From 72207e0b37bd7208625a563041642bdd894b55f0 Mon Sep 17 00:00:00 2001
From: Ben Vincent <ben@unkin.net>
Date: Fri, 12 Sep 2025 23:24:22 +1000
Subject: [PATCH] feat: update docs for puppet

- k8s / metallb / cilium created chaos
- broke puppet agent and servers
- adding issue/resolution here
---
 doc/puppet/README.md | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/doc/puppet/README.md b/doc/puppet/README.md
index 499c744..0615c27 100644
--- a/doc/puppet/README.md
+++ b/doc/puppet/README.md
@@ -29,3 +29,21 @@ these steps are required when adding additional puppet masters, as the subject a
 
     sudo systemctl start puppetserver
     sudo cp /root/current_crl.pem /etc/puppetlabs/puppet/ssl/crl.pem
+
+
+## troubleshooting
+
+### Issue 1:
+
+    [sysadmin@ausyd1nxvm2056 ~]$ sudo puppet agent -t
+    Error: The CRL issued by 'CN=Puppet CA: prodinf01n01.main.unkin.net' is missing
+
+Find another puppetserver that IS working, copy the `/etc/puppetlabs/puppet/ssl/crl.pem` to this host, run puppet again.
+
+
+### Issue 2:
+
+    [sysadmin@ausyd1nxvm2097 ~]$ sudo puppet agent -t
+    Error: Failed to parse CA certificates as PEM
+
+The puppet-agents CA cert `/etc/puppetlabs/puppet/ssl/certs/ca.pem` is empty or missing. Grab it from any other host. Run puppet again.
-- 
2.47.3