Hi all, I''ve recently set all of our servers up with puppet, which for the majority has been working perfectly. Last week I had to disable puppet on all machines as I stupidly overloaded webrick so much and no requests were ever getting processed. My puppetmaster was previously setup for testing only, I never intended to deploy it fully. I was however impressed so decided to go ahead and push it out to all machines, this was however was at the time running on a spare 600MHz machine "machine1". "machine1" had the CNAME "puppet" pointing to it so I didn''t have to configure each puppet node with the relevant hostname. At the end of last week I moved puppet over to a new more powerful machine "machine2", I altered the "puppet" CNAME to point to this machine and all worked fine, puppetd --test continued to work correctly. So after that was confirmed to be working I proceeded to attempt to configure mongrel by following the wiki page (http://reductivelabs.com/trac/puppet/wiki/UsingMongrel). The wiki page instructs to run a separate instance of Apache just for puppet, this wasn''t really convenient for my situation so I made my existing Apache installation listen on the relevant port and added a virtual host with the settings (http://pastie.org/595197). You can see my settings in the above pastie, Apache starts fine and appears to function fine. However when I run puppetd --test on any node I receive the following error: warning: Certificate validation failed; consider using the certname configuration option err: Could not retrieve catalog: Certificates were not trusted: hostname was not match with the server certificate warning: Not using cache on failed catalog I''ve been tearing my hair out over this for a fair while, most likely due to a slight typo in the config or something. Any assistance would be very greatly appreciated. Many thanks --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
> You can see my settings in the above pastie, Apache starts fine and > appears to function fine. However when I run puppetd --test on any node > I receive the following error: > > warning: Certificate validation failed; consider using the certname > configuration option > err: Could not retrieve catalog: Certificates were not trusted: hostname > was not match with the server certificate > warning: Not using cache on failed catalogTriple check your name resolution. I ran into the same error message while using two puppet servers (one for test, one for production), with the CNAME pointing to the wrong host. Even if you specify the correct server in puppet.conf with the servername option, if you have a CNAME pointing to the wrong host, you''ll get that error. You could also try to cleanup any old certificates using "puppetca --clean machine1.example.com" and "puppetca --clean machine2.example.com". Then run "puppetca --generate machine2.example.com". Restart apache and try the puppet client again. Hope this helps, --Justin --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
On Mon, Aug 31, 2009 at 4:46 PM, Justin Kinney<jakinne@gmail.com> wrote:> >> You can see my settings in the above pastie, Apache starts fine and >> appears to function fine. However when I run puppetd --test on any node >> I receive the following error: >> >> warning: Certificate validation failed; consider using the certname >> configuration option >> err: Could not retrieve catalog: Certificates were not trusted: hostname >> was not match with the server certificate >> warning: Not using cache on failed catalog > > Triple check your name resolution. I ran into the same error message > while using two puppet servers (one for test, one for production), > with the CNAME pointing to the wrong host. Even if you specify the > correct server in puppet.conf with the servername option, if you have > a CNAME pointing to the wrong host, you''ll get that error. > > You could also try to cleanup any old certificates using "puppetca > --clean machine1.example.com" and "puppetca --clean > machine2.example.com". Then run "puppetca --generate > machine2.example.com". Restart apache and try the puppet client > again. > > Hope this helps, > --Justin_______ Today I resolved the exact same error on my first test setup. The problem was that the client''s date/time was in the future in relation to the server''s date/time. The problem went away once I configured the correct date on the client. ~af --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---