Issue #11431 has been updated by Dan Urist.
I am getting the same error, but I get this regardless of whether I specify ssldir. root@npuppet:~# puppet kick vanilla.cms.ucar.edu Triggering vanilla.cms.ucar.edu Host vanilla.cms.ucar.edu failed: hostname was not match with the server certificate vanilla.cms.ucar.edu finished with exit code 2 Failed: vanilla.cms.ucar.edu root@npuppet:~# puppet kick vanilla.cms.ucar.edu --ssldir=/var/lib/puppet/ssl Triggering vanilla.cms.ucar.edu Host vanilla.cms.ucar.edu failed: hostname was not match with the server certificate vanilla.cms.ucar.edu finished with exit code 2 Failed: vanilla.cms.ucar.edu Running the command with "--debug" doesn't show any additional output. This is with puppet version 2.6.3 on Ubuntu lucid (both client and server). This used to work, I believe in version 2.6.1. Is there any workaround? This breaks my workflow... ---------------------------------------- Bug #11431: puppet kick failing with "hostname not match with the server certificate" unless ssldir is specified https://projects.puppetlabs.com/issues/11431 Author: Jo Rhett Status: Accepted Priority: Normal Assignee: Category: agent Target version: Affected Puppet version: 2.6.12 Keywords: Branch: When we last tried out puppet kick, we just did: <pre> puppet kick -t tag $host1 $host2 </pre> …from any host listed in the “path /run” part of auth.conf. We finally cleaned up to use tags instead of environments, went to roll out the new changes and found that the exact same commands now return: <pre> Host (hostname) failed: hostname not match with the server certificate </pre> We have found that puppet kick now works only from hosts which can mount the puppet server’s var directory and specify it on the command line: <pre> puppet kick -t tag —ssldir=/(server’s)/puppet/var/ssl $host </pre> puppet.conf on master <pre> [main] ssldir = $vardir/ssl [master] vardir = /nas/puppet/var </pre> Old description of ticket: The page at http://docs.puppetlabs.com/man/kick.html says > You will most likely have to run 'puppet kick' as root to get access to the > SSL certificates. Please document which certificates that puppet kick uses. Does it need to read the server's CA cert, or the individual hostname certs? I have found that it needs access to the ssldir of the server, not the client from where you are running kick. To avoid having to add --ssldir or --vardir to every puppet kick invocation, it would help if we can put this in a section of the puppet.conf file. Can we do something like this? (my example below doesn't appear to work. <pre> [kick] vardir = /servers/var/dir </pre> -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
