YASP... Yet Another SSL Problem, this time on puppetrun. $ sudo puppetrun -p 10 --host anotherhost -t aze Failed to load ruby LDAP library. LDAP functionality will not be available Triggering anotherhost Host anotherhost failed: Certificates were not trusted: tlsv1 alert unknown ca anotherhost finished with exit code 2 Failed: anotherhost Running with "strace -f" shows that /var/lib/puppet/ssl/certs/myhost.pem and /var/lib/puppet/ssl/private_keys/myhost.pem are loaded, as well as /var/lib/puppet/ssl/certs/ca.pem, where myhost is the host where I run puppetrun. What''s wrong? Is it possible to disable SSL altogether? :-) Thanks in advance, -- Jean-Baptiste Quenot http://caraldi.com/jbq/blog/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Hi> $ sudo puppetrun -p 10 --host anotherhost -t aze > Failed to load ruby LDAP library. LDAP functionality will not be available > Triggering anotherhost > Host anotherhost failed: Certificates were not trusted: tlsv1 alert unknown ca > anotherhost finished with exit code 2 > Failed: anotherhostthis indicates that something with your ca is broken. how did you setup your puppetmasters ca?> Running with "strace -f" shows that > /var/lib/puppet/ssl/certs/myhost.pem and > /var/lib/puppet/ssl/private_keys/myhost.pem are loaded, as well as > /var/lib/puppet/ssl/certs/ca.pem, where myhost is the host where I run > puppetrun.the problems aren''t the files the problems is the ca itself and therefor the content of the files.> What''s wrong? Is it possible to disable SSL altogether? :-)no puppet can''t be run without ssl support. which is absolutly correct as you are transmitting too confidential data over the wire. as well it''s the easiest thing to implement a kind of authentication and authorisation. greets pete --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
2008/4/11, Peter Meier <peter.meier@immerda.ch>:> > $ sudo puppetrun -p 10 --host anotherhost -t aze > > Failed to load ruby LDAP library. LDAP functionality will not be available > > Triggering anotherhost > > Host anotherhost failed: Certificates were not trusted: tlsv1 alert unknown ca > > anotherhost finished with exit code 2 > > Failed: anotherhost > > > this indicates that something with your ca is broken. how did you setup > your puppetmasters ca?I usually issue a "dpkg --purge puppetmaster" and run puppetmaster on host myhost. All hosts are contacting this puppetmaster, including anotherhost.> > Running with "strace -f" shows that > > /var/lib/puppet/ssl/certs/myhost.pem and > > /var/lib/puppet/ssl/private_keys/myhost.pem are loaded, as well as > > /var/lib/puppet/ssl/certs/ca.pem, where myhost is the host where I run > > puppetrun. > > > the problems aren''t the files the problems is the ca itself and therefore > the content of the files.The contents look normal to me. All other Puppet programs work OK. My puppet infrastructure is working fine. Actually, I may have overlooked something about puppetrun. I tried to run puppetrun on anotherhost, passing --host myhost, and it works. Can I only run puppetrun with specifying a --host that has puppetmaster? Cheers, -- Jean-Baptiste Quenot http://caraldi.com/jbq/blog/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---