OK, I re-worked everything, and started over with 24.4... now I get:
[jleggett@lxp6d4m3 puppet]$ puppetd --confdir /opt/etrade/p6/puppet --
server lxp6d4m3.etrade.com
/opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/http_pool.rb:
50:in `add_file'': system lib (OpenSSL::X509::StoreError)
from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/
http_pool.rb:50:in `cert_setup''
from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/
http_pool.rb:100:in `http_instance''
from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/
xmlrpc/client.rb:123:in `initialize''
from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/
client.rb:94:in `new''
from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/
client.rb:94:in `initialize''
from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/
client/master.rb:207:in `initialize''
from /opt/etrade/p6/bin/puppetd:322:in `new''
from /opt/etrade/p6/bin/puppetd:322
[jleggett@lxp6d4m3 puppet]$ ps -ef | grep puppet
jleggett 2364 1 0 16:31 ? 00:00:00 /opt/etrade/p6/bin/
ruby /opt/etrade/p6/bin/puppetmasterd --confdir=/opt/etrade/p6/puppet
jleggett 2856 1765 0 16:56 pts/1 00:00:00 grep puppet
[jleggett@lxp6d4m3 puppet]$
[jleggett@lxp6d4m3 puppet]$ puppetca --list
No certificates to sign
[jleggett@lxp6d4m3 puppet]$
Looks like some kind of cert error - what am I doing wrong?
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
Anyone? Am i being stupid? Jeff Leggett wrote:> OK, I re-worked everything, and started over with 24.4... now I get: > > [jleggett@lxp6d4m3 puppet]$ puppetd --confdir /opt/etrade/p6/puppet -- > server lxp6d4m3.etrade.com > /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/http_pool.rb: > 50:in `add_file'': system lib (OpenSSL::X509::StoreError) > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/ > http_pool.rb:50:in `cert_setup'' > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/ > http_pool.rb:100:in `http_instance'' > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/ > xmlrpc/client.rb:123:in `initialize'' > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/ > client.rb:94:in `new'' > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/ > client.rb:94:in `initialize'' > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/ > client/master.rb:207:in `initialize'' > from /opt/etrade/p6/bin/puppetd:322:in `new'' > from /opt/etrade/p6/bin/puppetd:322 > [jleggett@lxp6d4m3 puppet]$ ps -ef | grep puppet > jleggett 2364 1 0 16:31 ? 00:00:00 /opt/etrade/p6/bin/ > ruby /opt/etrade/p6/bin/puppetmasterd --confdir=/opt/etrade/p6/puppet > jleggett 2856 1765 0 16:56 pts/1 00:00:00 grep puppet > [jleggett@lxp6d4m3 puppet]$ > [jleggett@lxp6d4m3 puppet]$ puppetca --list > No certificates to sign > [jleggett@lxp6d4m3 puppet]$ > > Looks like some kind of cert error - what am I doing wrong?--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Is there any particular reason you''re not running puppetd as root? Regards, Arjuna Christensen | Systems Engineer Maximum Internet Ltd DDI: + 64 9 913 9683 | Ph: +64 9 915 1825 | Fax:: +64 9 300 7227 arjuna.christensen@maxnet.co.nz| www.maxnet.co.nz -----Original Message----- From: puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com] On Behalf Of Jeff Leggett Sent: Tuesday, 13 May 2008 4:38 p.m. To: Puppet Users Subject: [Puppet Users] Re: starting up Anyone? Am i being stupid? Jeff Leggett wrote:> OK, I re-worked everything, and started over with 24.4... now I get: > > [jleggett@lxp6d4m3 puppet]$ puppetd --confdir /opt/etrade/p6/puppet -- > server lxp6d4m3.etrade.com > /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/http_pool.rb: > 50:in `add_file'': system lib (OpenSSL::X509::StoreError) > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/ > http_pool.rb:50:in `cert_setup'' > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/ > http_pool.rb:100:in `http_instance'' > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/ > xmlrpc/client.rb:123:in `initialize'' > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/ > client.rb:94:in `new'' > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/ > client.rb:94:in `initialize'' > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/ > client/master.rb:207:in `initialize'' > from /opt/etrade/p6/bin/puppetd:322:in `new'' > from /opt/etrade/p6/bin/puppetd:322 > [jleggett@lxp6d4m3 puppet]$ ps -ef | grep puppet > jleggett 2364 1 0 16:31 ? 00:00:00 /opt/etrade/p6/bin/ > ruby /opt/etrade/p6/bin/puppetmasterd --confdir=/opt/etrade/p6/puppet > jleggett 2856 1765 0 16:56 pts/1 00:00:00 grep puppet > [jleggett@lxp6d4m3 puppet]$ > [jleggett@lxp6d4m3 puppet]$ puppetca --list > No certificates to sign > [jleggett@lxp6d4m3 puppet]$ > > Looks like some kind of cert error - what am I doing wrong?--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Also, sorry can you throw a --trace --debug on your puppetmaster, and the same on your puppet, and show me the output? Arjuna Christensen | Systems Engineer Maximum Internet Ltd DDI: + 64 9 913 9683 | Ph: +64 9 915 1825 | Fax:: +64 9 300 7227 arjuna.christensen@maxnet.co.nz| www.maxnet.co.nz -----Original Message----- From: puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com] On Behalf Of Arjuna Christensen Sent: Tuesday, 13 May 2008 4:43 p.m. To: puppet-users@googlegroups.com Subject: [Puppet Users] Re: starting up Is there any particular reason you''re not running puppetd as root? Regards, Arjuna Christensen | Systems Engineer Maximum Internet Ltd DDI: + 64 9 913 9683 | Ph: +64 9 915 1825 | Fax:: +64 9 300 7227 arjuna.christensen@maxnet.co.nz| www.maxnet.co.nz -----Original Message----- From: puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com] On Behalf Of Jeff Leggett Sent: Tuesday, 13 May 2008 4:38 p.m. To: Puppet Users Subject: [Puppet Users] Re: starting up Anyone? Am i being stupid? Jeff Leggett wrote:> OK, I re-worked everything, and started over with 24.4... now I get: > > [jleggett@lxp6d4m3 puppet]$ puppetd --confdir /opt/etrade/p6/puppet -- > server lxp6d4m3.etrade.com > /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/http_pool.rb: > 50:in `add_file'': system lib (OpenSSL::X509::StoreError) > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/ > http_pool.rb:50:in `cert_setup'' > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/ > http_pool.rb:100:in `http_instance'' > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/ > xmlrpc/client.rb:123:in `initialize'' > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/ > client.rb:94:in `new'' > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/ > client.rb:94:in `initialize'' > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/ > client/master.rb:207:in `initialize'' > from /opt/etrade/p6/bin/puppetd:322:in `new'' > from /opt/etrade/p6/bin/puppetd:322 > [jleggett@lxp6d4m3 puppet]$ ps -ef | grep puppet > jleggett 2364 1 0 16:31 ? 