Last active
May 19, 2017 00:29
-
-
Save tspeigner/5d83f630a107e5bb50d4e2be0127abe5 to your computer and use it in GitHub Desktop.
PDB External PostgreSQL Troubleshooting - Shottracker
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [root@ip-10-98-10-242 ~]# /opt/puppetlabs/puppet/bin/puppet resource service puppet ensure=stopped | |
| Notice: /Service[puppet]/ensure: ensure changed 'running' to 'stopped' | |
| service { 'puppet': | |
| ensure => 'stopped', | |
| } | |
| [root@ip-10-98-10-242 ~]# vi /etc/puppetlabs/code/environments/production/hieradata/common.yaml | |
| [root@ip-10-98-10-242 ~]# vi /etc/puppetlabs/console-services/conf.d/activity-database.conf | |
| [root@ip-10-98-10-242 ~]# vi /etc/puppetlabs/console-services/conf.d/rbac-database.conf | |
| [root@ip-10-98-10-242 ~]# vi /etc/puppetlabs/console-services/conf.d/classifier-database.conf | |
| [root@ip-10-98-10-242 ~]# systemctl restart pe-console-services | |
| [root@ip-10-98-10-242 ~]# puppet agent -t | |
| Info: Using configured environment 'production' | |
| Info: Retrieving pluginfacts | |
| Info: Retrieving plugin | |
| Info: Loading facts | |
| Info: Caching catalog for ip-10-98-10-242.us-west-2.compute.internal | |
| Info: Applying configuration version '1495147679' | |
| Notice: /Stage[main]/Puppet_enterprise::Profile::Console/Puppet_enterprise::Trapperkeeper::Activity[console-services]/Pe_hocon_setting[activity.database.subname]/value: value changed ['//pdb04.cwgutxb2rxqb.us-west-2.rds.amazonaws.com:5432/pe-activity?ssl=true&sslfactory=org.postgresql.ssl.jdbc4.LibPQFactory&sslmode=verify-full&sslrootcert=/etc/puppetlabs/puppet/ssl/rds-ca-2015-root.pem'] to '//pdb04.cwgutxb2rxqb.us-west-2.rds.amazonaws.com:5432/pe-activity' | |
| Info: /Stage[main]/Puppet_enterprise::Profile::Console/Puppet_enterprise::Trapperkeeper::Activity[console-services]/Pe_hocon_setting[activity.database.subname]: Scheduling refresh of Service[pe-console-services] | |
| Notice: /Stage[main]/Puppet_enterprise::Profile::Console/Puppet_enterprise::Trapperkeeper::Rbac[console-services]/Pe_hocon_setting[console-services.rbac.database.subname]/value: value changed ['//pdb04.cwgutxb2rxqb.us-west-2.rds.amazonaws.com:5432/pe-rbac?ssl=true&sslfactory=org.postgresql.ssl.jdbc4.LibPQFactory&sslmode=verify-full&sslrootcert=/etc/puppetlabs/puppet/ssl/rds-ca-2015-root.pem'] to '//pdb04.cwgutxb2rxqb.us-west-2.rds.amazonaws.com:5432/pe-rbac' | |
| Info: /Stage[main]/Puppet_enterprise::Profile::Console/Puppet_enterprise::Trapperkeeper::Rbac[console-services]/Pe_hocon_setting[console-services.rbac.database.subname]: Scheduling refresh of Service[pe-console-services] | |
| Notice: /Stage[main]/Puppet_enterprise::Profile::Console/Puppet_enterprise::Trapperkeeper::Classifier[console-services]/Pe_hocon_setting[console-services.classifier.database.subname]/value: value changed ['//pdb04.cwgutxb2rxqb.us-west-2.rds.amazonaws.com:5432/pe-classifier?ssl=true&sslfactory=org.postgresql.ssl.jdbc4.LibPQFactory&sslmode=verify-full&sslrootcert=/etc/puppetlabs/puppet/ssl/rds-ca-2015-root.pem'] to '//pdb04.cwgutxb2rxqb.us-west-2.rds.amazonaws.com:5432/pe-classifier' | |
