ELTigre
2009-Aug-26 15:35 UTC
[Puppet Users] clients connect but file server get a cert error
I''m running puppetmasterd (0.24.8) with apache2 and mongrel on a
debian host. Apache2, mongrel instances and puppetmaster runs in the
same server. For example, a puppet client sign in puppetmaster and
catch his catalog, it creaste files, folders, change permissions,
start/stop services BUT can noy use files on the fileserver. See a
part of puppetmaster syslog file:
Aug 26 11:20:15 vps200 puppetmasterd[29596]: Allowing authenticated
client vps198.domain(127.0.0.1) access to
puppetmaster.getconfig
Aug 26 11:20:15 vps200 puppetmasterd[29596]: Our client is remote
Aug 26 11:20:15 vps200 puppetmasterd[29596]: Expiring the node cache
of vps198.domain
Aug 26 11:20:15 vps200 puppetmasterd[29596]: Not using expired node
for vps198.domain from cache; expired at Wed Aug 26 11:19:15 -0400
2009
Aug 26 11:20:15 vps200 puppetmasterd[29596]: Caching node for
vps198.domain
Aug 26 11:20:15 vps200 puppetmasterd[29596]: importing ''/etc/puppet/
manifests/defaults.pp''
Aug 26 11:20:15 vps200 puppetmasterd[29596]: importing ''/etc/puppet/
manifests/modules.pp''
Aug 26 11:20:15 vps200 puppetmasterd[29596]: importing ''/etc/puppet/
modules/apt/manifests/init.pp''
Aug 26 11:20:15 vps200 puppetmasterd[29596]: importing ''/etc/puppet/
modules/collectd/manifests/init.pp''
Aug 26 11:20:15 vps200 puppetmasterd[29596]: Adding code to main on
line 2 in file /etc/puppet/manifests/modules.pp
Aug 26 11:20:15 vps200 puppetmasterd[29596]: importing ''/etc/puppet/
manifests/nodes.pp''
Aug 26 11:20:15 vps200 puppetmasterd[29596]: Adding code to main on
line 16 in file /etc/puppet/manifests/site.pp
Aug 26 11:20:15 vps200 puppetmasterd[29596]: (File[/tmp/
file_de_prueba]) Adding default for backup
Aug 26 11:20:15 vps200 puppetmasterd[29596]: (File[/tmp/
file_de_prueba]) Adding default for ignore
Aug 26 11:20:15 vps200 puppetmasterd[29596]: (File[/etc/apt/
sources.list]) Adding default for backup
Aug 26 11:20:15 vps200 puppetmasterd[29596]: (File[/etc/apt/
sources.list]) Adding default for ignore
Aug 26 11:20:15 vps200 puppetmasterd[29596]: Compiled catalog for
vps198.domain in 0.05 seconds
Aug 26 11:20:16 vps200 puppetmasterd[29621]: Allowing authenticated
client vps198.domain(127.0.0.1)access to fileserver.describe
Aug 26 11:20:16 vps200 puppetmasterd[29621]: Using cached node for
vps198.domain
Aug 26 11:20:16 vps200 puppetmasterd[29621]: (mount[apt]) Describing /
apt/sources.list for vps198.domain
Aug 26 11:20:16 vps200 puppetmasterd[29646]: Allowing authenticated
client vps198.domain(127.0.0.1)access to fileserver.retrieve
Aug 26 11:20:16 vps200 puppetmasterd[29646]: Using cached node for
vps198.domain
Aug 26 11:20:16 vps200 puppetmasterd[29646]: (mount[apt]) Sending /apt/
sources.list to vps198.domain
Aug 26 11:20:16 vps200 puppetmasterd[29671]: Allowing authenticated
client vps198.domain(127.0.0.1)access to puppetreports.report
Aug 26 11:20:16 vps200 puppetmasterd[29671]: Processing reports store,
log, tagmail, rrdgraph for vps198.domain
Aug 26 11:20:16 vps200 puppetmasterd[29671]: Certificate validation
failed; consider using the certname configuration option
Aug 26 11:20:16 vps200 puppetmasterd[29671]: (//Node[vps198.domain]/
apt/File[/etc/apt/sources.list] /source) change from {md5}
bfbd1ab9e28ec69d38e7cab4219283ab to puppet:///apt/sources.list failed:
Certificates were not trusted: hostname was not match with the server
certificate
I''m also using a certname, here my puppetmaster config file:
vps200:/etc# cat /etc/puppet/puppet.conf
[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
syslogfacility=user
modulepath=/etc/puppet/modules
[puppetmasterd]
templatedir=/var/lib/puppet/templates
reportdir=/var/log/puppet/reports
reports=store,log,tagmail,rrdgraph
tagmap=$confdir/tagmail.conf
rrddir=$vardir/rrd
rrdgraph=true
rrdinterval=$runinterval
certname=vps200
[puppetd]
server=vps200.domain
runinterval=1800
Does fileserver use another SSL certificate? or I''m making some
mistake.
