Issue #15697 has been updated by eric sorenson. Status changed from Unreviewed to Needs More Information Assignee set to Gerard Hickey
---------------------------------------- Bug #15697: --server option is not overriding the puppet.conf settings https://projects.puppetlabs.com/issues/15697#change-69587 Author: Gerard Hickey Status: Needs More Information Priority: Normal Assignee: Gerard Hickey Category: Target version: Affected Puppet version: Keywords: Branch: On Monday I had a call with Gary Larizza, Nan Liu, and Arnan Outhaythip to look at a problem that I have been having with getting a pool of puppet masters running. From that call they asked that I submit this bug report. I am currently running Puppet open source 2.7.14 which I downloaded from yum.puppetlabs.com:/el/6Server/products/x86_64 The planned implementation currently is 3 puppet masters (listed below) running behind an F5 load balancer. The load balancer responds as puppet.vip.slc.ebay.com. Currently the first puppet master is also serving as the CA. Puppet masters: slc4b01c-713269.stratus.slc.ebay.com slc4b01c-713343.stratus.slc.ebay.com slc4b01c-7292.stratus.slc.ebay.com Pertinent DNS entries: puppet.vip.slc.ebay.com. 300 IN A 10.89.64.100 puppet-ca.vip.ebay.com. 300 IN CNAME slc4b01c-713269.stratus.slc.ebay.com. slc4b01c-713269.stratus.slc.ebay.com. 3600 IN A 10.94.12.44 Because of issues with the configuration of the load balancer, I have had to start doing my testing with the --server argument on the agent command line until the load balancer issues can be resolved. The original problem that triggered the call is that whenever I had an agent connect to a master it would error out with the following message: err: Could not retrieve catalog from remote server: Server hostname 'puppet-ca.vip.ebay.com' did not match server certificate; expected one of slc4b01c-713269.stratus.slc.ebay.com, DNS:puppet, DNS:puppet.vip.slc.ebay.com, DNS:slc4b01c-713269.stratus.slc.ebay.com warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run Working with Gary, Nan and Arnan we found that if the puppet.conf was updated with the physical hostnames of the puppet master (i.e. slc4b01c-713269.stratus.slc.ebay.com) instead of the VIP address (puppet.vip.slc.ebay.com), then the agent would connect correctly and there would not be a mismatch with the hostnames for the cert. For the short term I will run with physical names until this issue is resolved and released in the open source version. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