00:00:00 /opt/etrade/p6/bin/ > ruby /opt/etrade/p6/bin/puppetmasterd --confdir=/opt/etrade/p6/puppet > jleggett 2856 1765 0 16:56 pts/1 00:00:00 grep puppet > [jleggett@lxp6d4m3 puppet]$ > [jleggett@lxp6d4m3 puppet]$ puppetca --list > No certificates to sign > [jleggett@lxp6d4m3 puppet]$ > > Looks like some kind of cert error - what am I doing wrong?--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Looks like a permission problem on the file system or me. Run puppetd as root, or give the user you are running it as write access to ssldir Anyway, without root-permissions puppetd won''t be able to do very much. udo. On 12.05.2008, at 22:58, Jeff Leggett wrote:> > OK, I re-worked everything, and started over with 24.4... now I get: > > [jleggett@lxp6d4m3 puppet]$ puppetd --confdir /opt/etrade/p6/puppet -- > server lxp6d4m3.etrade.com > /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/http_pool.rb: > 50:in `add_file'': system lib (OpenSSL::X509::StoreError) > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/ > http_pool.rb:50:in `cert_setup'' > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/ > http_pool.rb:100:in `http_instance'' > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/ > xmlrpc/client.rb:123:in `initialize'' > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/ > client.rb:94:in `new'' > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/ > client.rb:94:in `initialize'' > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/ > client/master.rb:207:in `initialize'' > from /opt/etrade/p6/bin/puppetd:322:in `new'' > from /opt/etrade/p6/bin/puppetd:322 > [jleggett@lxp6d4m3 puppet]$ ps -ef | grep puppet > jleggett 2364 1 0 16:31 ? 00:00:00 /opt/etrade/p6/bin/ > ruby /opt/etrade/p6/bin/puppetmasterd --confdir=/opt/etrade/p6/puppet > jleggett 2856 1765 0 16:56 pts/1 00:00:00 grep puppet > [jleggett@lxp6d4m3 puppet]$ > [jleggett@lxp6d4m3 puppet]$ puppetca --list > No certificates to sign > [jleggett@lxp6d4m3 puppet]$ > > Looks like some kind of cert error - what am I doing wrong? > --~--~---------~--~----~------------~-------~--~----~ > You received this message because you are subscribed to the Google > Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com > To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en > -~----------~----~----~----~------~----~------~--~--- >-- :: udo waechter - root@zoide.net :: N 52º16''30.5" E 8º3''10.1" :: genuine input for your ears: http://auriculabovinari.de :: your eyes: http://ezag.zoide.net :: your brain: http://zoide.net
Same whether root or not:
[jleggett@lxp6d4m3 ~]$ sudo puppetd --confdir /opt/etrade/p6/puppet --
server lxp6d4m3.etrade.com
/opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/http_pool.rb:
50:in `add_file'': system lib (OpenSSL::X509::StoreError)
from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/
http_pool.rb:50:in `cert_setup''
from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/
http_pool.rb:100:in `http_instance''
from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/
xmlrpc/client.rb:123:in `initialize''
from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/
client.rb:94:in `new''
from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/
client.rb:94:in `initialize''
from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/
client/master.rb:207:in `initialize''
from /opt/etrade/p6/bin/puppetd:322:in `new''
from /opt/etrade/p6/bin/puppetd:322
[jleggett@lxp6d4m3 ~]$
On May 13, 2:15 am, udo waechter <udo.waech...@uni-osnabrueck.de>
wrote:> Looks like a permission problem on the file system or me.
> Run puppetd as root, or give the user you are running it as write
> access to ssldir
> Anyway, without root-permissions puppetd won''t be able to do very
much.
> udo.
>
> On 12.05.2008, at 22:58, Jeff Leggett wrote:
>
>
>
>
>
> > OK, I re-worked everything, and started over with 24.4... now I get:
>
> > [jleggett@lxp6d4m3 puppet]$ puppetd --confdir /opt/etrade/p6/puppet --
> > server lxp6d4m3.etrade.com
> > /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/http_pool.rb:
> > 50:in `add_file'': system lib (OpenSSL::X509::StoreError)
> > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/
> > http_pool.rb:50:in `cert_setup''
> > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/
> > http_pool.rb:100:in `http_instance''
> > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/
> > xmlrpc/client.rb:123:in `initialize''
> > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/
> > client.rb:94:in `new''
> > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/
> > client.rb:94:in `initialize''
> > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/
> > client/master.rb:207:in `initialize''
> > from /opt/etrade/p6/bin/puppetd:322:in `new''
> > from /opt/etrade/p6/bin/puppetd:322
> > [jleggett@lxp6d4m3 puppet]$ ps -ef | grep puppet
> > jleggett 2364 1 0 16:31 ? 00:00:00 /opt/etrade/p6/bin/
> > ruby /opt/etrade/p6/bin/puppetmasterd --confdir=/opt/etrade/p6/puppet
> > jleggett 2856 1765 0 16:56 pts/1 00:00:00 grep puppet
> > [jleggett@lxp6d4m3 puppet]$
> > [jleggett@lxp6d4m3 puppet]$ puppetca --list
> > No certificates to sign
> > [jleggett@lxp6d4m3 puppet]$
>
> > Looks like some kind of cert error - what am I doing wrong?
