puppet.conf" and the ssl certificates. But then
I get the following error:
Error: Could not retrieve catalog from remote server: SSL_connect
returned=1 errno=0 state=error: certificate verify failed: [self
signed certificate in certificate chain for /CN=Puppet CA:
katello.***.**]
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
What is the proper way to upgrade katello and puppet on provisioned
hosts? The manual doesn't list any additional steps.
Met vriendelijke groet, With kind regards,
Jorick Astrego
Netbulae Virtualization Experts
···
----------------
Tel: 053 20 30 270 info@netbulae.eu Staalsteden 4-3A KvK 08198180
Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01
Check out this puppet module
https://forge.puppet.com/puppetlabs/puppet_agent
and these docs
https://docs.puppet.com/puppet/4.10/upgrade_major_agent.html
https://docs.puppet.com/puppet/5.2/upgrade_major_agent.html
···
On Wednesday, 27 September 2017 02:07:55 UTC+13, Jorick Astrego wrote:
>
> Hi,
>
> After some struggles I got Katello upgraded from 3.1 to 3.4 and everthing
> appears to be working.
>
> But when I do a yum upgrade on the clients it upgrades from puppet to
> puppet-agent from the pc1 repo. After that the hosts don't report to
> foreman/katello anymore and running "puppet agent -t" gives:
>
> Debug: Creating new connection for https://puppet:8140
> Error: Could not request certificate: getaddrinfo: Name or service not
> known
> Exiting; failed to retrieve certificate and waitforcert is disabled
>
> Checking "/etc/puppetlabs/puppet/puppet.conf" it is empty and no server or
> certname is configured. So I tried copying
> "/etc/puppet/puppet.conf.rpmsave" over "/etc/puppetlabs/puppet/puppet.conf"
> and the ssl certificates. But then I get the following error:
>
> Error: Could not retrieve catalog from remote server: SSL_connect
> returned=1 errno=0 state=error: certificate verify failed: [self signed
> certificate in certificate chain for /CN=Puppet CA: katello.***.**]
> Warning: Not using cache on failed catalog
> Error: Could not retrieve catalog; skipping run
>
> What is the proper way to upgrade katello and puppet on provisioned hosts?
> The manual doesn't list any additional steps.
>
>
>
>
> Met vriendelijke groet, With kind regards,
>
> Jorick Astrego
>
> *Netbulae Virtualization Experts *
> ------------------------------
> Tel: 053 20 30 270 in...@netbulae.eu Staalsteden 4-3A KvK
> 08198180
> Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01
> ------------------------------
>
>
Indeed, this looks like a side effect of moving from Puppet 3 to Puppet
4 - the config file for Puppet itself changes location
(/etc/puppet/puppet.conf vs /etc/puppetlabs/puppet/puppet.conf). So
unless additional care is taken to copy that file (either manually or
by using something like Matt's suggestion) and any related files like
$ssldir etc. then you'll get a blank config file, and thus what you're
seeing with new certs etc.
Migrating Puppet 3 to Puppet 4 was, in my experience, a giant pain, but
at least you only have to do it once.
Greg
Hi,
Thanks but I already went through these. I always try all steps manually
first before applying a puppet module.
But I found the problem, during the proxy upgrade some things went wrong
and all the client certificates got lost. Restoring them from backup
gets things working again.
Regards,
Jorick Astrego
···
On 09/27/2017 06:14 AM, Matt Cahill wrote:
> Check out this puppet module
>
> https://forge.puppet.com/puppetlabs/puppet_agent
>
> and these docs
>
> https://docs.puppet.com/puppet/4.10/upgrade_major_agent.html
> https://docs.puppet.com/puppet/5.2/upgrade_major_agent.html
>
>
>
> On Wednesday, 27 September 2017 02:07:55 UTC+13, Jorick Astrego wrote:
>
> Hi,
>
> After some struggles I got Katello upgraded from 3.1 to 3.4 and
> everthing appears to be working.
>
> But when I do a yum upgrade on the clients it upgrades from puppet
> to puppet-agent from the pc1 repo. After that the hosts don't
> report to foreman/katello anymore and running "puppet agent -t" gives:
>
> Debug: Creating new connection for https://puppet:8140
> Error: Could not request certificate: getaddrinfo: Name or
> service not known
> Exiting; failed to retrieve certificate and waitforcert is
> disabled
>
> Checking "/etc/puppetlabs/puppet/puppet.conf" it is empty and no
> server or certname is configured. So I tried copying
> "/etc/puppet/puppet.conf.rpmsave" over
> "/etc/puppetlabs/puppet/puppet.conf" and the ssl certificates. But
> then I get the following error:
>
> Error: Could not retrieve catalog from remote server:
> SSL_connect returned=1 errno=0 state=error: certificate verify
> failed: [self signed certificate in certificate chain for
> /CN=Puppet CA: katello.***.**]
> Warning: Not using cache on failed catalog
> Error: Could not retrieve catalog; skipping run
>
> What is the proper way to upgrade katello and puppet on
> provisioned hosts? The manual doesn't list any additional steps.
>
>
>
>
>
> Met vriendelijke groet, With kind regards,
>
> Jorick Astrego
> *
> Netbulae Virtualization Experts *
> ------------------------------------------------------------------------
> Tel: 053 20 30 270 in...@netbulae.eu Staalsteden
> 4-3A KvK 08198180
> Fax: 053 20 30 271 www.netbulae.eu 7547
> TA Enschede BTW NL821234584B01
>
>
> ------------------------------------------------------------------------
>
> --
> You received this message because you are subscribed to the Google
> Groups "Foreman users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to foreman-users+unsubscribe@googlegroups.com
> .
> To post to this group, send email to foreman-users@googlegroups.com
> .
> Visit this group at https://groups.google.com/group/foreman-users.
> For more options, visit https://groups.google.com/d/optout.
Met vriendelijke groet, With kind regards,
Jorick Astrego
Netbulae Virtualization Experts
Tel: 053 20 30 270 info@netbulae.eu Staalsteden 4-3A KvK 08198180
Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01
