Puppet users - Feb 2007 - Hostname problem

Hi,
I''m trying to get puppetmasterd and puppetd to communicate properly
with
each other but there seems to be a problem with how puppet determines the 
hostname of the machine. Both daemons run on the same machine with the 
hostname "nexus" but when I start puppetmasterd with
"puppetmasterd -v -d"
I get the following output:

...
info: Creating a new SSL key at /var/lib/puppet/ssl/private_keys/nexus..pem
info: Creating a new certificate request for nexus.
info: Requesting certificate
info: Autosign is enabled but /etc/puppet/autosign.conf is missing
info: Signing certificate for CA server
info: Signing certificate for nexus.
...

Notice the extra period in the hostname "nexus.". When I now try to
connect
with puppetd using "puppetd --server 127.0.0.1 -t -d" I get the
following
output on client and server:

CLIENT: err: Could not retrieve configuration: Could not find nexus. with 
names nexus., nexus.
SERVER: err: Could not find nexus. with names nexus., nexus.

Checking the masterhttp.log reveals that the issuer for the certificate 
seems to be correct ("Issuer: CN=nexus") but the subject
isn''t "Subject:
CN=nexus.". Again the additional period.

When I start puppetmasterd with "puppetmasterd -d -t --node_name fact"
the
client can connect and retrieve the configuration from the server so the 
hostname in the certificate really seems to be the problem here.

Am I doing something wrong or is this a bug in puppet? I''m trying all
of
this on Fedora Core rawhide system using the version 0.22.1 packages from 
the Extras repository.

Regards,
   Dennis

On Sun, Feb 25, 2007 at 05:12:25AM +0100, Dennis Jacobfeuerborn
wrote:
> info: Creating a new SSL key at /var/lib/puppet/ssl/private_keys/nexus..pem
You don''t have a Domain name for your host.  Puppet doesn''t
like that.  Give
it a hostname (even if it''s just ''localdomain'' or
something).
> When I start puppetmasterd with "puppetmasterd -d -t --node_name
fact" the
> client can connect and retrieve the configuration from the server so the 
> hostname in the certificate really seems to be the problem here.
My rule of thumb for cert problems is to blow it all away and start again.

- Matt

Matthew Palmer wrote:
> On Sun, Feb 25, 2007 at 05:12:25AM +0100, Dennis Jacobfeuerborn wrote:
>> info: Creating a new SSL key at
/var/lib/puppet/ssl/private_keys/nexus..pem
> 
> You don''t have a Domain name for your host.  Puppet
doesn''t like that.  Give
> it a hostname (even if it''s just ''localdomain''
or something).
This should be considered as a serious bug. Many installations only ask for 
a machine name and "nexus" is a perfectly legal hostname. Even if
there was
a fundamental reason for Puppet not to be able to deal with this (and I 
can''t think of one) it should give an error telling the user that it 
encountered a setup it cannot deal with. "nexus." is bogus because
it''s a
hostname completely made up in Puppets mind.
>> When I start puppetmasterd with "puppetmasterd -d -t --node_name
fact" the
>> client can connect and retrieve the configuration from the server so
the
>> hostname in the certificate really seems to be the problem here.
> 
> My rule of thumb for cert problems is to blow it all away and start again.
That''s what I''m doing of course but as long as Puppet comes up
with the
completely incorrect hostname "nexus." it always sets up the new 
certificate wrong. By the way this machine also has other aliases such as 
"localhost" and "localhost.localdomain" so I think Puppet
should do one of
three things:
a) Try the first hostname it can get and fail if this name isn''t
usable.
b) If the first hostname isn''t usable it could try to find alternatives
that are.
c) It should be able to deal with all valid hostnames.

I think c) is clearly the preferable option here beeing the one used by 
every other application out there.

Regards,
   Dennis

Ok, I took a look at the source and patched three files which seem to solve 
  the problem for now. The patches are trivial and merely check if a domain 
part actually exists before trying to append it to the host part. Since
I''m
  new to ruby these patches might not exhibit the best way to do this but 
they work so there you go... :)

Regards,
   Dennis





_______________________________________________
Puppet-users mailing list
Puppet-users@madstop.com
https://mail.madstop.com/mailman/listinfo/puppet-users

On Feb 25, 2007, at 5:54 PM, Dennis Jacobfeuerborn wrote:
> Ok, I took a look at the source and patched three files which seem  
> to solve  the problem for now. The patches are trivial and merely  
> check if a domain part actually exists before trying to append it  
> to the host part. Since I''m  new to ruby these patches might not  
> exhibit the best way to do this but they work so there you go... :)
I''ll apply this patch or some facsimile thereof when I get back to  
the States.  Thanks.

  --
  Hoare''s Law of Large Problems:
     Inside every large problem is a small problem struggling to get  
out.
  ---------------------------------------------------------------------
  Luke Kanies | http://reductivelabs.com | http://madstop.com

On Feb 25, 2007, at 10:54 AM, Dennis Jacobfeuerborn wrote:
> Ok, I took a look at the source and patched three files which seem  
> to solve  the problem for now. The patches are trivial and merely  
> check if a domain part actually exists before trying to append it  
> to the host part. Since I''m  new to ruby these patches might not  
> exhibit the best way to do this but they work so there you go... :)
Thanks; committed to svn.

  --
  God loved the birds and invented trees. Man loved the birds and  
invented
  cages.  -- Jacques Deval
  ---------------------------------------------------------------------
  Luke Kanies | http://reductivelabs.com | http://madstop.com