https://www.puppet.com/community logo
Title
n

nate

05/24/2023, 9:38 PM
i have bolt pointed to two separate puppetdb hosts. the config looks okay to me. each group in the inventory points to the named instance for the query like so
- name: rocky_compute
    targets:
      - _plugin: puppetdb
        query: "inventory[certname] { facts.os.name = 'Rocky' and facts.group = 'compute'}"
        instance: puppet6
we’re migrating from puppet 6 to 7, so we have two places to look. querying the puppet 7 db fails with a
Request to puppetdb at <https://puppetdb01.domain.edu:8081> failed with Failed to query PuppetDB: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate).
Error executing plugin puppetdb from resolve_reference in puppetdb: Failed to connect to all PuppetDB server_urls: <https://puppetdb01.domain.edu:8081>.
is this error just telling me the CA cert is wrong for that named instance? setting log-level to trace shows success hitting the other one.
backends look like this in bolt-project.yaml
puppetdb-instances:
  puppet6:
    server_urls: ['<https://old-puppetdb01.domain.edu:8081>']
    cacert: "./certs/puppetmaster_ca.crt"
    cert: "./certs/bolt.cert"
    key: "./certs/bolt_key.pem"
  puppet7:
    server_urls: ['<https://puppetdb01.domain.edu:8081>']
    cacert: "./certs/new_puppet_ca.crt"
    cert: "./certs/bolt_puppet7.cert"
    key: "./certs/bolt_puppet7.pem"