Puppet users - Feb 2009 - Solaris SSL error

Hello there

I''m having some issues and i''m not entirely sure where they
are
starting (I''m not generally a Solaris user). I gather that there are
some discussions about the error messages, but if someone could tell
me what rock to look under first i''d appreaciate it :)

My solaris puppet (puppetsun) is supposed to talk to my puppet beta
master (running rhel). I''ve done the puppetca --sign puppetsun... and
now when i run `puppet -vtd` i get:
debug: Creating default schedules
debug: Failed to load library ''ldap'' for feature
''ldap''
debug: Failed to load library ''shadow'' for feature
''libshadow''
debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[main]/File
[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[ssl]/File[/
var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl]
debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[ssl]/File[/
var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl]
debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[ssl]/File[/
var/lib/puppet/ssl/certs/puppetsun.example.org.pem]: Autorequiring File
[/var/lib/puppet/ssl/certs]
debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[main]/File
[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[ssl]/File[/
var/lib/puppet/ssl/public_keys/puppetsun.example.org.pem]:
Autorequiring File[/var/lib/puppet/ssl/public_keys]
debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[ssl]/File[/
var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/
ssl]
debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[puppetd]/
File[/etc/opt/csw/puppet/puppet.conf]: Autorequiring File[/etc/opt/csw/
puppet]
debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[ssl]/File[/
var/lib/puppet/ssl/private_keys/puppetsun.example.org.pem]:
Autorequiring File[/var/lib/puppet/ssl/private_keys]
debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[ssl]/File[/
var/lib/puppet/ssl/csr_puppetsun.example.org.pem]: Autorequiring File[/
var/lib/puppet/ssl]
debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[ssl]/File[/
var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/var/lib/puppet/
ssl/certs]
debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[main]/File
[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet]
debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[ssl]/File[/
var/lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/
ssl]
debug: Finishing transaction 69307580 with 0 changes
debug: Puppet::Network::Client::File: defining fileserver.describe
debug: Puppet::Network::Client::File: defining fileserver.list
debug: Puppet::Network::Client::File: defining fileserver.retrieve
info: Retrieving plugins
debug: Calling fileserver.list
warning: Certificate validation failed; consider using the certname
configuration option
err: /File[/var/lib/puppet/lib]: Failed to generate additional
resources during transaction: Certificates were not trusted:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B:
certificate verify failed
debug: /File[/var/lib/puppet/lib]/checksum: Initializing checksum hash
debug: /File[/var/lib/puppet/lib]: Creating checksum {mtime}Sun Dec 28
10:53:11 +1000 1986
debug: Calling fileserver.describe
warning: Certificate validation failed; consider using the certname
configuration option
err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of
resource: Certificates were not trusted: SSL_connect returned=1
errno=0 state=SSLv3 read server certificate B: certificate verify
failed Could not describe /plugins: Certificates were not trusted:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B:
certificate verify failed
debug: Finishing transaction 74984300 with 0 changes
err: Could not retrieve catalog: private method `chomp'' called for
nil:NilClass

I gather the certs aren''t trusted. and what is the certname
configuration option... i ran a search on the puppet site and got
bupkis that looked relevant (but i might be blind)...

Cheers
chakkerz

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

I believe that means the cert on the master and the client weren''t
signed by
the same CA.



