This bug report is a result of communicating with Ken via the mailing list: <https://groups.google.com/d/topic/puppet-users/877mzTGZl1A/discussion>.
Find complete output including puppet.conf here: <http://pastebin.com/raw.php?i=TDejFAvp>.
Whenever `puppet agent -t` was ran, the following error would be returned:
Which only really means the SSL connection was cut-off early (newer versions of Puppet will give a more meaningful client error) ... looking in puppetdb.log we saw the error:
The problem was the following:
- For everything puppet, I use puppet.local as the fqdn for the puppet master.
- The actual hostname (and thus the cert) for the puppet master node is gaia.local.
- For some reason (config probably ), puppet agents don't think this is a problem.
- Then I tried your GET|openssl command, it was complaining about not being able to find certs/puppet.local.something and private_keys/puppet.local.something.
- I symlinked puppet.local (to use gaia.local, the actual certificate). This works. Probably not the nicest way, but it works!
Exported config now works.
So it seems to have been something to do with the terminus using the wrong certificate somehow.