Hi Erwin,
I have opened SERVER-2979
<https://tickets.puppetlabs.com/browse/SERVER-2979> to investigate your
issue. Any additional info you can add to that ticket would be greatly
appreciated.
In the meantime, you can manually migrate your CA directory:
1. stop the puppetserver service:
systemctl stop puppetserver
2. move your CA directory to the new location:
mv /etc/puppetlabs/puppet/ssl/ca /etc/puppetlabs/puppetserver/ca
3. to maintain backwards compatibility, create a symlink from the new
location to the old location:
ln -sf /etc/puppetlabs/puppetserver/ca /etc/puppetlabs/puppet/ssl/ca
4. restart the puppetserver service:
systemctl start puppetserver
Let us know if you have any other issues.
Thanks!
On Fri, Feb 26, 2021 at 6:40 AM Erwin Bogaard <[email protected]>
wrote:
> Hi Molly,
>
> We don't really run an unusual setup: just a regular machine with hostname
> in local DNS available, no IPv6.
> The installed Puppet component versions are as follows:
> puppet-agent-7.4.1-1.el7.x86_64
> puppet-client-tools-1.2.6-1.el7.x86_64
> puppetdb-7.2.0-1.el7.noarch
> puppetdb-termini-7.2.0-1.el7.noarch
> puppet-release-1.0.0-15.el7.noarch
> puppetserver-7.0.3-1.el7.noarch
>
> The requested configuration is as follows:
> networking => {
> dhcp => "192.168.100.1",
> domain => "kntr.xxx.loc",
> fqdn => "puppet01.kntr.xxx.loc",
> hostname => "puppet01",
> ...
> }
> os => {
> architecture => "x86_64",
> family => "RedHat",
> hardware => "x86_64",
> name => "CentOS",
> release => {
> full => "7.9.2009",
> major => "7",
> minor => "9"
> },
> selinux => {
> enabled => false
> }
> }
> ruby => {
> platform => "x86_64-linux",
> sitedir => "/opt/puppetlabs/puppet/lib/ruby/site_ruby/2.7.0",
> version => "2.7.2"
> }
> On Thursday, 25 February 2021 at 19:52:23 UTC+1 Molly Waggett wrote:
>
>> Hi Erwin,
>>
>> The puppetserver ca migrate command must be run while the puppetserver
>> service is stopped, but it looks like we're not catching the particular
>> connection error you're getting when we check to see whether the service is
>> running.
>>
>> I'm wondering if you have an unusual networking setup, e.g. custom DNS
>> config, IPv6, etc.
>> I was not able to reproduce your issue on a first attempt, so it would
>> also be helpful to know which version of puppetserver you're running, what
>> OS platform you're running on, and which version of Ruby you're using.
>>
>> Thanks!
>>
>> On Thu, Feb 25, 2021 at 2:59 AM Erwin Bogaard <[email protected]>
>> wrote:
>>
>>>
>>> Hi,
>>>
>>> I'm trying to solve the notofocation about "The cadir is currently
>>> configured to be inside the /etc/puppetlabs/puppet/ssl directory".
>>> When I follow the steps, and run:
>>>
>>> # puppetserver ca migrate --config /etc/puppetlabs/puppet/puppet.conf
>>>
>>> I get the message: "Puppetserver service is running. Please stop it
>>> before attempting to run this command."
>>>
>>> If I then stop the puppetserver service and run the command again, I get
>>> the following Error: "Fatal error when running action 'migrate'
>>> Error: Failed connecting to https://xxx.loc:8140/status/v1/simple/ca
>>> Root cause: Failed to open TCP connection to xxx.loc:8140 (Invalid
>>> argument - connect(2) for "xxx.loc" port 8140)"
>>>
>>> That no connection is possible seems logical, as I stopped the service
>>> prevously.
>>>
>>> If "puppetsever ca migrate" won't run when the service is running, but
>>> it needs to connect to the service, how is that ever going to work? I'm
>>> baffeled.
>>>
>>> As a work around: is there maybe a manual way to execute this migration?
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Puppet Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to [email protected].
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/puppet-users/c4627ffb-887d-490e-9dc6-7b730cdf3622n%40googlegroups.com
>>> <https://groups.google.com/d/msgid/puppet-users/c4627ffb-887d-490e-9dc6-7b730cdf3622n%40googlegroups.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>>
>>
>> --
>> *Molly Waggett*
>> she/her
>> Senior Software Engineer @ Puppet
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/d58e26d1-1cba-4b43-997d-819df7a8381an%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/d58e26d1-1cba-4b43-997d-819df7a8381an%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
--
*Molly Waggett*
she/her
Senior Software Engineer @ Puppet
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAFOE68AM2wAYB1qOanZ6eEH51jvZqqv4aC-1QxXYZapyPVbMRw%40mail.gmail.com.
