On Feb 16, 2007, at 3:58 PM, Kenton Brede wrote:> root@server:~# puppetrun --host client_host.example.com
> Failed to load ruby LDAP library. LDAP functionality will not be
> available
> Triggering client_host.example.com
> Host client_host.example.com failed: Certificates were not trusted:
> tlsv1 alert unknown ca client_host.example.com finished with exit code
> 2
> Failed: client_host.example.com
I''ve only seen this error when someone doesn''t have read
access to
the CA certificate file. Try doing an strace or truss or whatever of
puppetrun to see if you''re getting permission denied, or just verify
that you''ve got open modes on the ca cert and its containing
directories. It shouldn''t matter, since you''re running as
root (as
you mentioned on irc), but that''s the only time I''ve seen that
error.
> The client is running "puppetd --listen" and listening on port
8139.
> No firewall in between the two machines.
>
> I''ve created an /etc/puppet/namespaceauth.conf file on the client
> side. Containing:
>
> [puppetrun]
> allow server.example.com
It''s clearly an SSL problem, which means that the listening and such
is all set up correctly.
This isn''t actually a Puppet thing, even, this is an error straight
out of SSL.
--
SELF-EVIDENT, adj. Evident to one''s self and to nobody else.
-- Ambrose Bierce
---------------------------------------------------------------------
Luke Kanies | http://reductivelabs.com | http://madstop.com