[Puppet - Bug #8858] (Unreviewed) Puppet registration with master with Ruby 1.9.2

Tue, 09 Aug 2011 10:09:15 -0700 

Issue #8858 has been reported by Ryan Conway.

----------------------------------------
Bug #8858: Puppet registration with master with Ruby 1.9.2
https://projects.puppetlabs.com/issues/8858

Author: Ryan Conway
Status: Unreviewed
Priority: High
Assignee: 
Category: 
Target version: 
Affected Puppet version: 
Keywords: 
Branch: 


When using Puppet 1.9.2, when trying to register the agent with a master, it 
fails to obtain the master certificate, and therefore fails to complete 
registration or retrieve and apply a configuration.

    /usr/local/bin/puppetd --server mypuppetmaster.domain.com --no-daemonize 
--onetime

produces errors along the lines of:

    err: Could not request certificate: SSL_connect returned=1 errno=0 
    state=SSLv3 read server certificate B: certificate verify failed

In order to fix this, you need to do the following *before* running the initial 
registration:

  Obtain your openssl base directory:    
    openssl version -d
  This results in something like /usr/lib/openssl/

  Copy your PuppetMaster CA.pem to somewhere, like 
/etc/puppet/ssl/certs/masterca.pem

  Generate a hash of the masterca.pem file:
    openssl x509 -hash -noout -in /etc/puppet/ssl/certs/masterca.pem
  This results in something like '520f3686'.

  Symlink the hash into your openssl basedir, within the certs directory, 
appending .0:
    ln -s  /etc/puppet/ssl/certs/masterca.pem /usr/lib/openssl/certs/520f3686.0

  Finally, re-run the registration, which should now work as expected.
    /usr/local/bin/puppetd --server mypuppetmaster.domain.com --no-daemonize 
--onetime

The workaround I found on the following thread:
    
https://groups.google.com/group/puppet-users/browse_thread/thread/fa49f1b9b36ceac6/72bf694d4e2f3012?pli=1


Note: if you have already tried to register with a master, you will need to 
clear your /etc/puppet/ssl directory, before trying these steps, otherwise the 
cached versions will be used, and the workaround will fail.

This only seems to affect Ruby 1.9.


-- 
You have received this notification because you have either subscribed to it, 
or are involved in it.
To change your notification preferences, please click here: 
http://projects.puppetlabs.com/my/account

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/puppet-bugs?hl=en.

Reply via email to