A quick overview of our setup:
We have an EBS-backed puppet master instance with an Elastic IP, and a
number of puppet agent AMI images in various regions. When these AMIs
were created, they were authenticated with the puppet master using the
following command:
# puppet agent --certname=$(cat /etc/puppet/certname) --server
puppet.ourdomain.net --waitforcert 30 --test
...and accepted on the puppet master with:
# puppet cert --certname=$(cat /etc/puppet/certname) --sign {instance-
name}
Spinning up new instances of the AMIs worked without issue.
Now, the problem:
Recently we had to reboot our puppet master instance. As expected, the
Elastic IP stayed the same. As far as we can tell, the *hostname*
stayed the same also. Since it was just a reboot, this can happen.
However, despite setting the --certname on both the master and agent
and the IP and hostname not changing, our agents are now complaining
that the "hostname not match with the server certificate".
We''re at a loss on how to fix this. We''d rather fix this on
the server
rather than have to re-image the AMIs, as it was a time-consuming
operation and we can''t put aside time to re-image the AMIs every time
the master reboots.
Any suggestions on how to track down where the problem is or how to
fix it?
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Phillip B Oldham
2011-Mar-08 13:27 UTC
[Puppet Users] Re: EC2 master restart, broken agents
Ignore everything I wrote -- my configuration file which started up the puppet master sets the --certname, however it was corrupt after a config tweak. Fixing that fixed the communication. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Seemingly Similar Threads
- "hostname not match with the server certificate" error
- Certificate validation failing
- Asterisk on the Cloud With a Click - pre-built Asterisk Amazon EC2 instance
- Puppet Agent Configure Error in EC2
- How to know the generated certname used by a puppet client, for reuse within erb (because of cloud provisioner) ?