| Info: /Stage[main]/Puppet_enterprise::Profile::Console/Puppet_enterprise::Trapperkeeper::Classifier[console-services]/Pe_hocon_setting[console-services.classifier.database.subname]: Scheduling refresh of Service[pe-console-services] | |
| Info: Puppet_enterprise::Trapperkeeper::Rbac[console-services]: Scheduling refresh of Service[pe-console-services] | |
| Info: Puppet_enterprise::Trapperkeeper::Classifier[console-services]: Scheduling refresh of Service[pe-console-services] | |
| Info: Puppet_enterprise::Trapperkeeper::Activity[console-services]: Scheduling refresh of Service[pe-console-services] | |
| Notice: /Stage[main]/Puppet_enterprise::Console_services/Puppet_enterprise::Trapperkeeper::Pe_service[console-services]/Service[pe-console-services]: Triggered 'refresh' from 6 events |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Added string to orchestrator.conf and database.ini, ran puppet agent -t | |
| [root@ip-10-98-10-242 ~]# vi /etc/puppetlabs/orchestration-services/conf.d/orchestrator.conf | |
| [root@ip-10-98-10-242 ~]# vi /etc/puppetlabs/puppetdb/conf.d/database.ini | |
| [root@ip-10-98-10-242 ~]# puppet agent -t | |
| Info: Using configured environment 'production' | |
| Info: Retrieving pluginfacts | |
| Info: Retrieving plugin | |
| Info: Loading facts | |
| Info: Caching catalog for ip-10-98-10-242.us-west-2.compute.internal | |
| Info: Applying configuration version '1495147975' | |
| Notice: /Stage[main]/Puppet_enterprise::Profile::Orchestrator/Puppet_enterprise::Trapperkeeper::Orchestrator[orchestration-services]/Pe_hocon_setting[orchestration-services.orchestrator.database.subname]/value: value changed ['//pdb04.cwgutxb2rxqb.us-west-2.rds.amazonaws.com:5432/pe-orchestrator?ssl=true&sslfactory=org.postgresql.ssl.jdbc4.LibPQFactory&sslmode=verify-full&sslrootcert=/etc/puppetlabs/puppet/ssl/rds-ca-2015-root.pem'] to '//pdb04.cwgutxb2rxqb.us-west-2.rds.amazonaws.com:5432/pe-orchestrator' | |
| Info: /Stage[main]/Puppet_enterprise::Profile::Orchestrator/Puppet_enterprise::Trapperkeeper::Orchestrator[orchestration-services]/Pe_hocon_setting[orchestration-services.orchestrator.database.subname]: Scheduling refresh of Service[pe-orchestration-services] | |
| Notice: /Stage[main]/Puppet_enterprise::Puppetdb::Database_ini/Puppet_enterprise::Puppetdb::Shared_database_settings[database]/Pe_ini_setting[[database]-puppetdb_subname]/value: value changed '//pdb04.cwgutxb2rxqb.us-west-2.rds.amazonaws.com:5432/pe-puppetdb?ssl=true&sslfactory=org.postgresql.ssl.jdbc4.LibPQFactory&sslmode=verify-full&sslrootcert=/etc/puppetlabs/puppet/ssl/rds-ca-2015-root.pem' to '//pdb04.cwgutxb2rxqb.us-west-2.rds.amazonaws.com:5432/pe-puppetdb' | |
| Info: Class[Puppet_enterprise::Puppetdb::Database_ini]: Scheduling refresh of Service[pe-puppetdb] | |
| Notice: /Stage[main]/Puppet_enterprise::Puppetdb::Service/Puppet_enterprise::Trapperkeeper::Pe_service[puppetdb]/Service[pe-puppetdb]: Triggered 'refresh' from 1 events | |