> > >
> --
> :: udo waechter - r...@zoide.net :: N 52º16''30.5" E
8º3''10.1"
> :: genuine input for your ears:http://auriculabovinari.de
> :: your eyes:http://ezag.zoide.net
> :: your brain:http://zoide.net
>
> smime.p7s
> 2KDownload
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
[jleggett@lxp6d4m3 ~]$ sudo puppetd --trace --debug --confdir /opt/
etrade/p6/puppet --server lxp6d4m3.etrade.com
debug: Creating default schedules
debug: Failed to load library ''shadow'' for feature
''libshadow''
debug: /Settings[/opt/etrade/p6/puppet/puppet.conf]/Settings[main]/
File[/var/puppet/lib]: Autorequiring File[/var/puppet]
debug: /Settings[/opt/etrade/p6/puppet/puppet.conf]/Settings[ssl]/
File[/opt/etrade/p6/puppet/ssl/certs]: Autorequiring File[/opt/etrade/
p6/puppet/ssl]
debug: /Settings[/opt/etrade/p6/puppet/puppet.conf]/Settings[ssl]/
File[/opt/etrade/p6/puppet/ssl/csr_lxp6d4m3.etrade.com.pem]:
Autorequiring File[/opt/etrade/p6/puppet/ssl]
debug: /Settings[/opt/etrade/p6/puppet/puppet.conf]/Settings[ssl]/
File[/opt/etrade/p6/puppet/ssl/private]: Autorequiring File[/opt/
etrade/p6/puppet/ssl]
debug: /Settings[/opt/etrade/p6/puppet/puppet.conf]/Settings[main]/
File[/var/puppet/run]: Autorequiring File[/var/puppet]
debug: /Settings[/opt/etrade/p6/puppet/puppet.conf]/Settings[main]/
File[/var/puppet/state]: Autorequiring File[/var/puppet]
debug: /Settings[/opt/etrade/p6/puppet/puppet.conf]/Settings[ssl]/
File[/opt/etrade/p6/puppet/ssl/certs/lxp6d4m3.etrade.com.pem]:
Autorequiring File[/opt/etrade/p6/puppet/ssl/certs]
debug: /Settings[/opt/etrade/p6/puppet/puppet.conf]/Settings[puppetd]/
File[/opt/etrade/p6/puppet/puppet.conf]: Autorequiring File[/opt/
etrade/p6/puppet]
debug: /Settings[/opt/etrade/p6/puppet/puppet.conf]/Settings[main]/
File[/opt/etrade/p6/puppet/ssl]: Autorequiring File[/opt/etrade/p6/
puppet]
debug: /Settings[/opt/etrade/p6/puppet/puppet.conf]/Settings[ssl]/
File[/opt/etrade/p6/puppet/ssl/public_keys/lxp6d4m3.etrade.com.pem]:
Autorequiring File[/opt/etrade/p6/puppet/ssl/public_keys]
debug: /Settings[/opt/etrade/p6/puppet/puppet.conf]/Settings[ssl]/
File[/opt/etrade/p6/puppet/ssl/public_keys]: Autorequiring File[/opt/
etrade/p6/puppet/ssl]
debug: /Settings[/opt/etrade/p6/puppet/puppet.conf]/Settings[ssl]/
File[/opt/etrade/p6/puppet/ssl/private_keys]: Autorequiring File[/opt/
etrade/p6/puppet/ssl]
debug: /Settings[/opt/etrade/p6/puppet/puppet.conf]/Settings[main]/
File[/var/puppet/log]: Autorequiring File[/var/puppet]
debug: /Settings[/opt/etrade/p6/puppet/puppet.conf]/Settings[ssl]/
File[/opt/etrade/p6/puppet/ssl/private_keys/lxp6d4m3.etrade.com.pem]:
Autorequiring File[/opt/etrade/p6/puppet/ssl/private_keys]
debug: Finishing transaction -605912658 with 0 changes
/opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/http_pool.rb:
50:in `add_file'': system lib (OpenSSL::X509::StoreError)
from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/
http_pool.rb:50:in `cert_setup''
from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/
http_pool.rb:100:in `http_instance''
from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/
xmlrpc/client.rb:123:in `initialize''
from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/
client.rb:94:in `new''
from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/
client.rb:94:in `initialize''
from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/
client/master.rb:207:in `initialize''
from /opt/etrade/p6/bin/puppetd:322:in `new''
from /opt/etrade/p6/bin/puppetd:322
[jleggett@lxp6d4m3 ~]$
On May 13, 12:45 am, "Arjuna Christensen"
<arjuna.christen...@maxnet.co.nz> wrote:> Also, sorry can you throw a --trace --debug on your puppetmaster, and the
same on your puppet, and show me the output?
>
> Arjuna Christensen | Systems Engineer
> Maximum Internet Ltd
> DDI: + 64 9 913 9683 | Ph: +64 9 915 1825 | Fax:: +64 9 300 7227
> arjuna.christen...@maxnet.co.nz|www.maxnet.co.nz
>
> -----Original Message-----
> From: puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com]
On Behalf Of Arjuna Christensen
> Sent: Tuesday, 13 May 2008 4:43 p.m.
> To: puppet-users@googlegroups.com
> Subject: [Puppet Users] Re: starting up
>
> Is there any particular reason you''re not running puppetd as root?
>
> Regards,
>
> Arjuna Christensen | Systems Engineer
> Maximum Internet Ltd
> DDI: + 64 9 913 9683 | Ph: +64 9 915 1825 | Fax:: +64 9 300 7227
> arjuna.christen...@maxnet.co.nz|www.maxnet.co.nz
> -----Original Message-----
> From: puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com]
On Behalf Of Jeff Leggett
> Sent: Tuesday, 13 May 2008 4:38 p.m.
> To: Puppet Users
> Subject: [Puppet Users] Re: starting up
>
> Anyone? Am i being stupid?
>
> Jeff Leggett wrote:
> > OK, I re-worked everything, and started over with 24.4... now I get:
>
> > [jleggett@lxp6d4m3 puppet]$ puppetd --confdir /opt/etrade/p6/puppet --
> > server lxp6d4m3.etrade.com
> > /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/http_pool.rb:
> > 50:in `add_file'': system lib (OpenSSL::X509::StoreError)
> > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/
> > http_pool.rb:50:in `cert_setup''
> > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/
> > http_pool.rb:100:in `http_instance''
> > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/
> > xmlrpc/client.rb:123:in `initialize''
> > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/
> > client.rb:94:in `new''
> > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/
> > client.rb:94:in `initialize''
> > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/
> > client/master.rb:207:in `initialize''
> > from /opt/etrade/p6/bin/puppetd:322:in `new''
> > from /opt/etrade/p6/bin/puppetd:322
> > [jleggett@lxp6d4m3 puppet]$ ps -ef | grep puppet
> > jleggett 2364 1 0 16:31 ? 00:00:00 /opt/etrade/p6/bin/
> > ruby /opt/etrade/p6/bin/puppetmasterd --confdir=/opt/etrade/p6/puppet
> > jleggett 2856 1765 0 16:56 pts/1 00:00:00 grep puppet
> > [jleggett@lxp6d4m3 puppet]$
> > [jleggett@lxp6d4m3 puppet]$ puppetca --list
> > No certificates to sign
> > [jleggett@lxp6d4m3 puppet]$
>
> > Looks like some kind of cert error - what am I doing wrong?
