My master is running 12.04 Version: 2.7.11-1ubuntu2 Depends: ruby1.8, puppetmaster-common (= 2.7.11-1ubuntu2) My client is 10.04 Version: 2.6.3-0ubuntu1~lucid1 Depends: puppet-common (= 2.6.3-0ubuntu1~lucid1), ruby1.8 I followed this tutorial to install Puppet on the client: http://shapeshed.com/setting-up-puppet-on-ubuntu-10-04/ (I didn''t need that tar ball because the "best practice" structure is already built into the puppet release) I also followed this tutorial to connect Puppetmaster and Puppet: <http://shapeshed.com/connecting-clients-to-a-puppet-master/> http://shapeshed.com/connecting-clients-to-a-puppet-master/ The first time I tried to connect master to client failed with SSL_connect error. So I did rm -rf /etc/puppet/ssl/ to remove all the keys inside ssl folders. It worked.. client# puppet agent --server puppet --waitforce 60 --test /usr/lib/ruby/1.8/facter/util/resolution.rb:46: warning: Insecure world writable dir /etc/condor in PATH, mode 040777 /usr/lib/ruby/1.8/puppet/defaults.rb:67: warning: Insecure world writable dir /etc/condor in PATH, mode 040777 info: Creating a new SSL key for giab10 warning: peer certificate won''t be verified in this SSL session info: Caching certificate for ca warning: peer certificate won''t be verified in this SSL session warning: peer certificate won''t be verified in this SSL session info: Creating a new SSL certificate request for giab10 info: Certificate Request fingerprint (md5): XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX warning: peer certificate won''t be verified in this SSL session warning: peer certificate won''t be verified in this SSL session warning: peer certificate won''t be verified in this SSL session warning: peer certificate won''t be verified in this SSL session info: Caching certificate for giab10 err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed warning: Not using cache on failed catalog It cached but then it couldn''t retrieve it. I don''t want to proceed anything so I don''t have to do things over again. But on master... service puppetmaster status * master is not running WoW.... ??? master# service puppetmaster start * Starting puppet master [OK] master# service puppetmaster status * master is not running It still said not running.... What is going on? is time sync? I think they are. I did date on both servers many times, and they seem to be okay. I can''t do auto sync because they are behind firewall and blocked some of the ports. Any help is appreciated. Thanks! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/rf0xG_67Q7IJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
jcbollinger
2012-Jul-02 12:55 UTC
[Puppet Users] Re: SSL_connect?? Because of master is not running?
On Friday, June 29, 2012 11:30:06 PM UTC-5, tas wrote:> > My master is running 12.04 > Version: 2.7.11-1ubuntu2 > Depends: ruby1.8, puppetmaster-common (= 2.7.11-1ubuntu2) > > My client is 10.04 > Version: 2.6.3-0ubuntu1~lucid1 > Depends: puppet-common (= 2.6.3-0ubuntu1~lucid1), ruby1.8 > > I followed this tutorial to install Puppet on the client: http://shapeshed.com/setting-up-puppet-on-ubuntu-10-04/ > (I didn''t need that tar ball because the "best practice" structure is > already built into the puppet release) > I also followed this tutorial to connect Puppetmaster and Puppet: > <http://shapeshed.com/connecting-clients-to-a-puppet-master/> > http://shapeshed.com/connecting-clients-to-a-puppet-master/ > > The first time I tried to connect master to client failed with SSL_connect > error. So I did rm -rf /etc/puppet/ssl/ to remove all the keys inside ssl > folders. >Both on the master and on the agent? And did you restart the master afterwards, before attempting to connect to it with the client?> > It worked.. > > client# puppet agent --server puppet --waitforce 60 --test > /usr/lib/ruby/1.8/facter/util/resolution.rb:46: warning: Insecure world > writable dir /etc/condor in PATH, mode 040777 > /usr/lib/ruby/1.8/puppet/defaults.rb:67: warning: Insecure world writable > dir /etc/condor in PATH, mode 040777 > info: Creating a new SSL key for giab10 > warning: peer certificate won''t be verified in this SSL session > info: Caching certificate for ca > warning: peer certificate won''t be verified in this SSL session > warning: peer certificate won''t be verified in this SSL session > info: Creating a new SSL certificate request for giab10 > info: Certificate Request fingerprint (md5): XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX > warning: peer certificate won''t be verified in this SSL session > warning: peer certificate won''t be verified in this SSL session > warning: peer certificate won''t be verified in this SSL session > > warning: peer certificate won''t be verified in this SSL session > info: Caching certificate for giab10 > err: Could not retrieve catalog from remote server: SSL_connect returned=1 > errno=0 state=SSLv3 read server certificate B: certificate verify failed > warning: Not using cache on failed catalog > > It cached but then it couldn''t retrieve it. >Does anything useful appear in the master''s logs?> > I don''t want to proceed anything so I don''t have to do things over again. > But on master... > service puppetmaster status > * master is not running >Well is it running or not? Do you see it in the process table?> > WoW.... ??? > > master# service puppetmaster start > * Starting puppet master [OK] > master# service puppetmaster status > * master is not running >I''d get this one sorted out first. Again, is the master actually running or not? John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/_vzvZkz6CzIJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.