If you host your own code repository and its certificate is self-signed, you must change some settings before Code Manager will let you deploy code from it.
Error messages and logs
/var/log/puppetlabs/puppetserver/puppetserver.log, messages such as:
2017-04-06 11:33:17,569 INFO [deploy-pool-1] [p.c.core] Attempting to deploy environment 'test_env'... 2017-04-06 11:33:24,393 ERROR [deploy-pool-1] [p.c.core] Errors while deploying environment 'test_env' (exit code: 1): ERROR -> The SSL certificate is invalid
Version and installation information
PE version: 2016.1 to 2016.4, 2017.1, 2017.3, 2018.1.7
Installation type: Monolithic or split
There are two options that will allow Code Manager to deploy code from your repository. You can:
Use a Git source instead of an HTTPS source to refer to your repository in your Puppetfile. This option requires adding SSH keys to your Puppet master and your repository.
Add a certificate authority (CA) cert for the repository to the list of trusted CAs in
Changing the reference to your Git repository in your Puppetfile and using SSH keys is secure, but might require some work and time to set up. Adding a CA cert for the repository to the list of trusted CAs in
/opt/puppetlabs/puppet/ssl/cert.pem is less work, but it is less secure than using SSH keys, and you must remember to do it again each time you upgrade PE.
Option one: Use a Git source instead of an HTTPS source
To deploy code from your repository using a Git source, configure a private SSH key on your Puppet master and a public SSH key on your repository:
In your Puppetfile, change references to your Git repository from an HTTPS source to a Git source:
For example, change:
mod 'site_date', :git: 'https://example.com/user/site_data.git',
mod 'site_data', :git: 'email@example.com:user/site_data.git',
Configure your SSH keys. Configure the private key using our documentation on how to Declare module or data content with SSH private key authentication for PE 2018.1.
Note: Use the version selector to choose the right version of our documentation for your deployment.
The details of configuring your public key depend on how your Git repository is configured. Talk to your Git repository administrator.
Option two: Add a trusted CA cert
If you are unable to specify a Git source, add your repository to the list of CAs trusted by Code Manager by adding a CA cert to the file
Transfer the cert (
ca.pem) file to your CA node.
On the CA node, add the cert to the list of CAs trusted by Code Manager:
cat ca.pem >> /opt/puppetlabs/puppet/ssl/cert.pem
Agent runs won't revert changes made to
cert.pem because the file isn't managed by PE, but upgrades to PE will overwrite the file. After you upgrade PE, you must add the CA cert to