Issue #8858 has been updated by Greg Sutcliffe.
I'm presently seeing this, and the workaround doesn't seem to solve it either. I've tried the same client against two different masters (clearing out $vardir completely each time, of course). Client: Archlinux, Ruby 1.9.3, Puppet 2.7.6 Server1: Debian Wheezy, Ruby 1.8.7, Puppet 2.7.6 Server2: Archlinux (not the same one as the client), Ruby 1.9.3, Puppet 2.7.6 I thought I might have the 9084 problem, but the client refuses to connect to either server, both before and after the SSL workaround posted above. I'm stumped as to where to go next - I'm guessing this might be an Archlinux specific problem, but I'm happy to provide any debug output necessary. ---------------------------------------- Bug #8858: Puppet registration with master with Ruby 1.9.2 https://projects.puppetlabs.com/issues/8858 Author: Ryan Conway Status: Needs More Information Priority: Normal Assignee: Ryan Conway Category: Target version: Affected Puppet version: Keywords: Branch: When using Puppet 1.9.2, when trying to register the agent with a master, it fails to obtain the master certificate, and therefore fails to complete registration or retrieve and apply a configuration. /usr/local/bin/puppetd --server mypuppetmaster.domain.com --no-daemonize --onetime produces errors along the lines of: err: Could not request certificate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed In order to fix this, you need to do the following *before* running the initial registration: Obtain your openssl base directory: openssl version -d This results in something like /usr/lib/openssl/ Copy your PuppetMaster CA.pem to somewhere, like /etc/puppet/ssl/certs/masterca.pem Generate a hash of the masterca.pem file: openssl x509 -hash -noout -in /etc/puppet/ssl/certs/masterca.pem This results in something like '520f3686'. Symlink the hash into your openssl basedir, within the certs directory, appending .0: ln -s /etc/puppet/ssl/certs/masterca.pem /usr/lib/openssl/certs/520f3686.0 Finally, re-run the registration, which should now work as expected. /usr/local/bin/puppetd --server mypuppetmaster.domain.com --no-daemonize --onetime The workaround I found on the following thread: https://groups.google.com/group/puppet-users/browse_thread/thread/fa49f1b9b36ceac6/72bf694d4e2f3012?pli=1 Note: if you have already tried to register with a master, you will need to clear your /etc/puppet/ssl directory, before trying these steps, otherwise the cached versions will be used, and the workaround will fail. This only seems to affect Ruby 1.9. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