| Info: Puppet_enterprise::Trapperkeeper::Orchestrator[orchestration-services]: Scheduling refresh of Service[pe-orchestration-services] | |
| Notice: /Stage[main]/Puppet_enterprise::Profile::Orchestrator/Puppet_enterprise::Trapperkeeper::Pe_service[orchestration-services]/Service[pe-orchestration-services]: Triggered 'refresh' from 2 events | |
| Notice: Applied catalog in 13.06 seconds |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| changed the common.yaml file to use the puppet_enterprise::profile::puppetdb::database_properties: ?ssl=true&sslfactory=org.postgresql.ssl.jdbc4.LibPQFactory&sslmode=verify-full&sslrootcert=/etc/puppetlabs/puppet/ssl/rds-ca-2015-root.pem | |
| [root@ip-10-98-10-242 ~]# vi /etc/puppetlabs/code/environments/production/hieradata/common.yaml | |
| [root@ip-10-98-10-242 ~]# puppet agent -t | |
| Info: Using configured environment 'production' | |
| Info: Retrieving pluginfacts | |
| Info: Retrieving plugin | |
| Info: Loading facts | |
| Info: Caching catalog for ip-10-98-10-242.us-west-2.compute.internal | |
| Info: Applying configuration version '1495148522' | |
| Notice: /Stage[main]/Puppet_enterprise::Puppetdb::Database_ini/Puppet_enterprise::Puppetdb::Shared_database_settings[database]/Pe_ini_setting[[database]-puppetdb_subname]/value: value changed '//pdb04.cwgutxb2rxqb.us-west-2.rds.amazonaws.com:5432/pe-puppetdb' to '//pdb04.cwgutxb2rxqb.us-west-2.rds.amazonaws.com:5432/pe-puppetdb?ssl=true&sslfactory=org.postgresql.ssl.jdbc4.LibPQFactory&sslmode=verify-full&sslrootcert=/etc/puppetlabs/puppet/ssl/rds-ca-2015-root.pem' | |
| Info: Class[Puppet_enterprise::Puppetdb::Database_ini]: Scheduling refresh of Service[pe-puppetdb] | |
| Notice: /Stage[main]/Puppet_enterprise::Puppetdb/Puppet_enterprise::Puppetdb::Shared_database_settings[read-database]/Pe_ini_setting[[read-database]-puppetdb_subname]/value: value changed '//pdb04.cwgutxb2rxqb.us-west-2.rds.amazonaws.com:5432/pe-puppetdb' to '//pdb04.cwgutxb2rxqb.us-west-2.rds.amazonaws.com:5432/pe-puppetdb?ssl=true&sslfactory=org.postgresql.ssl.jdbc4.LibPQFactory&sslmode=verify-full&sslrootcert=/etc/puppetlabs/puppet/ssl/rds-ca-2015-root.pem' | |
| Info: Puppet_enterprise::Puppetdb::Shared_database_settings[read-database]: Scheduling refresh of Service[pe-puppetdb] | |
| Notice: /Stage[main]/Puppet_enterprise::Puppetdb::Service/Puppet_enterprise::Trapperkeeper::Pe_service[puppetdb]/Service[pe-puppetdb]: Triggered 'refresh' from 2 events | |
| Notice: Applied catalog in 11.99 seconds |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| puppet_enterprise::profile::puppetdb::database_properties: ?ssl=true&sslfactory=org.postgresql.ssl.jdbc4.LibPQFactory&sslmode=verify-full&sslrootcert=/etc/puppetlabs/puppet/ssl/rds-ca-2015-root.pem | |
| puppet_enterprise::database_ssl: true | |
| puppet_enterprise::database_cert_auth: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| *Connect to DB via command line | |
