hi,all
I set the mongrel + pound follow this
http://www.reductivelabs.com/trac/puppet/wiki/UsingMongrelPound
all OS is debian etch. puppetmasterd and puppetd version is 0.23.2.
pound version is 2.3.2.
the pound and the puppet had done the patch. the host run
puppetmasterd ''s hostname is
m8.example.com, and the cert name is m8.example.com. in the pipppet
client''s puppet.conf ,the server set to m8.example.com..
but get error like this.
==========================m3:~# puppetd --test
warning: peer certificate won''t be verified in this SSL session
/usr/local/lib/site_ruby/1.8/puppet/network/client/ca.rb:31:in
`request_cert'': Certificate retrieval failed: Certificates were not
trusted: sslv3 alert handshake failure (Puppet::Error)
from /usr/bin/puppetd:346
=============================I set the pound''s loglevel to 5,but still
get some debug message. and
from the masterhttp.log, I can''t find usefull infomation.
so,what''s the error ? please help me .
huang mingyou
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
by the way, the client''s is a new client for puppetmasterd. so, when I sign this client''s cert. all is OK. may be this is a bug ? On Apr 30, 3:11 pm, huangmingyou <ther...@gmail.com> wrote:> hi,all > I set the mongrel + pound follow thishttp://www.reductivelabs.com/trac/puppet/wiki/UsingMongrelPound > > all OS is debian etch. puppetmasterd and puppetd version is 0.23.2. > pound version is 2.3.2. > the pound and the puppet had done the patch. the host run > puppetmasterd ''s hostname is > m8.example.com, and the cert name is m8.example.com. in the pipppet > client''s puppet.conf ,the server set to m8.example.com.. > > but get error like this. > > ==========================> m3:~# puppetd --test > warning: peer certificate won''t be verified in this SSL session > /usr/local/lib/site_ruby/1.8/puppet/network/client/ca.rb:31:in > `request_cert'': Certificate retrieval failed: Certificates were not > trusted: sslv3 alert handshake failure (Puppet::Error) > from /usr/bin/puppetd:346 > =============================> I set the pound''s loglevel to 5,but still get some debug message. and > from the masterhttp.log, I can''t find usefull infomation. > > so,what''s the error ? please help me . > > huang mingyou--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Hi> by the way, the client''s is a new client for puppetmasterd. so, when I > sign this client''s cert. all is OK. > may be this is a bug ?as far as I understood your problem this is the expected behaviour in this kind of setup. As pound is now managing the the ssl connections, it has no idea about creating certs and adding them to the "to-be-signed"-list. As far as I have experience with this kind of setup (/me using nginx for fronted) you have to choose another way of distributing and signing certs with this solution. One idea I had was to have an additional webrick-based puppetmaster on a special port (for example 8141) which is just used to bootstrap new clients and sign the certs. However I didn''t yet this tryout nor am I sure if this mixed-setup would work. As long as one use for alle the same directories I think this should work and be no problem. please correct me if I''m wrong. greets Pete --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---