On Sun, Feb 8, 2009 at 10:29 PM, chakkerz <chakkerz@gmail.com> wrote:
>
> Hello there
>
> I''m having some issues and i''m not entirely sure where
they are
> starting (I''m not generally a Solaris user). I gather that there
are
> some discussions about the error messages, but if someone could tell
> me what rock to look under first i''d appreaciate it :)
>
> My solaris puppet (puppetsun) is supposed to talk to my puppet beta
> master (running rhel). I''ve done the puppetca --sign puppetsun...
and
> now when i run `puppet -vtd` i get:
> debug: Creating default schedules
> debug: Failed to load library ''ldap'' for feature
''ldap''
> debug: Failed to load library ''shadow'' for feature
''libshadow''
> debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[main]/File
> [/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
> debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[ssl]/File[/
> var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl]
> debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[ssl]/File[/
> var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl]
> debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[ssl]/File[/
> var/lib/puppet/ssl/certs/puppetsun.example.org.pem]: Autorequiring File
> [/var/lib/puppet/ssl/certs]
> debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[main]/File
> [/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
> debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[ssl]/File[/
> var/lib/puppet/ssl/public_keys/puppetsun.example.org.pem]:
> Autorequiring File[/var/lib/puppet/ssl/public_keys]
> debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[ssl]/File[/
> var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/
> ssl]
> debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[puppetd]/
> File[/etc/opt/csw/puppet/puppet.conf]: Autorequiring File[/etc/opt/csw/
> puppet]
> debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[ssl]/File[/
> var/lib/puppet/ssl/private_keys/puppetsun.example.org.pem]:
> Autorequiring File[/var/lib/puppet/ssl/private_keys]
> debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[ssl]/File[/
> var/lib/puppet/ssl/csr_puppetsun.example.org.pem]: Autorequiring File[/
> var/lib/puppet/ssl]
> debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[ssl]/File[/
> var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/var/lib/puppet/
> ssl/certs]
> debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[main]/File
> [/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet]
> debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[ssl]/File[/
> var/lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/
> ssl]
> debug: Finishing transaction 69307580 with 0 changes
> debug: Puppet::Network::Client::File: defining fileserver.describe
> debug: Puppet::Network::Client::File: defining fileserver.list
> debug: Puppet::Network::Client::File: defining fileserver.retrieve
> info: Retrieving plugins
> debug: Calling fileserver.list
> warning: Certificate validation failed; consider using the certname
> configuration option
> err: /File[/var/lib/puppet/lib]: Failed to generate additional
> resources during transaction: Certificates were not trusted:
> SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B:
> certificate verify failed
> debug: /File[/var/lib/puppet/lib]/checksum: Initializing checksum hash
> debug: /File[/var/lib/puppet/lib]: Creating checksum {mtime}Sun Dec 28
> 10:53:11 +1000 1986
> debug: Calling fileserver.describe
> warning: Certificate validation failed; consider using the certname
> configuration option
> err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of
> resource: Certificates were not trusted: SSL_connect returned=1
> errno=0 state=SSLv3 read server certificate B: certificate verify
> failed Could not describe /plugins: Certificates were not trusted:
> SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B:
> certificate verify failed
> debug: Finishing transaction 74984300 with 0 changes
> err: Could not retrieve catalog: private method `chomp'' called for
> nil:NilClass
>
> I gather the certs aren''t trusted. and what is the certname
> configuration option... i ran a search on the puppet site and got
> bupkis that looked relevant (but i might be blind)...
>
> Cheers
> chakkerz
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

But that doesn''t make sense ...

So what you''re saying that the Solaris host (all the RedHat ones are
working), will need to have their cert''s generated on a RedHat box,
and then transferred to the solaris host?

But even then the architecture doesn''t make sense, because i''m
using a
self signed cert - generated automatically when puppet does its thing.
I interpreted the certs as being used for identification, or rather
authentication. So what does the CA have to do with it? Further why am
i getting the error AFTER i''ve had the master accept it by puppetca --
sign <whatever>? shouldn''t the error of different CA''s
occur then,
rather than after it has been accepted by the master, when the slave
tries to get updates?

I''ll do some digging and see if i can find a guide that tells me
more...

Cheers though
chakkerz
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Ok, i''ve re-read
http://reductivelabs.com/trac/puppet/wiki/CertificatesAndSecurity
and some things fell into place (though it still doesn''t work :) )

So the CA here is my host puppetbeta which is the master. On it i
signed the cert that the puppetsun generated when i ran `puppetd --
test` , using `puppetca --sign puppetsun... ` and when i run `puppetca
--list --all` it''s happily there.

