I have a problem with puppet on a machine which has public and private IP address. My nodes are on private lan, and hostname of master is FQDN of the public IP. Client''s just cannot connect. Problem which I get is: err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed I''ve added PUPPETMASTER_EXTRA_OPTS=--server=10.0.0.2 to the /etc/sysconfig/puppetmaster, but there is no help. I''ve added: 10.0.0.2 puppet to the hosts on both master and slaves, and again no help. Any ideas? -- Jakov Sosic www.srce.unizg.hr -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Thu, Jun 14, 2012 at 4:29 PM, Jakov Sosic <jsosic@srce.hr> wrote:> I have a problem with puppet on a machine which has public and private > IP address. My nodes are on private lan, and hostname of master is FQDN > of the public IP. > > Client''s just cannot connect. Problem which I get is: > > err: Could not retrieve catalog from remote server: SSL_connect > returned=1 errno=0 state=SSLv3 read server certificate B: certificate > verify failed > > > I''ve added > PUPPETMASTER_EXTRA_OPTS=--server=10.0.0.2 > > to the /etc/sysconfig/puppetmaster, but there is no help. > > I''ve added: > > 10.0.0.2 puppet > > to the hosts on both master and slaves, and again no help. >The name the agent uses to contact the master must be listed in the master certificate''s Subject or Alt Names field. puppet is a name that is in the alt names field. If you add 10.0.0.2 puppet to the hosts file on the agents, then you need to make sure "puppet" is the name the agent uses to contact the master. Try adding server=puppet to the agent''s puppet.conf and it should work. -Jeff -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On 06/15/2012 02:18 AM, Jeff McCune wrote:> The name the agent uses to contact the master must be listed in the > master certificate''s Subject or Alt Names field. > > puppet is a name that is in the alt names field. > > If you add 10.0.0.2 puppet to the hosts file on the agents, then you > need to make sure "puppet" is the name the agent uses to contact the master. > > Try adding server=puppet to the agent''s puppet.conf and it should work.Thank you for your answer, although problem was kinda weird... time skew... different time on client and puppetmaster :D -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.