thinkwell
2013-Feb-06 16:46 UTC
[Puppet Users] Puppet broken in upgrade from 3.0.1 to 3.1.0
Hello everyone, Recently puppet was upgraded from 3.0.1 to 3.1.0 when I did a sudo apt-get update on my Kubuntu server. Now, I''m getting the following error <http://thinkwelldesigns.com/puppet.html>when running puppet. My config.ru file <http://thinkwelldesigns.com/config.txt>is the same as the source3.1.0 config.ru file<https://github.com/puppetlabs/puppet/blob/3.1.0/ext/rack/files/config.ru> . So I''m scratching my head. My apache error log only shows: [code] [Wed Feb 06 11:37:08 2013] [warn] RSA server certificate CommonName (CN) `<server>'' does NOT match server name!? [/code] But that apparently didn''t prevent puppet from functioning for quite some time, since I found I was getting that error months ago. [code] [Sun Dec 09 07:57:49 2012] [warn] RSA server certificate CommonName (CN) `<server>'' does NOT match server name!? [/code] Anybody have some help for me? Thanks! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Johan De Wit
2013-Feb-06 19:43 UTC
Re: [Puppet Users] Puppet broken in upgrade from 3.0.1 to 3.1.0
On 02/06/2013 05:46 PM, thinkwell wrote:> Hello everyone, > > Recently puppet was upgraded from 3.0.1 to 3.1.0 when I did a sudo > apt-get update on my Kubuntu server. > > Now, I''m getting the following error > <http://thinkwelldesigns.com/puppet.html>when running puppet. My > config.ru file <http://thinkwelldesigns.com/config.txt>is the same as > the source3.1.0 config.ru file > <https://github.com/puppetlabs/puppet/blob/3.1.0/ext/rack/files/config.ru>. > > So I''m scratching my head. My apache error log only shows: > > [code] > [Wed Feb 06 11:37:08 2013] [warn] RSA server certificate CommonName > (CN) `<server>'' does NOT match server name!? > [/code] > But that apparently didn''t prevent puppet from functioning for quite > some time, since I found I was getting that error months ago. > [code] > [Sun Dec 09 07:57:49 2012] [warn] RSA server certificate CommonName > (CN) `<server>'' does NOT match server name!? > [/code] > > Anybody have some help for me? > > Thanks! > -- > You received this message because you are subscribed to the Google > Groups "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to puppet-users+unsubscribe@googlegroups.com. > To post to this group, send email to puppet-users@googlegroups.com. > Visit this group at http://groups.google.com/group/puppet-users?hl=en. > For more options, visit https://groups.google.com/groups/opt_out. > >have you checked your /etc/puppet/puppet.conf, could be overwritten by the upgrade ? -- Johan De Wit Open Source Consultant Red Hat Certified Engineer (805008667232363) Puppet Certified Professional 2013 (PCP0000006) _________________________________________________________ Open-Future Phone +32 (0)2/255 70 70 Zavelstraat 72 Fax +32 (0)2/255 70 71 3071 KORTENBERG Mobile +32 (0)474/42 40 73 BELGIUM http://www.open-future.be _________________________________________________________ -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Dominic Cleal
2013-Feb-07 11:00 UTC
Re: [Puppet Users] Puppet broken in upgrade from 3.0.1 to 3.1.0
On 06/02/13 16:46, thinkwell wrote:> Hello everyone, > > Recently puppet was upgraded from 3.0.1 to 3.1.0 when I did a sudo > apt-get update on my Kubuntu server. > > Now, I''m getting the following error > <http://thinkwelldesigns.com/puppet.html>when running puppet. My > config.ru file <http://thinkwelldesigns.com/config.txt>is the same as > the source3.1.0 config.ru file > <https://github.com/puppetlabs/puppet/blob/3.1.0/ext/rack/files/config.ru>. > > So I''m scratching my head. My apache error log only shows: > > [code] > [Wed Feb 06 11:37:08 2013] [warn] RSA server certificate CommonName (CN) > `<server>'' does NOT match server name!? > [/code] > But that apparently didn''t prevent puppet from functioning for quite > some time, since I found I was getting that error months ago. > [code] > [Sun Dec 09 07:57:49 2012] [warn] RSA server certificate CommonName (CN) > `<server>'' does NOT match server name!? > [/code] > > Anybody have some help for me?Do check syslog, as the puppet master usually logs initialisation problems there (e.g. permissions). -- Dominic Cleal Red Hat Engineering -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