Just to be sure though, (going on my former interpretation of
''signed''
as ''created'') i did the `puppetca --generate puppetsun` and
then
copied
root@puppetsun:/var/lib/puppet/ssl# find ./
./
./private_keys
./private_keys/puppetsun.its.uq.edu.au.pem
./certs
./certs/ca.pem
./certs/puppetsun.its.uq.edu.au.pem

^ these. Upon running puppetd -vt i get:
root@puppetsun:/var/lib/puppet# /opt/csw/bin/puppetd -vt
info: Retrieving plugins
warning: Certificate validation failed; consider using the certname
configuration option
err: /File[/var/lib/puppet/lib]: Failed to generate additional
resources during transaction: Certificates were not trusted:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B:
certificate verify failed
warning: Certificate validation failed; consider using the certname
configuration option
err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of
resource: Certificates were not trusted: SSL_connect returned=1
errno=0 state=SSLv3 read server certificate B: certificate verify
failed Could not describe /plugins: Certificates were not trusted:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B:
certificate verify failed
err: Could not retrieve catalog: private method `chomp'' called for
nil:NilClass

which remains the exact same error.

The two versions i''m running are:
Master:
[root@puppetbeta ssl]# puppet --version
0.24.7

Slave:
root@puppetsun:/opt/csw/bin# ./puppet --version
0.24.7

What''s the certname option it talks about?

cheers
chakkerz
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

If you used the Solaris blastwave packages, it might be that your certs are
in  a different directory... check your puppet configs for where your ssl
dir is (could be /etc/puppet/ssl, /var/lib/puppet/ssl,
/opt/csw/etc/puppet/ssl .....)

Cheers,
Ohad

On Tue, Feb 10, 2009 at 6:29 AM, chakkerz <chakkerz@gmail.com> wrote:
>
> Ok, i''ve re-read
> http://reductivelabs.com/trac/puppet/wiki/CertificatesAndSecurity
> and some things fell into place (though it still doesn''t work :) )
>
> So the CA here is my host puppetbeta which is the master. On it i
> signed the cert that the puppetsun generated when i ran `puppetd --
> test` , using `puppetca --sign puppetsun... ` and when i run `puppetca
> --list --all` it''s happily there.
>
> Just to be sure though, (going on my former interpretation of
''signed''
> as ''created'') i did the `puppetca --generate puppetsun`
and then
> copied
> root@puppetsun:/var/lib/puppet/ssl# find ./
> ./
> ./private_keys
> ./private_keys/puppetsun.its.uq.edu.au.pem
> ./certs
> ./certs/ca.pem
> ./certs/puppetsun.its.uq.edu.au.pem
>
> ^ these. Upon running puppetd -vt i get:
> root@puppetsun:/var/lib/puppet# /opt/csw/bin/puppetd -vt
> info: Retrieving plugins
> warning: Certificate validation failed; consider using the certname
> configuration option
> err: /File[/var/lib/puppet/lib]: Failed to generate additional
> resources during transaction: Certificates were not trusted:
> SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B:
> certificate verify failed
> warning: Certificate validation failed; consider using the certname
> configuration option
> err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of
> resource: Certificates were not trusted: SSL_connect returned=1
> errno=0 state=SSLv3 read server certificate B: certificate verify
> failed Could not describe /plugins: Certificates were not trusted:
> SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B:
> certificate verify failed
> err: Could not retrieve catalog: private method `chomp'' called for
> nil:NilClass
>
> which remains the exact same error.
>
> The two versions i''m running are:
> Master:
> [root@puppetbeta ssl]# puppet --version
> 0.24.7
>
> Slave:
> root@puppetsun:/opt/csw/bin# ./puppet --version
> 0.24.7
>
> What''s the certname option it talks about?
>
> cheers
> chakkerz
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Valid point, unfortunately, i configured this:
root@puppetsun:/opt/csw/bin# cat /opt/csw/etc/puppet/puppet.conf
[main]
        vardir = /var/lib/puppet
        logdir = /var/log/puppet
        rundir = /var/run/puppet
        ssldir = $vardir/ssl
        pluginsync = true
        factpath = $vardir/lib/facter
        modulepath = $vardir/lib/modules

