[Puppet-bugs] [Puppet - Bug #1525] local host fails to sync with mongrel/apache2

Thu, 28 Aug 2008 09:44:38 -0700 

Issue #1525 has been updated by madduck.


I cannot seem to reply or edit at the moment (probably javascript issues), so 
here's another comment:

Micah's solution works and lets me sign new certificates; however, on every run 
of puppetd, it ('puppetd' in the logs) complains about the tlsvs1 verification 
error and no actual configuration will happen since presumably it cannot 
establish the authenticity of the server.
----------------------------------------
Bug #1525: local host fails to sync with mongrel/apache2
http://reductivelabs.com/redmine/issues/show/1525

Author: madduck
Status: Unreviewed
Priority: Normal
Assigned to: 
Category: 
Target version: 
Complexity: Unknown
Affected version: 0.24.4
Keywords: 


After switching to mongrel (and recreating the certificate for the local
puppetd), the local puppetd won't sync with puppet anymore:

  err: /File[/var/lib/puppet/lib]: Failed to generate additional resources
  during transaction: Certificates were not trusted: tlsv1 alert decrypt error

All other hosts connecting via the network work fine.

It was suggested on IRC to comment SSLCARevocationFile in the apache2 config,
but this did not make the problem go away.

`openssl s_client -connect puppetmaster.madduck.net:8140` doesn't output
anything different when run locally.

`openssl crl -in /var/lib/puppet/ssl/ca/ca_crl.pem -text` seems happy.
`openssl x509 -in /var/lib/puppet/ssl/certs/vera.madduck.net.pem` also seems
happy.

An strace file of the puppetd run is attached.

Local puppet.conf is:

  [puppetd]
  server=puppetmaster.madduck.net

  [puppetmasterd]
  certname=puppetmaster.madduck.net



----------------------------------------
You have received this notification because you have either subscribed to it, 
or are involved in it.
To change your notification preferences, please click here: 
http://reductivelabs.com/redmine/my/account

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Puppet Bugs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-bugs?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to