thinkwell
2013-Feb-07 13:46 UTC
Re: [Puppet Users] Puppet broken in upgrade from 3.0.1 to 3.1.0
My problem is now resolved... Thanks for your replies, Dominic and Johan. I''m not using puppet to manage the puppet server, but in the course of troubleshooting, I tried running puppet agent -t on the puppet server. This gave me a certificate mismatch error and when I deleted the old certificate and created & signed a new one, everything worked. Sorta puzzles me. Why would this mismatched agent certificate on puppetmaster interfered with other puppet agent runs? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Dominic Cleal
2013-Feb-07 13:50 UTC
Re: [Puppet Users] Puppet broken in upgrade from 3.0.1 to 3.1.0
On 07/02/13 13:46, thinkwell wrote:> My problem is now resolved... Thanks for your replies, Dominic and Johan. > > I''m not using puppet to manage the puppet server, but in the course of > troubleshooting, I tried running puppet agent -t on the puppet server. > This gave me a certificate mismatch error and when I deleted the old > certificate and created & signed a new one, everything worked. > > Sorta puzzles me. Why would this mismatched agent certificate on > puppetmaster interfered with other puppet agent runs?The same certificate that is used for the agent on the master server is also used for the master process itself (inbound connections). -- Dominic Cleal Red Hat Engineering -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Jo Rhett
2013-Feb-08 20:39 UTC
Re: [Puppet Users] Puppet broken in upgrade from 3.0.1 to 3.1.0
On Feb 7, 2013, at 5:50 AM, Dominic Cleal wrote:>> Sorta puzzles me. Why would this mismatched agent certificate on >> puppetmaster interfered with other puppet agent runs? > > The same certificate that is used for the agent on the master server is > also used for the master process itself (inbound connections).Only if you let your puppet server use the host it''s running on FQDN, which I devoutly disagree with in practice. Best to keep them separate by putting a hardcoded certname in the [master] section to avoid these kinds of problems. -- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
thinkwell
2013-Feb-09 03:52 UTC
Re: [Puppet Users] Puppet broken in upgrade from 3.0.1 to 3.1.0
Yes, I do have a hardcoded certificate name in my master section. That''s why I my agent cert issue was so unexpected. Oh well, I guess all''s well that ends well. I just think I''ll disable the repo and not do upgrades for a long time, now that I''m at 3.1. These little glitches make little grey hairs after awhile and snip off a few minutes of life expectancy. Speaking in generalites, of course. Puppet is wonderful. : -) On Friday, February 8, 2013 3:39:41 PM UTC-5, Jo wrote:> > On Feb 7, 2013, at 5:50 AM, Dominic Cleal wrote: > > Sorta puzzles me. Why would this mismatched agent certificate on > > puppetmaster interfered with other puppet agent runs? > > > The same certificate that is used for the agent on the master server is > also used for the master process itself (inbound connections). > > > Only if you let your puppet server use the host it''s running on FQDN, > which I devoutly disagree with in practice. Best to keep them separate by > putting a hardcoded certname in the [master] section to avoid these kinds > of problems. > > -- > Jo Rhett > Net Consonance : net philanthropy to improve open source and internet > projects. > > > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
thinkwell
2013-Feb-12 00:15 UTC
Re: [Puppet Users] Puppet broken in upgrade from 3.0.1 to 3.1.0
Well, this problem continues to harass me. I have to recreate an agent certificate on the puppet master after every reboot before puppet agents will update successfully. What am I doing wrong? On Wednesday, February 6, 2013 2:43:44 PM UTC-5, Johan De Wit wrote:> > On 02/06/2013 05:46 PM, thinkwell wrote: > > Hello everyone, > > Recently puppet was upgraded from 3.0.1 to 3.1.0 when I did a sudo apt-get > update on my Kubuntu server. > > Now, I''m getting the following error > <http://thinkwelldesigns.com/puppet.html>when running puppet. My > config.ru file <http://thinkwelldesigns.com/config.txt>is the same as the > source 3.1.0 config.ru file<https://github.com/puppetlabs/puppet/blob/3.1.0/ext/rack/files/config.ru> > . > > So I''m scratching my head. My apache error log only shows: > > [code] > [Wed Feb 06 11:37:08 2013] [warn] RSA server certificate CommonName (CN) > `<server>'' does NOT match server name!? > [/code] > But that apparently didn''t prevent puppet from functioning for quite some > time, since I found I was getting that error months ago. > [code] > [Sun Dec 09 07:57:49 2012] [warn] RSA server certificate CommonName (CN) > `<server>'' does NOT match server name!? > [/code] > > Anybody have some help for me? > > Thanks! > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users...