Issue #2031 has been updated by Mikhail T.. Status changed from Closed to Re-opened Target version deleted Affected version changed from 0.24.7 to 0.25.0 Keywords set to waitforcert
I'm afraid, the handling of *waitforcert* is still messed up... Trying to get puppetd to come up and wait certificate-signing fails _whatever_ is in the waitforcert argument: > m...@client:/ (165) time ~mteterin/sbin/puppetd --server server --waitforcert > 121 --test > warning: peer certificate won't be verified in this SSL session > warning: peer certificate won't be verified in this SSL session > warning: peer certificate won't be verified in this SSL session > Exiting; no certificate found and waitforcert is disabled > 2.802u 0.781s 0:05.10 70.1% 0+0k 0+0io 0pf+0w identical output to: > m...@client:/ (166) time ~mteterin/sbin/puppetd --server server --waitforcert > 0 --test > warning: peer certificate won't be verified in this SSL session > warning: peer certificate won't be verified in this SSL session > warning: peer certificate won't be verified in this SSL session > Exiting; no certificate found and waitforcert is disabled > 2.831u 0.779s 0:05.10 70.5% 0+0k 0+0io 0pf+0w And if I am doing something wrong, puppetd is not helping me figure it out... ---------------------------------------- Bug #2031: waitforcert option documentation is inconsistent with the code. http://projects.reductivelabs.com/issues/2031 Author: Paul Lathrop Status: Re-opened Priority: Normal Assigned to: James Turnbull Category: documentation Target version: Affected version: 0.25.0 Keywords: waitforcert Branch: I was alerted to this issue by the discussion at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=509566 The documentation in puppetd --help says: <pre> waitforcert: This option only matters for daemons that do not yet have certificates and it is enabled by default, with a value of 120 (seconds). This causes +puppetd+ to connect to the server every 2 minutes and ask it to sign a certificate request. This is useful for the initial setup of a puppet client. You can turn off waiting for certificates by specifying a time of 0. </pre> However, this is inconsistent with the code in source:lib/puppet/executables/client/certhandler.rb which says: <pre> def retrieve_cert caclient = Puppet::Network::Client.ca.new() while true do begin if caclient.request_cert break if read_new_cert else Puppet.notice "Did not receive certificate" if @one_time Puppet.notice "Set to run 'one time'; exiting with no certificate" exit(1) end end rescue StandardError => detail Puppet.err "Could not request certificate: %s" % detail.to_s exit(23) if @one_time end sleep @wait_for_cert end end </pre> -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://reductivelabs.com/redmine/my/account --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en -~----------~----~----~----~------~----~------~--~---
