A quick overview of our setup: We have an EBS-backed puppet master instance with an Elastic IP, and a number of puppet agent AMI images in various regions. When these AMIs were created, they were authenticated with the puppet master using the following command: # puppet agent --certname=$(cat /etc/puppet/certname) --server puppet.ourdomain.net --waitforcert 30 --test ...and accepted on the puppet master with: # puppet cert --certname=$(cat /etc/puppet/certname) --sign {instance- name} Spinning up new instances of the AMIs worked without issue. Now, the problem: Recently we had to reboot our puppet master instance. As expected, the Elastic IP stayed the same. As far as we can tell, the *hostname* stayed the same also. Since it was just a reboot, this can happen. However, despite setting the --certname on both the master and agent and the IP and hostname not changing, our agents are now complaining that the "hostname not match with the server certificate". We''re at a loss on how to fix this. We''d rather fix this on the server rather than have to re-image the AMIs, as it was a time-consuming operation and we can''t put aside time to re-image the AMIs every time the master reboots. Any suggestions on how to track down where the problem is or how to fix it? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Phillip B Oldham
2011-Mar-08 13:27 UTC
[Puppet Users] Re: EC2 master restart, broken agents
Ignore everything I wrote -- my configuration file which started up the puppet master sets the --certname, however it was corrupt after a config tweak. Fixing that fixed the communication. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Reasonably Related Threads
- "hostname not match with the server certificate" error
- Certificate validation failing
- Asterisk on the Cloud With a Click - pre-built Asterisk Amazon EC2 instance
- Puppet Agent Configure Error in EC2
- How to know the generated certname used by a puppet client, for reuse within erb (because of cloud provisioner) ?