| psql -h pdb04.cwgutxb2rxqb.us-west-2.rds.amazonaws.com -d pdb04 -U pdbuser | |
| * Download RDS Cert | |
| cd /etc/puppetlabs/puppet/ssl/ | |
| wget https://s3.amazonaws.com/rds-downloads/rds-ca-2015-root.pem | |
| chown -R pe-puppet:pe-puppet rds-ca-2015-root.pem | |
| -rw-r--r--. 1 pe-puppet pe-puppet 1432 Mar 6 2015 rds-ca-2015-root.pem | |
| Stop Puppet | |
| /opt/puppetlabs/puppet/bin/puppet resource service puppet ensure=stopped | |
| * CERT Location | |
| /etc/puppetlabs/puppet/ssl/external/rds-ca-2015-root.pem | |
| database_properties = ?ssl=true&sslfactory=org.postgresql.ssl.jdbc4.LibPQFactory&sslmode=verify-full&sslrootcert=/etc/puppetlabs/puppet/ssl/rds-ca-2015-root.pem | |
| * Add string to files | |
| /etc/puppetlabs/console-services/conf.d/activity-database.conf | |
| subname: "//pdb04.cwgutxb2rxqb.us-west-2.rds.amazonaws.com:5432/pe-activity?ssl=true&sslfactory=org.postgresql.ssl.jdbc4.LibPQFactory&sslmode=verify-full&sslrootcert=/etc/puppetlabs/puppet/ssl/rds-ca-2015-root.pem" | |
| /etc/puppetlabs/console-services/conf.d/classifier-database.conf | |
| subname: "//pdb04.cwgutxb2rxqb.us-west-2.rds.amazonaws.com:5432/pe-activity?ssl=true&sslfactory=org.postgresql.ssl.jdbc4.LibPQFactory&sslmode=verify-full&sslrootcert=/etc/puppetlabs/puppet/ssl/rds-ca-2015-root.pem" | |
| /etc/puppetlabs/console-services/conf.d/rbac-database.conf | |
| subname: "//pdb04.cwgutxb2rxqb.us-west-2.rds.amazonaws.com:5432/pe-activity?ssl=true&sslfactory=org.postgresql.ssl.jdbc4.LibPQFactory&sslmode=verify-full&sslrootcert=/etc/puppetlabs/puppet/ssl/rds-ca-2015-root.pem" | |
| * DB instance | |
| pdb04.cwgutxb2rxqb.us-west-2.rds.amazonaws.com | |
| Puppetlabs | |
| * Set hiera data in common.yaml (see common.yaml file in this gist.) | |
| puppet_enterprise::database_properties: ?ssl=true&sslfactory=org.postgresql.ssl.jdbc4.LibPQFactory&sslmode=verify-full&sslrootcert=/etc/puppetlabs/puppet/ssl/rds-ca-2015-root.pem | |
| puppet_enterprise::database_ssl: true | |
| puppet_enterprise::database_cert_auth: true | |
| ## NOTES | |
| * Disconnect sessions to DB. | |
| select pg_terminate_backend(pid) from pg_stat_activity where datname='<databasename>' | |
| * /opt/puppetlabs/server/bin/validate_postgresql_connection.sh | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SOLUTION | |
| Create file /etc/puppetlabs/code/environment/production/hieradata/common.yaml | |
| Use these values (note, make sure the --- is the first line.) | |
| --- | |
| puppet_enterprise::profile::puppetdb::database_properties: ?ssl=true&sslfactory=org.postgresql.ssl.jdbc4.LibPQFactory&sslmode=verify-full&sslrootcert=/etc/puppetlabs/puppet/ssl/rds-ca-2015-root.pem | |
| puppet_enterprise::database_ssl: true | |
| puppet_enterprise::database_cert_auth: true | |
| Raw version of the common.yaml file | |
| https://gist.githubusercontent.com/tspeigner/5d83f630a107e5bb50d4e2be0127abe5/raw/02b557b61d435a824bb1fd8a5db049e1f5a7a777/common.yaml |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment