From 938a6ac9901722e7af211e5b6b10c183eace53b9 Mon Sep 17 00:00:00 2001
From: Ben Vincent <ben@unkin.net>
Date: Sat, 13 Sep 2025 12:57:44 +1000
Subject: [PATCH] feat: update docs for puppet (#390)

- k8s / metallb / cilium created chaos
- broke puppet agent and servers
- adding issue/resolution here

Reviewed-on: https://git.unkin.net/unkin/puppet-prod/pulls/390
---
 doc/puppet/README.md | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/doc/puppet/README.md b/doc/puppet/README.md
index 499c744..0615c27 100644
--- a/doc/puppet/README.md
+++ b/doc/puppet/README.md
@@ -29,3 +29,21 @@ these steps are required when adding additional puppet masters, as the subject a
 
     sudo systemctl start puppetserver
     sudo cp /root/current_crl.pem /etc/puppetlabs/puppet/ssl/crl.pem
+
+
+## troubleshooting
+
+### Issue 1:
+
+    [sysadmin@ausyd1nxvm2056 ~]$ sudo puppet agent -t
+    Error: The CRL issued by 'CN=Puppet CA: prodinf01n01.main.unkin.net' is missing
+
+Find another puppetserver that IS working, copy the `/etc/puppetlabs/puppet/ssl/crl.pem` to this host, run puppet again.
+
+
+### Issue 2:
+
+    [sysadmin@ausyd1nxvm2097 ~]$ sudo puppet agent -t
+    Error: Failed to parse CA certificates as PEM
+
+The puppet-agents CA cert `/etc/puppetlabs/puppet/ssl/certs/ca.pem` is empty or missing. Grab it from any other host. Run puppet again.