Puppet users - Jul 2012 - Trouble using the dns_alt_names config option

Hello:

I''m trying to put a puppet master on an EC2 instance, and have it be 
accessible to agentes using either its EC2 DNS name (e.g., 
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com) or a friendlier alias (e.g., 
puppet.example.com).

My /etc/puppet/puppet.conf looks like:

[master]
certname=ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com
dns_alt_names=ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com,puppet.example.com,puppet

When I try to connect to puppet.example.com, I get the following error:

Jun 29 20:57:58 precise32 puppet-agent[1178]: Could not send report: Server 
hostname ''puppet.example.com'' did not match server
certificate; expected
one of ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com, 
DNS:ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com, DNS:puppet, 
DNS:puppet.example.com

What are the possible sources for this error? It looks like it expects 
puppet.example.com as a valid name, but ''puppet.example.com''
isn''t matching
against DNS:puppet.example.com (?)

I''m running Puppet 2.7.11 on ubuntu precise (12.04).

Also, is there any way for an agent to trust the puppet master using only a 
certificate instead of relying on DNS?

Lorin

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/YiT7sxtrMiIJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

DISCLAIMER: I''ve been using puppet for about 8 hours. Have you
regenerated
your ssl certificates by nuking the ssl dir *(e.g. sudo rm -rf 
/var/lib/puppet/ssl) and restarting puppetmaster?

On Monday, July 2, 2012 2:59:10 PM UTC+1, Lorin Hochstein
wrote:
>
> Hello:
>
> I''m trying to put a puppet master on an EC2 instance, and have it
be
> accessible to agentes using either its EC2 DNS name (e.g., 
> ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com) or a friendlier alias (e.g., 
> puppet.example.com).
>
> My /etc/puppet/puppet.conf looks like:
>
> [master]
> certname=ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com
> dns_alt_names=ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com,
> puppet.example.com,puppet
>
> When I try to connect to puppet.example.com, I get the following error:
>
> Jun 29 20:57:58 precise32 puppet-agent[1178]: Could not send report: 
> Server hostname ''puppet.example.com'' did not match server
certificate;
> expected one of ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com, DNS:
> ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com, DNS:puppet, DNS:
> puppet.example.com
>
> What are the possible sources for this error? It looks like it expects 
> puppet.example.com as a valid name, but
''puppet.example.com'' isn''t
> matching against DNS:puppet.example.com (?)
>
> I''m running Puppet 2.7.11 on ubuntu precise (12.04).
>
> Also, is there any way for an agent to trust the puppet master using only 
> a certificate instead of relying on DNS?
>
> Lorin
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/E_YgseqmvuYJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Hello,

same problem here... anybody knows what todo ? Running Puppet 3.2.4...


-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.