Issue #11431 has been updated by James Turnbull. Subject changed from puppet kick missing crucial documentation to puppet kick failing with "hostname not match with the server certificate" unless ssldir is specified Description updated
---------------------------------------- Bug #11431: puppet kick failing with "hostname not match with the server certificate" unless ssldir is specified https://projects.puppetlabs.com/issues/11431 Author: Jo Rhett Status: Needs More Information Priority: Normal Assignee: Category: agent Target version: Affected Puppet version: 2.6.12 Keywords: Branch: When we last tried out puppet kick, we just did: <pre> puppet kick -t tag $host1 $host2 </pre> …from any host listed in the “path /run” part of auth.conf. We finally cleaned up to use tags instead of environments, went to roll out the new changes and found that the exact same commands now return: <pre> Host (hostname) failed: hostname not match with the server certificate </pre> We have found that puppet kick now works only from hosts which can mount the puppet server’s var directory and specify it on the command line: <pre> puppet kick -t tag —ssldir=/(server’s)/puppet/var/ssl $host </pre> puppet.conf on master <pre> [main] ssldir = $vardir/ssl [master] vardir = /nas/puppet/var </pre> Old description of ticket: The page at http://docs.puppetlabs.com/man/kick.html says > You will most likely have to run 'puppet kick' as root to get access to the > SSL certificates. Please document which certificates that puppet kick uses. Does it need to read the server's CA cert, or the individual hostname certs? I have found that it needs access to the ssldir of the server, not the client from where you are running kick. To avoid having to add --ssldir or --vardir to every puppet kick invocation, it would help if we can put this in a section of the puppet.conf file. Can we do something like this? (my example below doesn't appear to work. <pre> [kick] vardir = /servers/var/dir </pre> -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