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
On May 13, 2008, at 10:01 AM, Jeff Leggett wrote:> Same whether root or not: > > [jleggett@lxp6d4m3 ~]$ sudo puppetd --confdir /opt/etrade/p6/puppet -- > server lxp6d4m3.etrade.com > /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/http_pool.rb: > 50:in `add_file'': system lib (OpenSSL::X509::StoreError) > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/ > http_pool.rb:50:in `cert_setup'' > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/ > http_pool.rb:100:in `http_instance'' > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/ > xmlrpc/client.rb:123:in `initialize'' > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/ > client.rb:94:in `new'' > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/ > client.rb:94:in `initialize'' > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/ > client/master.rb:207:in `initialize'' > from /opt/etrade/p6/bin/puppetd:322:in `new'' > from /opt/etrade/p6/bin/puppetd:322 > [jleggett@lxp6d4m3 ~]$This is the stupid exception that ssl throws when you tell it to add a file that doesn''t exist. Specifically, it''s trying to add the certificate authority CA file. Do you somehow not have a CA file in that confdir? If you set the machine up with a different confdir, you should copy the ssl/ subdir from the old confdir to this one. -- There is only one success - to be able to spend your life in your own way. -- Christopher Morley --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Thanks Luke, that solved the error on startup, but in /var/log/
messages I still see:
May 16 14:28:35 lxp6d4m3 puppetd[9651]: Reopening log files
May 16 14:28:35 lxp6d4m3 puppetd[9651]: Starting Puppet client version
0.24.4
May 16 14:28:35 lxp6d4m3 puppetd[9651]: Could not retrieve catalog:
Certificates were not trusted: certificate verify failed
However, both puppetd and puppetmaster are running now:
[jleggett@lxp6d4m3 manifests]$ ps -ef | grep puppet
jleggett 2364 1 0 May12 ? 00:00:00 /opt/etrade/p6/bin/
ruby /opt/etrade/p6/bin/puppetmasterd --confdir=/opt/etrade/p6/puppet
root 9651 1 0 14:28 ? 00:00:00 /opt/etrade/p6/bin/
ruby /opt/etrade/p6/bin/puppetd --confdir /opt/etrade/p6/puppet --
server lxp6d4m3.etrade.com
I have a very simple manifest/site.pp to start:
[jleggett@lxp6d4m3 manifests]$ cat site.pp
file { "/etrade/home/jleggett/puppettest":
owner => jleggett,
mode => 644,
}
service { "bluetooth":
ensure => stopped,
}
On May 13, 1:00 pm, Luke Kanies <l...@madstop.com>
wrote:> On May 13, 2008, at 10:01 AM, Jeff Leggett wrote:
>
>
>
> > Same whether root or not:
>
> > [jleggett@lxp6d4m3 ~]$ sudo puppetd --confdir /opt/etrade/p6/puppet --
> > server lxp6d4m3.etrade.com
> > /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/http_pool.rb:
> > 50:in `add_file'': system lib (OpenSSL::X509::StoreError)
> > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/
> > http_pool.rb:50:in `cert_setup''
> > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/
> > http_pool.rb:100:in `http_instance''
> > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/
> > xmlrpc/client.rb:123:in `initialize''
> > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/
> > client.rb:94:in `new''
> > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/
> > client.rb:94:in `initialize''
> > from /opt/etrade/p6/lib/ruby/site_ruby/1.8/puppet/network/
> > client/master.rb:207:in `initialize''
> > from /opt/etrade/p6/bin/puppetd:322:in `new''
> > from /opt/etrade/p6/bin/puppetd:322
> > [jleggett@lxp6d4m3 ~]$
>
> This is the stupid exception that ssl throws when you tell it to add a
> file that doesn''t exist.
>
> Specifically, it''s trying to add the certificate authority CA
file.
>
> Do you somehow not have a CA file in that confdir? If you set the
> machine up with a different confdir, you should copy the ssl/ subdir
> from the old confdir to this one.
>
> --
> There is only one success - to be able to spend your life in your own
> way. -- Christopher Morley
> ---------------------------------------------------------------------
> Luke Kanies |http://reductivelabs.com|http://madstop.com
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
On May 16, 2008, at 1:41 PM, Jeff Leggett wrote:> Thanks Luke, that solved the error on startup, but in /var/log/ > messages I still see: > > May 16 14:28:35 lxp6d4m3 puppetd[9651]: Reopening log files > May 16 14:28:35 lxp6d4m3 puppetd[9651]: Starting Puppet client version > 0.24.4 > May 16 14:28:35 lxp6d4m3 puppetd[9651]: Could not retrieve catalog: > Certificates were not trusted: certificate verify failedYou''ve somehow gotten a misconfigured ssl directory. If this is just one machine, i''d remove all ssl directories and start again. If the server is working but a client is not, then I''d remove the client''s ssl directory and start it again. -- In our civilization, and under our republican form of government, intelligence is so highly honored that it is rewarded by exemption from the cares of office. --Ambrose Bierce --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
