Hi all,
I'm trying to get a puppet daemon to run on the same host as a
puppetmaster, and I'm seeing an interesting problem on 0.24.8 on
Solaris.
One of the rules is to push out a current puppet.conf - heres the rule
I'm using:
file { puppetconf:
path => $operatingsystem ? {
solaris => "/etc/opt/csw/puppet/puppet.conf",
default => "/etc/puppet/puppet.conf",
},
owner => root,
group => root,
mode => 644,
source => [ "puppet:///puppetdaemon/puppet.conf-
$hostname",
"puppet:///puppetdaemon/puppet.conf-
$kernelrelease",
"puppet:///puppetdaemon/puppet.conf" ]
}
Now the issue I am seeing is with the actual file transfer. When it
comes to actually
update the puppet config file, the messages file shows this:
May 21 09:37:50 puppetmaster puppetd[3644]: [ID 702911 daemon.warning]
Certificate validation failed; consider using the certname
configuration option
May 21 09:37:50 puppetmaster puppetd[3644]: [ID 702911 daemon.error]
(//Node[default]/puppetdaemon/File[puppetconf]/source) change from
{md5}846ec1befda534749269c6ec294bad40 to
puppet:///puppetdaemon/puppet.conf-puppetmaster
puppet:///puppetdaemon/puppet.conf-5.10 puppet:///puppetdaemon/puppet.conf
failed: Certificates were not trusted: SSL_connect returned=1 errno=0
state=SSLv3 read server certificate B: certificate verify failed
The weird thing here is that it seems to handle the initial handshakes
and perform the rest of the work,
its only when it comes to replacing a file... Running the
puppetmasterd in debug mode yields this bit of info:
debug: Using cached node for puppetmaster.domain.com
debug: mount[puppetdaemon]: Describing /puppetdaemon/puppet.conf-
puppetmaster for puppetmaster.domain.com
debug: Overriding puppetmaster with cert name puppetmaster.domain.com
debug: Allowing authenticated client puppetmaster.domain.com(10.1.2.3)
access to fileserver.retrieve
debug: Using cached node for puppetmaster.domain.com
info: mount[puppetdaemon]: Sending /puppetdaemon/puppet.conf-
puppetmaster to puppetmaster.domain.com
debug: Overriding puppetmaster with cert name puppetmaster.domain.com
debug: Allowing authenticated client mplops1prd.domain.com(10.1.2.3)
access to fileserver.describe
So it appears that the file is being sent to the client, and it is the
client that is rejecting the file on the basis of the invalid
certificate. Heres the weird thing - its happy with the certificate
for everything else...
The only other bit I will point out is that both the client and the
server appear to be using the same
certificate. I have this working without issue at a seperate site
using the same configuration (as far
as I can tell...)
Has anyone seen something like this before?
thanks,
Greg
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
