Hi all,
I''m trying to set up puppet 0.24.5 using the packages provided for
Mandriva 2009.0. After installing the packages and starting the
puppetmaster service for the first time, the relevant CA certificates
and keys are generated automatically and placed in subdirectories of
$ssldir. However, when I then run puppetd on the same machine thus:
$ puppetd --server myhost.mydomain --waitforcert 60 --test
the command returns within 10 seconds with:
err: Could not retrieve catalog: Certificates were not trusted:
SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A:
unknown protocol
warning: Not using cache on failed catalog
Nevertheless, a certificate for myhost.mydomain appears in $cadir/signed
- despite there being no $confdir/autosign.conf file nor an
''autosign''
entry in $confdir/puppet.conf.
The Mandriva packages also include a couple of additional config files,
/etc/sysconfig/puppetd and /etc/sysconfig/puppetmasterd; but every
non-blank line in both those files is commented out.
I assume it is indeed possible for a puppet server to have itself as a
client? If so, what am I missing here?
Alexis.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
On Mar 2, 2009, at 5:07 AM, Alexis Hazell wrote:> > Hi all, > > I''m trying to set up puppet 0.24.5 using the packages provided for > Mandriva 2009.0. After installing the packages and starting the > puppetmaster service for the first time, the relevant CA certificates > and keys are generated automatically and placed in subdirectories of > $ssldir. However, when I then run puppetd on the same machine thus: > > $ puppetd --server myhost.mydomain --waitforcert 60 --test > > the command returns within 10 seconds with: > > err: Could not retrieve catalog: Certificates were not trusted: > SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: > unknown protocol > warning: Not using cache on failed catalog > > Nevertheless, a certificate for myhost.mydomain appears in $cadir/ > signed > - despite there being no $confdir/autosign.conf file nor an ''autosign'' > entry in $confdir/puppet.conf. > > The Mandriva packages also include a couple of additional config > files, > /etc/sysconfig/puppetd and /etc/sysconfig/puppetmasterd; but every > non-blank line in both those files is commented out. > > I assume it is indeed possible for a puppet server to have itself as a > client? If so, what am I missing here?That sounds more like a configuration problem or something; I don''t think I''ve seen that error. Do you maybe have mongrel set up but have your client talking directly to Mongrel, rather than through a proxy that does SSL termination for you? -- I don''t deserve this award, but I have arthritis and I don''t deserve that either. -- Jack Benny --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
On Mar 4, 4:10 am, Luke Kanies <l...@madstop.com> wrote:> That sounds more like a configuration problem or something; I don''t > think I''ve seen that error. > > Do you maybe have mongrel set up but have your client talking directly > to Mongrel, rather than through a proxy that does SSL termination for > you?Hi Luke, Thanks for your reply. No, Mongrel isn''t involved; it''s not installed on the machine in question. Alexis. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---