OK, so i deleted my puppet/ssl directory... stopped all daemons, did a puppetca --clean <fqdn> for good measure (as detailed here: http://reductivelabs.com/trac/puppet/wiki/FrequentlyAskedQuestions#i-keep-getting-certificates-were-not-trusted-what-s-wrong and still get: May 16 18:38:17 lxp6d4m3 puppetmasterd[10356]: (/Settings[/opt/etrade/ p6/puppet/puppet.conf]/Settings[ca]/File[/opt/etrade/p6/puppet/ssl/ca]/ ensure) change from absent to directory failed: Could not set directory on ensure: Permission denied - /opt/etrade/p6/puppet/ssl/ca May 16 18:38:17 lxp6d4m3 puppetmasterd[10356]: (/Settings[/opt/etrade/ p6/puppet/puppet.conf]/Settings[ca]/File[/opt/etrade/p6/puppet/ssl/ca/ private]) Dependency file[/opt/etrade/p6/puppet/ssl/ca] has 1 failures May 16 18:38:17 lxp6d4m3 puppetmasterd[10356]: (/Settings[/opt/etrade/ p6/puppet/puppet.conf]/Settings[ca]/File[/opt/etrade/p6/puppet/ssl/ca/ private]) Skipping because of failed dependencies May 16 18:38:17 lxp6d4m3 puppetmasterd[10356]: (/Settings[/opt/etrade/ p6/puppet/puppet.conf]/Settings[ca]/File[/opt/etrade/p6/puppet/ssl/ca/ signed]) Dependency file[/opt/etrade/p6/puppet/ssl/ca] has 1 failures May 16 18:38:17 lxp6d4m3 puppetmasterd[10356]: (/Settings[/opt/etrade/ p6/puppet/puppet.conf]/Settings[ca]/File[/opt/etrade/p6/puppet/ssl/ca/ signed]) Skipping because of failed dependencies May 16 18:38:17 lxp6d4m3 puppetmasterd[10356]: (/Settings[/opt/etrade/ p6/puppet/puppet.conf]/Settings[ca]/File[/opt/etrade/p6/puppet/ssl/ca/ requests]) Dependency file[/opt/etrade/p6/puppet/ssl/ca] has 1 failures May 16 18:38:17 lxp6d4m3 puppetmasterd[10356]: (/Settings[/opt/etrade/ p6/puppet/puppet.conf]/Settings[ca]/File[/opt/etrade/p6/puppet/ssl/ca/ requests]) Skipping because of failed dependencies [jleggett@lxp6d4m3 puppet]$ On May 16, 2:54 pm, Luke Kanies <l...@madstop.com> wrote:> On May 16, 2008, at 1:41 PM, Jeff Leggett wrote: > > > Thanks Luke, that solved the error on startup, but in /var/log/ > > messages I still see: > > > May 16 14:28:35 lxp6d4m3 puppetd[9651]: Reopening log files > > May 16 14:28:35 lxp6d4m3 puppetd[9651]: Starting Puppet client version > > 0.24.4 > > May 16 14:28:35 lxp6d4m3 puppetd[9651]: Could not retrieve catalog: > > Certificates were not trusted: certificate verify failed > > You''ve somehow gotten a misconfigured ssl directory. > > If this is just one machine, i''d remove all ssl directories and start > again. > > If the server is working but a client is not, then I''d remove the > client''s ssl directory and start it again. > > -- > In our civilization, and under our republican form of government, > intelligence is so highly honored that it is rewarded by exemption from > the cares of office. --Ambrose Bierce > --------------------------------------------------------------------- > Luke Kanies |http://reductivelabs.com|http://madstop.com--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Jeff Leggett wrote:> OK, so i deleted my puppet/ssl directory... stopped all daemons, did a > puppetca --clean <fqdn> for good measure (as detailed here: > http://reductivelabs.com/trac/puppet/wiki/FrequentlyAskedQuestions#i-keep-getting-certificates-were-not-trusted-what-s-wrong > and still get: > > May 16 18:38:17 lxp6d4m3 puppetmasterd[10356]: (/Settings[/opt/etrade/ > p6/puppet/puppet.conf]/Settings[ca]/File[/opt/etrade/p6/puppet/ssl/ca]/ > ensure) change from absent to directory failed: Could not set > directory on ensure: Permission denied - /opt/etrade/p6/puppet/ssl/ca > > [jleggett@lxp6d4m3 puppet]$Does jleggett own the /opt/etrade/p6/puppet/ssl folder? Looks like it''s failing to create the ca folder in there. At least on my puppetmaster, the ssl folder tree is owned as follows: |> gold:/etc/puppet/ssl# find . -type d -exec ls -ld {} \; |> drwxrwx--x 7 root root 4096 2008-05-15 14:45 . |> drwxr-x--- 2 root root 4096 2008-05-15 14:45 ./private_keys |> drwxrwx--- 5 puppet puppet 4096 2008-05-15 14:45 ./ca |> drwxrwx--- 2 puppet puppet 4096 2008-05-15 14:45 ./ca/private |> drwxr-xr-x 2 puppet puppet 4096 2008-05-16 13:12 ./ca/requests |> drwxrwx--- 2 puppet puppet 4096 2008-05-16 13:12 ./ca/signed |> drwxr-x--- 2 root root 4096 2008-05-15 14:45 ./private |> drwxr-xr-x 2 root root 4096 2008-05-15 14:45 ./public_keys |> drwxr-xr-x 2 root root 4096 2008-05-15 14:45 ./certs and puppetmasterd is run as the puppet user. -- Mike Renfro / R&D Engineer, Center for Manufacturing Research, 931 372-3601 / Tennessee Technological University -- renfro@tntech.edu --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
I think it''s on the right track but now I get:
[jleggett@lxp6d4m3 puppet]$ !800
puppetmasterd --confdir=/opt/etrade/p6/puppet
Could not configure for running; got 1 failure(s)
[jleggett@lxp6d4m3 puppet]$
/var/log/messages:
May 18 01:22:09 lxp6d4m3 puppetmasterd[13444]: (/Settings[/opt/etrade/
p6/puppet/puppet.conf]/Settings[ca]/File[/opt/etrade/p6/puppet/ssl/ca]/
mode) change from 777 to 770 failed: failed to chmod /opt/etrade/p6/
puppet/ssl/ca: Operation not permitted - /opt/etrade/p6/puppet/ssl/ca
May 18 01:22:09 lxp6d4m3 puppetmasterd[13444]: (/Settings[/opt/etrade/