@googlegroups.com <javascript:>. > To post to this group, send email to puppet...@googlegroups.com<javascript:> > . > Visit this group at http://groups.google.com/group/puppet-users?hl=en. > For more options, visit https://groups.google.com/groups/opt_out. > > > > have you checked your /etc/puppet/puppet.conf, could be overwritten by the > upgrade ? > > > -- > Johan De Wit > > Open Source Consultant > Red Hat Certified Engineer (805008667232363) > Puppet Certified Professional 2013 (PCP0000006) > _________________________________________________________ > > Open-Future Phone +32 (0)2/255 70 70 > Zavelstraat 72 Fax +32 (0)2/255 70 71 > 3071 KORTENBERG Mobile +32 (0)474/42 40 73 > BELGIUM http://www.open-future.be > _________________________________________________________ > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Chris Handy
2013-Feb-21 23:10 UTC
Re: [Puppet Users] Puppet broken in upgrade from 3.0.1 to 3.1.0
I also started having issues with puppet and passenger when moving to 3.1.0. Not exactly the same, but I set it up fresh on a new server with passenger and now get 403 errors whenever i try to check in. I reran my puppet passenger setup in 3.0.1 and it works flawlessly. Is there any more debugging I can set to see why this might be happening? I even first set up the puppet master by itself to make sure the certs are working correctly on 3.1.0 which they were, but as soon as i try and turn it into a passenger instance it starts to have issues. Thanks, Chris On Monday, February 11, 2013 7:15:57 PM UTC-5, thinkwell wrote:> > Well, this problem continues to harass me. I have to recreate an agent > certificate on the puppet master after every reboot before puppet agents > will update successfully. > > What am I doing wrong? > > On Wednesday, February 6, 2013 2:43:44 PM UTC-5, Johan De Wit wrote: >> >> On 02/06/2013 05:46 PM, thinkwell wrote: >> >> Hello everyone, >> >> Recently puppet was upgraded from 3.0.1 to 3.1.0 when I did a sudo >> apt-get update on my Kubuntu server. >> >> Now, I''m getting the following error >> <http://thinkwelldesigns.com/puppet.html>when running puppet. My >> config.ru file <http://thinkwelldesigns.com/config.txt>is the same as >> the source 3.1.0 config.ru file<https://github.com/puppetlabs/puppet/blob/3.1.0/ext/rack/files/config.ru> >> . >> >> So I''m scratching my head. My apache error log only shows: >> >> [code] >> [Wed Feb 06 11:37:08 2013] [warn] RSA server certificate CommonName (CN) >> `<server>'' does NOT match server name!? >> [/code] >> But that apparently didn''t prevent puppet from functioning for quite some >> time, since I found I was getting that error months ago. >> [code] >> [Sun Dec 09 07:57:49 2012] [warn] RSA server certificate CommonName (CN) >> `<server>'' does NOT match server name!? >> [/code] >> >> Anybody have some help for me? >> >> Thanks! >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to puppet-users...@googlegroups.com. >> To post to this group, send email to puppet...@googlegroups.com. >> Visit this group at http://groups.google.com/group/puppet-users?hl=en. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> >> have you checked your /etc/puppet/puppet.conf, could be overwritten by >> the upgrade ? >> >> >> -- >> Johan De Wit >> >> Open Source Consultant >> Red Hat Certified Engineer (805008667232363) >> Puppet Certified Professional 2013 (PCP0000006) >> _________________________________________________________ >> >> Open-Future Phone +32 (0)2/255 70 70 >> Zavelstraat 72 Fax +32 (0)2/255 70 71 >> 3071 KORTENBERG Mobile +32 (0)474/42 40 73 >> BELGIUM http://www.open-future.be >> _________________________________________________________ >> >>-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.