Hi Matthew, On Wed, 2008-10-08 at 18:43 +1100, Matthew Palmer wrote: > On Wed, Oct 08, 2008 at 09:20:32AM +0200, Stephan Hermann wrote: > > On Wed, 2008-10-08 at 11:33 +1100, Matthew Palmer wrote: > > > On Tue, Oct 07, 2008 at 11:36:44PM +0200, Stephan Hermann wrote: > > > > Package: puppet > > > > Version: 0.24.5-2 > > > > > > > > Dear Colleagues, > > > > > > > > please add the openssl package to Depends/Recommends/Suggests to the > > > > puppet package. > > > > > > > > puppetca needs it to sign and generate keyfiles and signatures. > > > > > > That would actually be libopenssl-ruby that's needed, and it'd be a > > > Recommends on the puppetmaster package, as that's where puppetca lives. I > > > could have sworn that used to be in the Recommends, back in the day... > > > > Nope... > > libopenssl-ruby doesn't work out properly... > > > > I wonder why...I didn't have openssl installed, and puppetca didn't work > > properly...first after installing openssl puppetca worked as expected. > > So, let's do some basic debugging then. What operation(s) failed without > openssl installed, and what error(s) did you see? The only place I can see > that the openssl binary is called from puppetca is in puppetca --verify.
Ok, I installed puppetmaster + puppet (dep of puppetmaster) on server A, setup a basic site.pp for the manifest...so far it's working. On Server B I installed puppet only, and did a test connect like: puppetd --fqdn whatever3 --server puppetmaster --waitforcert 60 --test puppetmaster now refuses to let the client (whatever3) pass through and get its config, because server B can't be authenticated. puppetca on puppetmaster now tells me via puppetca -l that there is a request for signature for an ssl key of "whatever3" client. puppetca -s <nodename> -> no signed request. doesn't work the call puppetd --fqdn whatever3 --server syslog01 --waitforcert 60 --test doesn't work... after installing openssl on puppetmaster and deleting the files from the certstore via puppetca --clean and puppetca --generate <nodename> (signature included) the client can connect to the puppetmaster and works as expected. Regards, \sh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]