p6/puppet/puppet.conf]/Settings[ca]/File[/opt/etrade/p6/puppet/ssl/ca/
ca_crt.pem]) Dependency file[/opt/etrade/p6/puppet/ssl/ca] has 1
failures
May 18 01:22:09 lxp6d4m3 puppetmasterd[13444]: (/Settings[/opt/etrade/
p6/puppet/puppet.conf]/Settings[ca]/File[/opt/etrade/p6/puppet/ssl/ca/
ca_crt.pem]) Skipping because of failed dependencies
May 18 01:22:09 lxp6d4m3 puppetmasterd[13444]: (/Settings[/opt/etrade/
p6/puppet/puppet.conf]/Settings[ca]/File[/opt/etrade/p6/puppet/ssl/ca/
ca_key.pem]) Dependency file[/opt/etrade/p6/puppet/ssl/ca] has 1
failures
May 18 01:22:09 lxp6d4m3 puppetmasterd[13444]: (/Settings[/opt/etrade/
p6/puppet/puppet.conf]/Settings[ca]/File[/opt/etrade/p6/puppet/ssl/ca/
ca_key.pem]) Skipping because of failed dependencies
May 18 01:22:09 lxp6d4m3 puppetmasterd[13444]: (/Settings[/opt/etrade/
p6/puppet/puppet.conf]/Settings[ca]/File[/opt/etrade/p6/puppet/ssl/ca/
ca_pub.pem]) Dependency file[/opt/etrade/p6/puppet/ssl/ca] has 1
failures
May 18 01:22:09 lxp6d4m3 puppetmasterd[13444]: (/Settings[/opt/etrade/
p6/puppet/puppet.conf]/Settings[ca]/File[/opt/etrade/p6/puppet/ssl/ca/
ca_pub.pem]) Skipping because of failed dependencies
May 18 01:22:09 lxp6d4m3 puppetmasterd[13444]: (/Settings[/opt/etrade/
p6/puppet/puppet.conf]/Settings[ca]/File[/opt/etrade/p6/puppet/ssl/ca/
requests]) Dependency file[/opt/etrade/p6/puppet/ssl/ca] has 1
failures
May 18 01:22:09 lxp6d4m3 puppetmasterd[13444]: (/Settings[/opt/etrade/
p6/puppet/puppet.conf]/Settings[ca]/File[/opt/etrade/p6/puppet/ssl/ca/
requests]) Skipping because of failed dependencies
May 18 01:22:09 lxp6d4m3 puppetmasterd[13444]: (/Settings[/opt/etrade/
p6/puppet/puppet.conf]/Settings[ca]/File[/opt/etrade/p6/puppet/ssl/ca/
serial]) Dependency file[/opt/etrade/p6/puppet/ssl/ca] has 1 failures
May 18 01:22:09 lxp6d4m3 puppetmasterd[13444]: (/Settings[/opt/etrade/
p6/puppet/puppet.conf]/Settings[ca]/File[/opt/etrade/p6/puppet/ssl/ca/
serial]) Skipping because of failed dependencies
May 18 01:22:09 lxp6d4m3 puppetmasterd[13444]: (/Settings[/opt/etrade/
p6/puppet/puppet.conf]/Settings[ca]/File[/opt/etrade/p6/puppet/ssl/ca/
private]) Dependency file[/opt/etrade/p6/puppet/ssl/ca] has 1 failures
May 18 01:22:09 lxp6d4m3 puppetmasterd[13444]: (/Settings[/opt/etrade/
p6/puppet/puppet.conf]/Settings[ca]/File[/opt/etrade/p6/puppet/ssl/ca/
private]) Skipping because of failed dependencies
May 18 01:22:09 lxp6d4m3 puppetmasterd[13444]: (/Settings[/opt/etrade/
p6/puppet/puppet.conf]/Settings[ca]/File[/opt/etrade/p6/puppet/ssl/ca/
private/ca.pass]) Dependency file[/opt/etrade/p6/puppet/ssl/ca] has 1
failures
May 18 01:22:09 lxp6d4m3 puppetmasterd[13444]: (/Settings[/opt/etrade/
p6/puppet/puppet.conf]/Settings[ca]/File[/opt/etrade/p6/puppet/ssl/ca/
private/ca.pass]) Skipping because of failed dependencies
May 18 01:22:09 lxp6d4m3 puppetmasterd[13444]: (/Settings[/opt/etrade/
p6/puppet/puppet.conf]/Settings[ca]/File[/opt/etrade/p6/puppet/ssl/ca/
ca_crl.pem]) Dependency file[/opt/etrade/p6/puppet/ssl/ca] has 1
failures
May 18 01:22:09 lxp6d4m3 puppetmasterd[13444]: (/Settings[/opt/etrade/
p6/puppet/puppet.conf]/Settings[ca]/File[/opt/etrade/p6/puppet/ssl/ca/
ca_crl.pem]) Skipping because of failed dependencies
May 18 01:22:09 lxp6d4m3 puppetmasterd[13444]: (/Settings[/opt/etrade/
p6/puppet/puppet.conf]/Settings[ca]/File[/opt/etrade/p6/puppet/ssl/ca/
inventory.txt]) Dependency file[/opt/etrade/p6/puppet/ssl/ca] has 1
failures
May 18 01:22:09 lxp6d4m3 puppetmasterd[13444]: (/Settings[/opt/etrade/
p6/puppet/puppet.conf]/Settings[ca]/File[/opt/etrade/p6/puppet/ssl/ca/
inventory.txt]) Skipping because of failed dependencies
May 18 01:22:09 lxp6d4m3 puppetmasterd[13444]: (/Settings[/opt/etrade/
p6/puppet/puppet.conf]/Settings[ca]/File[/opt/etrade/p6/puppet/ssl/ca/
signed]) Dependency file[/opt/etrade/p6/puppet/ssl/ca] has 1 failures
May 18 01:22:09 lxp6d4m3 puppetmasterd[13444]: (/Settings[/opt/etrade/
p6/puppet/puppet.conf]/Settings[ca]/File[/opt/etrade/p6/puppet/ssl/ca/
signed]) Skipping because of failed dependencies
directory perms:
[jleggett@lxp6d4m3 puppet]$ find . -type d -exec ls -ld {} \;
drwxrwxrwx 8 puppet puppet 4096 May 16 18:39 .
drwxr-x--- 2 jleggett etrade 4096 May 16 14:38 ./log
drwxrwx--x 7 jleggett etrade 4096 May 16 18:39 ./ssl
drwxrwxrwx 2 jleggett etrade 4096 May 16 18:39 ./ssl/public_keys
drwxr-x--- 2 jleggett etrade 4096 May 16 18:39 ./ssl/private
drwxr-x--- 2 jleggett etrade 4096 May 16 18:39 ./ssl/private_keys
drwxrwxrwx 2 jleggett etrade 4096 May 16 18:39 ./ssl/certs
drwxrwxrwx 5 puppet etrade 4096 May 16 18:39 ./ssl/ca
drwxrwxrwx 2 puppet etrade 4096 May 16 18:39 ./ssl/ca/signed
drwxrwxrwx 2 puppet etrade 4096 May 16 18:39 ./ssl/ca/private
drwxrwxrwx 2 puppet etrade 4096 May 16 18:39 ./ssl/ca/requests
drwxr-xr-t 2 jleggett etrade 4096 May 12 16:21 ./state
drwxrwxrwt 2 jleggett etrade 4096 May 12 16:31 ./run
drwxrwxrwx 2 jleggett etrade 4096 May 12 16:21 ./lib
drwxrwxrwx 2 jleggett etrade 4096 May 16 14:33 ./manifests
[jleggett@lxp6d4m3 puppet]$
I believe it''s combo of permissions and user auth... but I am not
seing the right ones inthe right place based on these syslog
messages.
