Puppet users - Nov 2007 - New Client Problems

I am having SSL difficulties setting up a new puppet client:

Client: fedora (rawhide) using 0.23.2
Server: centos 4.4 using 0.22.3

After initiating contact with puppetd --test
--server=puppet.myclient.com, I see the CSR on the server.  After
signing it, and running puppet again, I get the signed certificate,
but also see:

err: Could not retrieve configuration: Certificates were not trusted:
hostname was not match with the server certificate

Any subsequent runnings of puppetd --test give the same error.

puppet.myclient.com is a CNAME.  When I pass the A record on the
command line, I get a little further, but still see similar errors:

err:
//workstation/puppet-config/remotefile[/etc/sysconfig/puppet]/File[/etc/sysconfig/puppet]/source:
Could not describe /files/puppet-config/puppet.sysconfig: Certificates
were not trusted: hostname was not match with the server certificate
info:
//workstation/puppet-config/remotefile[/etc/sysconfig/puppet]/File[/etc/sysconfig/puppet]/source:
No specified sources exist

I have done the following:

* Verified pems using openssl
* Deleted all ssl certs and csrs on client and server and retried
* Confirmed clocks in sync
* Tried adding certname = puppet.myclient.com in puppetmasterd.conf
and restarting
* Built new rpm of 0.22.3 for fc8 and tried that
* Combed the puppet and facter source for this exception to work out
what is causing it - I only found the raise, not the detail

I have yet to build 0.22.3 using older ruby and facter.

What else can I try?  What have I missed?

Thanks,

S.

Not sure if your issue is the same as mine but it seems at some point
between puppet versions the default location for the certs moved and on
the next connect after signing I would get the same message you quoted
below. I now specify specify the location on the first run of puppet:

/usr/sbin/puppetd --server puppet --waitforcert 60 --ssldir
/etc/puppet/ssl --test

Come to think of it, the problem may have surfaced when I switched from
DAG rpms to Lutter. 

HTH,

Tim
 

-----Original Message-----
From: puppet-users-bounces@madstop.com
[mailto:puppet-users-bounces@madstop.com] On Behalf Of Stephen
Nelson-Smith
Sent: Thursday, November 01, 2007 8:00 PM
To: puppet-users@madstop.com
Subject: [Puppet-users] New Client Problems

I am having SSL difficulties setting up a new puppet client:

Client: fedora (rawhide) using 0.23.2
Server: centos 4.4 using 0.22.3

After initiating contact with puppetd --test
--server=puppet.myclient.com, I see the CSR on the server.  After
signing it, and running puppet again, I get the signed certificate,
but also see:

err: Could not retrieve configuration: Certificates were not trusted:
hostname was not match with the server certificate

Any subsequent runnings of puppetd --test give the same error.

puppet.myclient.com is a CNAME.  When I pass the A record on the
command line, I get a little further, but still see similar errors:

err:
//workstation/puppet-config/remotefile[/etc/sysconfig/puppet]/File[/etc/
sysconfig/puppet]/source:
Could not describe /files/puppet-config/puppet.sysconfig: Certificates
were not trusted: hostname was not match with the server certificate
info:
//workstation/puppet-config/remotefile[/etc/sysconfig/puppet]/File[/etc/
sysconfig/puppet]/source:
No specified sources exist

I have done the following:

* Verified pems using openssl
* Deleted all ssl certs and csrs on client and server and retried
* Confirmed clocks in sync
* Tried adding certname = puppet.myclient.com in puppetmasterd.conf
and restarting
* Built new rpm of 0.22.3 for fc8 and tried that
* Combed the puppet and facter source for this exception to work out
what is causing it - I only found the raise, not the detail

I have yet to build 0.22.3 using older ruby and facter.

What else can I try?  What have I missed?

Thanks,

S.
_______________________________________________
Puppet-users mailing list
Puppet-users@madstop.com
https://mail.madstop.com/mailman/listinfo/puppet-users