[puppetd]
        classfile = $vardir/classes.txt
        localconfig = $vardir/localconfig
        server = puppetbeta.its.uq.edu.au
root@puppetsun:/opt/csw/bin# diff !$ /etc/puppet/puppet.conf
diff /opt/csw/etc/puppet/puppet.conf /etc/puppet/puppet.conf
root@puppetsun:/opt/csw/bin#

Thanks for the thought though :)
chakkerz
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

another issue i had on solaris that it wasnt using the right config file
.... end up using --config /etc/puppet/puppet.conf


On Tue, Feb 10, 2009 at 2:15 PM, chakkerz <chakkerz@gmail.com> wrote:
>
> Valid point, unfortunately, i configured this:
> root@puppetsun:/opt/csw/bin# cat /opt/csw/etc/puppet/puppet.conf
> [main]
>        vardir = /var/lib/puppet
>        logdir = /var/log/puppet
>        rundir = /var/run/puppet
>        ssldir = $vardir/ssl
>        pluginsync = true
>        factpath = $vardir/lib/facter
>        modulepath = $vardir/lib/modules
>
> [puppetd]
>        classfile = $vardir/classes.txt
>        localconfig = $vardir/localconfig
>        server = puppetbeta.its.uq.edu.au
> root@puppetsun:/opt/csw/bin# diff !$ /etc/puppet/puppet.conf
> diff /opt/csw/etc/puppet/puppet.conf /etc/puppet/puppet.conf
> root@puppetsun:/opt/csw/bin#
>
> Thanks for the thought though :)
> chakkerz
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Hello again

--config makes no difference. Same error persists.

Cheers
chakkerz
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

following the advise on the IRC channel i downgraded ruby to 1.8.6
root@puppetsun:/opt/csw/bin# ./ruby -v
ruby 1.8.6 (2007-09-23 patchlevel 110) [i386-solaris2.8]

i now get a new error:
root@puppetsun:/opt/csw/bin# rm -rf /var/lib/puppet/
root@puppetsun:/opt/csw/bin# /opt/csw/bin/puppetd --test
info: Creating a new certificate request for puppetsun.example.org
info: Creating a new SSL key at /var/lib/puppet/ssl/private_keys/
puppetsun.example.org.pem
warning: peer certificate won''t be verified in this SSL session
notice: Did not receive certificate
notice: Set to run ''one time''; exiting with no certificate
root@puppetsun:/opt/csw/bin# /opt/csw/bin/puppetd -vt
warning: peer certificate won''t be verified in this SSL session
notice: Got signed certificate
info: Retrieving plugins
warning: Certificate validation failed; consider using the certname
configuration option
err: /File[/var/lib/puppet/lib]: Failed to generate additional
resources during transaction: Certificates were not trusted:
certificate verify failed
warning: Certificate validation failed; consider using the certname
configuration option
err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of
resource: Certificates were not trusted: certificate verify failed
Could not describe /plugins: Certificates were not trusted:
certificate verify failed
err: Could not retrieve catalog: private method `chomp'' called for
nil:NilClass


This is after clearing /var/lib/puppet , restarting the daemon and re-
signing the cert.

the server has:
[root@puppetbeta /]# puppetca --list --all
+ puppetsun.its.uq.edu.au
+ puppetbeta.its.uq.edu.au

Cheers, and thanks for all the help on the channel, Damm, Andrew and
fujin in particular.