regards,
Israel.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
Allan Marcus
2009-Aug-27 14:34 UTC
[Puppet Users] Re: clients connect but file server get a cert error
not sure, but try putting the FQDN for the certname, not just vps200 --- Thanks, Allan Marcus 505-667-5666 On Aug 26, 2009, at 9:35 AM, ELTigre wrote:> > I''m running puppetmasterd (0.24.8) with apache2 and mongrel on a > debian host. Apache2, mongrel instances and puppetmaster runs in the > same server. For example, a puppet client sign in puppetmaster and > catch his catalog, it creaste files, folders, change permissions, > start/stop services BUT can noy use files on the fileserver. See a > part of puppetmaster syslog file: > > Aug 26 11:20:15 vps200 puppetmasterd[29596]: Allowing authenticated > client vps198.domain(127.0.0.1) access to > puppetmaster.getconfig > Aug 26 11:20:15 vps200 puppetmasterd[29596]: Our client is remote > Aug 26 11:20:15 vps200 puppetmasterd[29596]: Expiring the node cache > of vps198.domain > Aug 26 11:20:15 vps200 puppetmasterd[29596]: Not using expired node > for vps198.domain from cache; expired at Wed Aug 26 11:19:15 -0400 > 2009 > Aug 26 11:20:15 vps200 puppetmasterd[29596]: Caching node for > vps198.domain > Aug 26 11:20:15 vps200 puppetmasterd[29596]: importing ''/etc/puppet/ > manifests/defaults.pp'' > Aug 26 11:20:15 vps200 puppetmasterd[29596]: importing ''/etc/puppet/ > manifests/modules.pp'' > Aug 26 11:20:15 vps200 puppetmasterd[29596]: importing ''/etc/puppet/ > modules/apt/manifests/init.pp'' > Aug 26 11:20:15 vps200 puppetmasterd[29596]: importing ''/etc/puppet/ > modules/collectd/manifests/init.pp'' > Aug 26 11:20:15 vps200 puppetmasterd[29596]: Adding code to main on > line 2 in file /etc/puppet/manifests/modules.pp > Aug 26 11:20:15 vps200 puppetmasterd[29596]: importing ''/etc/puppet/ > manifests/nodes.pp'' > Aug 26 11:20:15 vps200 puppetmasterd[29596]: Adding code to main on > line 16 in file /etc/puppet/manifests/site.pp > Aug 26 11:20:15 vps200 puppetmasterd[29596]: (File[/tmp/ > file_de_prueba]) Adding default for backup > Aug 26 11:20:15 vps200 puppetmasterd[29596]: (File[/tmp/ > file_de_prueba]) Adding default for ignore > Aug 26 11:20:15 vps200 puppetmasterd[29596]: (File[/etc/apt/ > sources.list]) Adding default for backup > Aug 26 11:20:15 vps200 puppetmasterd[29596]: (File[/etc/apt/ > sources.list]) Adding default for ignore > Aug 26 11:20:15 vps200 puppetmasterd[29596]: Compiled catalog for > vps198.domain in 0.05 seconds > Aug 26 11:20:16 vps200 puppetmasterd[29621]: Allowing authenticated > client vps198.domain(127.0.0.1)access to fileserver.describe > Aug 26 11:20:16 vps200 puppetmasterd[29621]: Using cached node for > vps198.domain > Aug 26 11:20:16 vps200 puppetmasterd[29621]: (mount[apt]) Describing / > apt/sources.list for vps198.domain > Aug 26 11:20:16 vps200 puppetmasterd[29646]: Allowing authenticated > client vps198.domain(127.0.0.1)access to fileserver.retrieve > Aug 26 11:20:16 vps200 puppetmasterd[29646]: Using cached node for > vps198.domain > Aug 26 11:20:16 vps200 puppetmasterd[29646]: (mount[apt]) Sending / > apt/ > sources.list to vps198.domain > Aug 26 11:20:16 vps200 puppetmasterd[29671]: Allowing authenticated > client vps198.domain(127.0.0.1)access to puppetreports.report > Aug 26 11:20:16 vps200 puppetmasterd[29671]: Processing reports store, > log, tagmail, rrdgraph for vps198.domain > Aug 26 11:20:16 vps200 puppetmasterd[29671]: Certificate validation > failed; consider using the certname configuration option > Aug 26 11:20:16 vps200 puppetmasterd[29671]: (//Node[vps198.domain]/ > apt/File[/etc/apt/sources.list] /source) change from {md5} > bfbd1ab9e28ec69d38e7cab4219283ab to puppet:///apt/sources.list failed: > Certificates were not trusted: hostname was not match with the server > certificate > > I''m also using a certname, here my puppetmaster config file: > vps200:/etc# cat /etc/puppet/puppet.conf > [main] > logdir=/var/log/puppet > vardir=/var/lib/puppet > ssldir=/var/lib/puppet/ssl > rundir=/var/run/puppet > factpath=$vardir/lib/facter > syslogfacility=user > modulepath=/etc/puppet/modules > > > [puppetmasterd] > templatedir=/var/lib/puppet/templates > reportdir=/var/log/puppet/reports > reports=store,log,tagmail,rrdgraph > tagmap=$confdir/tagmail.conf > rrddir=$vardir/rrd > rrdgraph=true > rrdinterval=$runinterval > certname=vps200 > > > [puppetd] > server=vps200.domain > runinterval=1800 > > Does fileserver use another SSL certificate? or I''m making some > mistake. > > regards, > Israel. > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---