PuppetDB and PostgreSQL Known Issues
A newer version is available; see the version menu above for details.
As we discover them, this page will be updated with known issues related to PuppetDB and PostgreSQL in Puppet Enterprise. Fixed issues will be removed from this page and noted in the Bug Fixes section of the release notes. If you find new problems yourself, please file bugs in our issue tracker.
Incorrect Password for Database User(s) Causes Install/Upgrade to Fail
If, during installation or upgrade, you supply an incorrect password for one of the PE databases users (RBAC, console, PuppetDB), the install/upgrade will fail. However, in some cases it might appear that the install/upgrade was successful. For example, if the incorrect password is supplied for the console database user, the install/upgrade continues—and appears to succeed—but the console will not be functional.
Errors Related to Stopping
If for any reason the
pe-postgresql service is stopped, agents receive several different error messages, for example:
Warning: Unable to fetch my node definition, but the agent run will continue: Warning: Error 400 on SERVER: (<unknown>): mapping values are not allowed in this context at line 7 column 28
or, when attempting to request a catalog:
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: (<unknown>): mapping values are not allowed in this context at line 7 column 28 Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run
If you encounter these errors, simply re-start the
PuppetDB Behind a Load Balancer Causes Puppet Server Errors
Puppet Server handles outgoing HTTPS connections differently from the older MRI Ruby Puppet master, and has a new restriction on the server certificates it will accept.
If Puppet Server makes client connections to another HTTPS service, that service must use only one certificate. If that service is behind a load balancer, and the back-end servers use individual certificates, Puppet Server will frequently abort its client connections. For more details, see this note from the Puppet Server docs.
Therefore, if you are running multiple PuppetDB servers behind a load balancer, you must configure all of them to use the same certificate. You can do this by following the instructions below.
Warning: This is a non-standard configuration that may or may not be supported, depending on what your organization has negotiated with Puppet Labs.
Also note that if you use this workaround, you will not be able to use
/opt/puppetlabs/sbin/puppetdb ssl-setupto repair certificate issues with PuppetDB.
On the Puppet master that serves as the CA, generate a certificate for your PuppetDB nodes with the load balancer hostname as one of the DNS alt names. In this example, we use
puppet cert generate <pe-internal-puppetdb> --dns_alt_names=<LOAD BALANCER HOSTNAME>
- Move the new cert from the Puppet master SSL cert directory (
/etc/puppetlabs/puppet/ssl/certs/pe-internal-puppetdb.pem) to the same path on each PuppetDB node (
- Move the new private key from the Puppet master SSL private key directory (
/etc/puppetlabs/puppet/ssl/private_keys/pe-internal-puppetdb.pem) to the same path on each PuppetDB node (
- Move the new public key from Puppet master SSL public key directory (
/etc/puppetlabs/puppet/ssl/public_keys/pe-internal-puppetdb.pem) to the same path on each PuppetDB node (
In the PE console, configure the
puppet_enterprise::profile::puppetdbclass to use the new
a. Click Classification in the top navigation bar.
b. From the Classification page, select the PE PuppetDB group.
c. Click the Classes tab, and find the
d. From the Parameter drop-down list, select
e. In the Value field, enter
f. Click Add parameter and the Commit change button.
Add the hostname of the load balancer to the PE Infrastructure class.
a. Navigate to the PE Infrastructure group.
b. Click the Classes tab, and find the
c. For the
puppetdb_hostentry, edit the value to reflect the hostname of your load balancer.
d. Click the Commit change button.
- On each PuppetDB node and the Puppet master, kick off a Puppet run.