On May 16, 11:23 pm, Mike Renfro <ren...@tntech.edu>
wrote:> Jeff Leggett wrote:
> > OK, so i deleted my puppet/ssl directory... stopped all daemons, did a
> > puppetca --clean <fqdn> for good measure (as detailed here:
>
>http://reductivelabs.com/trac/puppet/wiki/FrequentlyAskedQuestions#i-...
> > and still get:
>
> > May 16 18:38:17 lxp6d4m3 puppetmasterd[10356]: (/Settings[/opt/etrade/
> >
p6/puppet/puppet.conf]/Settings[ca]/File[/opt/etrade/p6/puppet/ssl/ca]/
> > ensure) change from absent to directory failed: Could not set
> > directory on ensure: Permission denied - /opt/etrade/p6/puppet/ssl/ca
>
> > [jleggett@lxp6d4m3 puppet]$
>
> Does jleggett own the /opt/etrade/p6/puppet/ssl folder? Looks like
it''s
> failing to create the ca folder in there. At least on my puppetmaster,
> the ssl folder tree is owned as follows:
>
> |> gold:/etc/puppet/ssl# find . -type d -exec ls -ld {} \;
> |> drwxrwx--x 7 root root 4096 2008-05-15 14:45 .
> |> drwxr-x--- 2 root root 4096 2008-05-15 14:45 ./private_keys
> |> drwxrwx--- 5 puppet puppet 4096 2008-05-15 14:45 ./ca
> |> drwxrwx--- 2 puppet puppet 4096 2008-05-15 14:45 ./ca/private
> |> drwxr-xr-x 2 puppet puppet 4096 2008-05-16 13:12 ./ca/requests
> |> drwxrwx--- 2 puppet puppet 4096 2008-05-16 13:12 ./ca/signed
> |> drwxr-x--- 2 root root 4096 2008-05-15 14:45 ./private
> |> drwxr-xr-x 2 root root 4096 2008-05-15 14:45 ./public_keys
> |> drwxr-xr-x 2 root root 4096 2008-05-15 14:45 ./certs
>
> and puppetmasterd is run as the puppet user.
>
> --
> Mike Renfro / R&D Engineer, Center for Manufacturing Research,
> 931 372-3601 / Tennessee Technological University -- ren...@tntech.edu
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
Jeff Leggett wrote:> I think it''s on the right track but now I get: > > [jleggett@lxp6d4m3 puppet]$ !800 > puppetmasterd --confdir=/opt/etrade/p6/puppet > Could not configure for running; got 1 failure(s) > [jleggett@lxp6d4m3 puppet]$ > > /var/log/messages: > May 18 01:22:09 lxp6d4m3 puppetmasterd[13444]: (/Settings[/opt/etrade/ > p6/puppet/puppet.conf]/Settings[ca]/File[/opt/etrade/p6/puppet/ssl/ca]/ > mode) change from 777 to 770 failed: failed to chmod /opt/etrade/p6/ > puppet/ssl/ca: Operation not permitted - /opt/etrade/p6/puppet/ssl/ca> directory perms: > > [jleggett@lxp6d4m3 puppet]$ find . -type d -exec ls -ld {} \; > drwxrwxrwx 5 puppet etrade 4096 May 16 18:39 ./ssl/ca> I believe it''s combo of permissions and user auth... but I am not > seing the right ones inthe right place based on these syslog > messages.Yep. You have an exceedingly odd mix of permissions, which I''m sure can be made to work eventually, but certainly doesn''t match what I''m used to with the Debian packages. On my setup, puppetmasterd runs as puppet (via an init script run by root), I edit my manifests as root (in theory, I should edit them elsewhere, check them into version control, and let root do a checkout), and make sure that puppet owns the puppetmaster''s fileserver private area. You''re apparently running puppetmasterd as jleggett, some of the files are owned by puppet, and others by jleggett. In this particular case, since jleggett doesn''t own the ssl/ca folder, he can''t chmod it to 770. And I''d guess that if you did chmod it 770, unless everything in puppetmaster is set to run as jleggett, and not as puppet or some other user, you''ll run into further trouble later. Is root off-limits on your puppetmaster server? Since you''re eventually going to have to trust the puppetd process on clients with root permissions, working as root on the puppetmaster isn''t much of an incremental liability. -- Mike Renfro / R&D Engineer, Center for Manufacturing Research, 931 372-3601 / Tennessee Technological University -- renfro@tntech.edu --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
I did a: [jleggett@lxp6d4m3 puppet]$ sudo chown -R puppet.puppet * Sets whole directory to puppet then try to start puppetmaster as: [jleggett@lxp6d4m3 puppet]$ sudo -u puppet !800 sudo -u puppet puppetmasterd --confdir=/opt/etrade/p6/puppet No CA certificate On May 18, 12:29 pm, Mike Renfro <ren...@tntech.edu> wrote:> Jeff Leggett wrote: > > I think it''s on the right track but now I get: > > > [jleggett@lxp6d4m3 puppet]$ !800 > > puppetmasterd --confdir=/opt/etrade/p6/puppet > > Could not configure for running; got 1 failure(s) > > [jleggett@lxp6d4m3 puppet]$ > > > /var/log/messages: > > May 18 01:22:09 lxp6d4m3 puppetmasterd[13444]: (/Settings[/opt/etrade/ > > p6/puppet/puppet.conf]/Settings[ca]/File[/opt/etrade/p6/puppet/ssl/ca]/ > > mode) change from 777 to 770 failed: failed to chmod /opt/etrade/p6/ > > puppet/ssl/ca: Operation not permitted - /opt/etrade/p6/puppet/ssl/ca > > directory perms: > > > [jleggett@lxp6d4m3 puppet]$ find . -type d -exec ls -ld {} \; > > drwxrwxrwx 5 puppet etrade 4096 May 16 18:39 ./ssl/ca > > I believe it''s combo of permissions and user auth... but I am not > > seing the right ones inthe right place based on these syslog > > messages. > > Yep. You have an exceedingly odd mix of permissions, which I''m sure can > be made to work eventually, but certainly doesn''t match what I''m used to > with the Debian packages. > > On my setup, puppetmasterd runs as puppet (via an init script run by > root), I edit my manifests as root (in theory, I should edit them > elsewhere, check them into version control, and let root do a checkout), > and make sure that puppet owns the puppetmaster''s fileserver private area. > > You''re apparently running puppetmasterd as jleggett, some of the files > are owned by puppet, and others by jleggett. In this particular case, > since jleggett doesn''t own the ssl/ca folder, he can''t chmod it to 770. > And I''d guess that if you did chmod it 770, unless everything in > puppetmaster is set to run as jleggett, and not as puppet or some other > user, you''ll run into further trouble later. > > Is root off-limits on your puppetmaster server? Since you''re eventually > going to have to trust the puppetd process on clients with root > permissions, working as root on the puppetmaster isn''t much of an > incremental liability. > > -- > Mike Renfro / R&D Engineer, Center for Manufacturing Research, > 931 372-3601 / Tennessee Technological University -- ren...@tntech.edu--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Current directory perms:
[jleggett@lxp6d4m3 puppet]$ sudo find . -type d -exec ls -ld {} \;
drwxrwxrwx 8 puppet puppet 4096 May 16 18:39 .