chakkerz
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On Wed, Feb 11, 2009 at 5:12 PM, chakkerz <chakkerz@gmail.com>
wrote:
> This is after clearing /var/lib/puppet , restarting the daemon and re-
> signing the cert.
>
> the server has:
> [root@puppetbeta /]# puppetca --list --all
> + puppetsun.its.uq.edu.au
> + puppetbeta.its.uq.edu.au
>
I had some similar trouble on solaris, which I eventually worked
around by manually copying the CA cert to the client and doing
master-side certificate generation. In our case, it isn''t a problem to
include the CA cert in the client build.

cheers
rob

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

OK, new error. Regardless of which ruby i use, i get the following if
i do a puppetca --generate puppetsun... and then transfer the files.
(also this doesn''t seem to care too much about permissions, but the
last time i did it, i was very careful to replicate the permissions
from the master).

root@puppetsun:/var/lib/puppet# /opt/csw/bin/puppetd -vt/opt/csw/lib/
ruby/site_ruby/1.8/puppet/network/http_pool.rb:50:in `add_file'':
system lib (OpenSSL::X509::StoreError)
        from /opt/csw/lib/ruby/site_ruby/1.8/puppet/network/
http_pool.rb:50:in `cert_setup''
        from /opt/csw/lib/ruby/site_ruby/1.8/puppet/network/
http_pool.rb:101:in `http_instance''
        from /opt/csw/lib/ruby/site_ruby/1.8/puppet/network/xmlrpc/
client.rb:130:in `initialize''
        from /opt/csw/lib/ruby/site_ruby/1.8/puppet/network/client.rb:
94:in `new''
        from /opt/csw/lib/ruby/site_ruby/1.8/puppet/network/client.rb:
94:in `initialize''
        from /opt/csw/lib/ruby/site_ruby/1.8/puppet/network/client/
master.rb:198:in `initialize''
        from /opt/csw/bin/puppetd:328:in `new''
        from /opt/csw/bin/puppetd:328

The line in question reads:
store.add_file Puppet[:localcacert]

Alas this means very little to me...

Cheers
chakkerz
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

i''ve copied the ca.pem from the master to the client. Now i''m
back to
the familar:

root@puppetsun:/var/lib/puppet/ssl# /opt/csw/bin/puppetd -vt
info: Retrieving plugins
warning: Certificate validation failed; consider using the certname
configuration option
err: /File[/var/lib/puppet/lib]: Failed to generate additional
resources during transaction: Certificates were not trusted:
certificate verify failed
warning: Certificate validation failed; consider using the certname
configuration option
err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of
resource: Certificates were not trusted: certificate verify failed
Could not describe /plugins: Certificates were not trusted:
certificate verify failed
err: Could not retrieve catalog: private method `chomp'' called for
nil:NilClass

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Is there any particular reason you''re copying the certificates and  
whatnot by hand instead of using the built in mechanisms?

Regards,

AJ

On 13/02/2009, at 11:12 AM, chakkerz wrote:
>
> i''ve copied the ca.pem from the master to the client. Now
i''m back to
> the familar:
>
> root@puppetsun:/var/lib/puppet/ssl# /opt/csw/bin/puppetd -vt
> info: Retrieving plugins
> warning: Certificate validation failed; consider using the certname
> configuration option
> err: /File[/var/lib/puppet/lib]: Failed to generate additional
> resources during transaction: Certificates were not trusted:
> certificate verify failed
> warning: Certificate validation failed; consider using the certname
> configuration option
> err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of
> resource: Certificates were not trusted: certificate verify failed
> Could not describe /plugins: Certificates were not trusted:
> certificate verify failed
> err: Could not retrieve catalog: private method `chomp'' called for
> nil:NilClass
>
> >

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Yeah ...the built in mechanism fails worse

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

well.. it shouldnt...

just another stupid question, your clocks are in sync right?

On Fri, Feb 13, 2009 at 9:23 AM, chakkerz <chakkerz@gmail.com> wrote:
>
> Yeah ...the built in mechanism fails worse
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Ohad ... no they weren''t. It still isn''t working but it looks
like the
SSL thing is sorted.

Thanks everyone for their help.

chakkerz
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---