When upgrading compilers to 2019.8.5, the enterprise_tasks::upgrade_secondary plan fails to start the pe-puppetserver service.
Error messages
The pe-puppetserver service fails to start with a Value does not match schema: {:client-certnames disallowed-key} error, similar to the following:
Kind: puppetlabs.installpe/run-puppet-failed
Details:
{"output"=>
...
"Error: Systemd start for pe-puppetserver failed!\n" +
"journalctl log for pe-puppetserver:\n" +
...
Value does not match
schema: {:client-certnames disallowed-key}
The client-certnames key is no longer a valid Puppet Server setting in PE 2019.8.5, so the pe-puppetserver service fails to start.
Version and installation information
PE version: 2019.8.5
This issue is resolved in PE 2019.8.6 and 2021.1.0.
Solution
To fix the issue, remove the client-certnames key-value pair from each compiler. You can either remove it on each compiler manually or you can create a manifest and apply it to each compiler node. Both sets of steps do the same thing. The manual steps are easier to use if you do not want to copy and paste.
Manually remove client-certnames
Complete the following steps on each compiler.
-
Edit the
/etc/puppetlabs/puppetserver/conf.d/file-sync.conffile and remove theclient-certnameskey-value pair. -
Run Puppet:
puppet agent -t.
Remove client-certnames with a manifest
Create a manifest that removes the client-certnames key-value pair by running the following commands on each compiler.
-
Create the manifest:
cat << EOF >> client-certnames.pp pe_hocon_setting { 'Remove client-certnames': ensure => absent, path => '/etc/puppetlabs/puppetserver/conf.d/file-sync.conf', setting => 'file-sync.client-certnames', type => 'array', } EOF -
Apply the manifest:
puppet apply client-certnames.pp -
Remove the manifest file you created:
rm -f client-certnames.pp -
Run Puppet:
puppet agent -t
How can we improve this article?
0 comments
Please sign in to leave a comment.
Related articles