drwxr-x--- 2 puppet puppet 4096 May 16 14:38 ./log
drwxrwx--x 7 puppet puppet 4096 May 16 18:39 ./ssl
drwxrwxrwx 2 puppet puppet 4096 May 16 18:39 ./ssl/public_keys
drwxr-x--- 2 puppet puppet 4096 May 16 18:39 ./ssl/private
drwxr-x--- 2 puppet puppet 4096 May 16 18:39 ./ssl/private_keys
drwxrwxrwx 2 puppet puppet 4096 May 16 18:39 ./ssl/certs
drwxrwx--- 5 puppet puppet 4096 May 16 18:39 ./ssl/ca
drwxrwx--- 2 puppet puppet 4096 May 16 18:39 ./ssl/ca/signed
drwxrwx--- 2 puppet puppet 4096 May 16 18:39 ./ssl/ca/private
drwxrwxrwx 2 puppet puppet 4096 May 16 18:39 ./ssl/ca/requests
drwxr-xr-t 2 puppet puppet 4096 May 12 16:21 ./state
drwxrwxrwt 2 puppet puppet 4096 May 12 16:31 ./run
drwxrwxrwx 2 puppet puppet 4096 May 12 16:21 ./lib
drwxrwxrwx 2 puppet puppet 4096 May 16 14:33 ./manifests
[jleggett@lxp6d4m3 puppet]$
Should I just start over?!
On May 18, 7:15 pm, Jeff Leggett <jeffrey.legg...@etrade.com>
wrote:> I did a:
>
> [jleggett@lxp6d4m3 puppet]$ sudo chown -R puppet.puppet *
>
> Sets whole directory to puppet then try to start puppetmaster as:
>
> [jleggett@lxp6d4m3 puppet]$ sudo -u puppet !800
> sudo -u puppet puppetmasterd --confdir=/opt/etrade/p6/puppet
> No CA certificate
>
> On May 18, 12:29 pm, Mike Renfro <ren...@tntech.edu> wrote:
>
> > Jeff Leggett wrote:
> > > I think it''s on the right track but now I get:
>
> > > [jleggett@lxp6d4m3 puppet]$ !800
> > > puppetmasterd --confdir=/opt/etrade/p6/puppet
> > > Could not configure for running; got 1 failure(s)
> > > [jleggett@lxp6d4m3 puppet]$
>
> > > /var/log/messages:
> > > May 18 01:22:09 lxp6d4m3 puppetmasterd[13444]:
(/Settings[/opt/etrade/
> > >
p6/puppet/puppet.conf]/Settings[ca]/File[/opt/etrade/p6/puppet/ssl/ca]/
> > > mode) change from 777 to 770 failed: failed to chmod
/opt/etrade/p6/
> > > puppet/ssl/ca: Operation not permitted -
/opt/etrade/p6/puppet/ssl/ca
> > > directory perms:
>
> > > [jleggett@lxp6d4m3 puppet]$ find . -type d -exec ls -ld {} \;
> > > drwxrwxrwx 5 puppet etrade 4096 May 16 18:39 ./ssl/ca
> > > I believe it''s combo of permissions and user auth... but
I am not
> > > seing the right ones inthe right place based on these syslog
> > > messages.
>
> > Yep. You have an exceedingly odd mix of permissions, which
I''m sure can
> > be made to work eventually, but certainly doesn''t match what
I''m used to
> > with the Debian packages.
>
> > On my setup, puppetmasterd runs as puppet (via an init script run by
> > root), I edit my manifests as root (in theory, I should edit them
> > elsewhere, check them into version control, and let root do a
checkout),
> > and make sure that puppet owns the puppetmaster''s fileserver
private area.
>
> > You''re apparently running puppetmasterd as jleggett, some of
the files
> > are owned by puppet, and others by jleggett. In this particular case,
> > since jleggett doesn''t own the ssl/ca folder, he
can''t chmod it to 770.
> > And I''d guess that if you did chmod it 770, unless everything
in
> > puppetmaster is set to run as jleggett, and not as puppet or some
other
> > user, you''ll run into further trouble later.
>
> > Is root off-limits on your puppetmaster server? Since you''re
eventually
> > going to have to trust the puppetd process on clients with root
> > permissions, working as root on the puppetmaster isn''t much
of an
> > incremental liability.
>
> > --
> > Mike Renfro / R&D Engineer, Center for Manufacturing Research,
> > 931 372-3601 / Tennessee Technological University -- ren...@tntech.edu
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
I figured it out! One value in puppet.conf was still pointing to / etc/puppet dir structure: localcacert... Commenting that out ( so it defaulted to $ssldir/ca.pem) and restarting it all seems to have worked. At least I see this in /var/log/messages now: May 19 10:02:37 lxp6d4m3 puppetmasterd[9068]: Reopening log files May 19 10:02:37 lxp6d4m3 puppetmasterd[9068]: Starting Puppet server version 0.24.4 May 19 10:03:25 lxp6d4m3 puppetd[9096]: Reopening log files May 19 10:03:25 lxp6d4m3 puppetd[9096]: Starting Puppet client version 0.24.4 May 19 10:03:26 lxp6d4m3 puppetmasterd[9068]: Compiled configuration for lxp6d4m3.etrade.com in 0.10 seconds May 19 10:03:26 lxp6d4m3 puppetd[9096]: Starting catalog run May 19 10:03:26 lxp6d4m3 puppetd[9096]: Finished catalog run in 0.04 seconds --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---