Puppet users - Feb 2013 - Installing puppet master and puppetdb on the same host.

Hi Guys,

I am new to the world of puppet.

I have successfully configured puppet on centos 6 and am now trying to 
install puppetb on the same host.

After the configuration when I try to run puppetd --test command on the 
client I get :

[root@puppettest ~]# puppetd --test
notice: Ignoring --listen on onetime run
err: Could not retrieve catalog from remote server: Error 400 on SERVER: 
Failed to submit ''replace facts'' command for
puppettest.example.com to
PuppetDB at puppetdb.example.com:8081: Server hostname 
''puppetdb.example.com'' did not match server certificate;
expected one of
puppet.example.com, DNS:puppet, DNS:puppet.example.com
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
[root@puppettest ~]# openssl s_client -connect puppetdb.example.com:8081
CONNECTED(00000003)
depth=0 /CN=puppet.example.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /CN=puppet.example.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /CN=puppet.example.com
verify error:num=21:unable to verify the first certificate
verify return:1
30704:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake 
failure:s23_lib.c:188:


I know that I am screwing up on the certificate part. But just don''t
know
where exactly.

Plz help.

Thnx in advance
Wikram

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

On 2013-02-08 15:42, Wikram Patankar wrote:
> I have successfully configured puppet on centos 6 and am now trying to
> install puppetb on the same host.
>
> After the configuration when I try to run puppetd --test command on the
> client I get :
>
> [root@puppettest ~]# puppetd --test
> notice: Ignoring --listen on onetime run
> err: Could not retrieve catalog from remote server: Error 400 on SERVER:
> Failed to submit ''replace facts'' command for
puppettest.example.com to
> PuppetDB at puppetdb.example.com:8081: Server hostname
> ''puppetdb.example.com'' did not match server certificate;
expected one of
> puppet.example.com, DNS:puppet, DNS:puppet.example.com
> warning: Not using cache on failed catalog
> err: Could not retrieve catalog; skipping run
> [root@puppettest ~]# openssl s_client -connect puppetdb.example.com:8081
> CONNECTED(00000003)
> depth=0 /CN=puppet.example.com
> verify error:num=20:unable to get local issuer certificate
> verify return:1
> depth=0 /CN=puppet.example.com
> verify error:num=27:certificate not trusted
> verify return:1
> depth=0 /CN=puppet.example.com
> verify error:num=21:unable to verify the first certificate
> verify return:1
> 30704:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
> failure:s23_lib.c:188:
>
>
> I know that I am screwing up on the certificate part. But just
don''t
> know where exactly.
You are talking to your puppetdb using the hostname 
"puppetdb.example.com", but the process it is using the name 
"puppet.example.com" in its certificate.

This can be fixed by either using a different certificate or using 
puppet.example.com:8081 to connect to the puppetdb.


D.

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

I have puppetDB on my puppetmaster (CentOS 6.3), so I know you can do it. I 
am using Puppet3.0.

You can also use dns_alt_names in your /etc/puppet/puppet.conf file.

Here''s what I have:
[master]
    certname = puppet.domain.com
    dns_alt_names = puppet.domain.com,puppetdb.domain.com,puppet

On Friday, February 8, 2013 6:42:43 AM UTC-8, Wikram Patankar
wrote:
>
> Hi Guys,
>
> I am new to the world of puppet.
>
> I have successfully configured puppet on centos 6 and am now trying to 
> install puppetb on the same host.
>
> After the configuration when I try to run puppetd --test command on the 
> client I get :
>
> [root@puppettest ~]# puppetd --test
> notice: Ignoring --listen on onetime run
> err: Could not retrieve catalog from remote server: Error 400 on SERVER: 
> Failed to submit ''replace facts'' command for
puppettest.example.com to
> PuppetDB at puppetdb.example.com:8081: Server hostname ''
> puppetdb.example.com'' did not match server certificate; expected
one of
> puppet.example.com, DNS:puppet, DNS:puppet.example.com
> warning: Not using cache on failed catalog
> err: Could not retrieve catalog; skipping run
> [root@puppettest ~]# openssl s_client -connect puppetdb.example.com:8081
> CONNECTED(00000003)
> depth=0 /CN=puppet.example.com
> verify error:num=20:unable to get local issuer certificate
> verify return:1
> depth=0 /CN=puppet.example.com
> verify error:num=27:certificate not trusted
> verify return:1
> depth=0 /CN=puppet.example.com
> verify error:num=21:unable to verify the first certificate
> verify return:1
> 30704:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake 
> failure:s23_lib.c:188:
>
>
> I know that I am screwing up on the certificate part. But just
don''t know
> where exactly.
>
> Plz help.
>
> Thnx in advance
> Wikram
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.