You might want to try explicitly setting certname == fqdn for puppet02 in puppet.conf, further if you changed DNS/hostnames after asking for the cert, that may have confused things?
--Michael On Tue, Apr 27, 2010 at 12:25 PM, Alan McKay <[email protected]> wrote: > Hey folks, > > I'm just about ready to go bananas over here! I read the FAQ, and > yes, I am doing a reinstall. But as you will see below I believe I > am cleaning things out properly so there are no false cert remnants > lying around. I'm going bonkers as to why the cert exchange is not > working > > I've got a couple of test VMs running CentOS 5.4 and using the puppet > and puppet-server packages from there. > > [r...@puppet01 ~]# rpm -qa | grep -i puppet > puppet-server-0.22.4-1.el5.rf > puppet-0.22.4-1.el5.rf > > host puppet01 is my server, and puppet02 is my client. I've defined > them both on my DNS server and they both seem to resolve fine > everywhere. Note below I change my domain name with "example.com" > (hope I managed to get all occurances :-)) > > When doing my reconfiguration / retry, I do : > > yum -y erase puppet puppt-server > > on client and server, then I do : > > find / -name \*puppet\* > > to find any files left around, and I remove them. e.g. > /var/lib/puppet and /var/log/puppet and even /etc/puppet get left > behind, so I nuke the entire directories. > > Then on the server I do > > yum -y install puppet-server > > and on the client > > yum -y install puppet > > On the server side I've created a simple manifest that I put into > /etc/puppet/manifests/site.pp : > > ---snip--- > file { "/etc/passwd" : > owner => "root", > group => "bin", > mode => 644, > } > > class apache { > > package { httpd: ensure => installed } > > service { "httpd" : > ensure => running, > require => Package["httpd"], > } > } > ---snip--- > > puppetmaster starts. On the client I start up puppetd and then on > the server I do "puppetca --list" and see the certificate waiting for > approval. So I sign it on the server using the FQDN. > > But on the client side I keep seeing these messages in the /var/log/messages : > > Apr 27 12:17:58 localhost puppetd[12364]: Could not retrieve > configuration: Could not find puppet02.office.example.com with names > puppet02.office.example.com, puppet02 > Apr 27 12:17:58 localhost puppetd[12364]: Could not run > Puppet::Network::Client::Master: Cannot connect to server and there is > no cached configuration > > What I don't get is that my client is puppet02 so why is it looking for > itself? > > In doing some more digging I found the below thread on this list : > > Sept 2009 on the list archives : > http://groups.google.com/group/puppet-users/browse_thread/thread/73ef261fd9f6e1da/1a020eaf975f729d?lnk=gst&q=Cannot+connect+to+server#1a020eaf975f729d > > which suggests I've got the wrong hostname defined for the server. > The default being "puppet". OK, I did have that alias defined in DNS > so I removed it just to remove the possibility of this messing things > up. I found this in the CentOS install which seems to be the right > way to configure the server name : > > ---snip--- > [r...@puppet02 ~]# cat /etc/sysconfig/puppet > # The puppetmaster server > PUPPET_SERVER=puppet01.office.example.com > > # If you wish to specify the port to connect to do so here > #PUPPET_PORT=8140 > > # Where to log to. Specify syslog to send log messages to the system log. > #PUPPET_LOG=/var/log/puppet/puppet.log > > # You may specify other parameters to the puppet client here > #PUPPET_EXTRA_OPTS=--waitforcert=500 > ---snip--- > > I also shut down puppetd and try to start it manually thus : > > [r...@puppet02 ~]# puppetd --server puppet01.office.example.com > --verbose --waitforcert 60 > notice: Starting Puppet client version 0.22.4 > err: Could not retrieve configuration: Could not find > puppet02.office.example.com with names puppet02.office.example.com, > puppet02 > err: Could not run Puppet::Network::Client::Master: Cannot connect to > server and there is no cached configuration > > I just cannot figure out what I am doing wrong here! > > Oh, and one final thing, I have confirmed there are no firewalls on either > box. > > Help! > > -- > “Don't eat anything you've ever seen advertised on TV” > - Michael Pollan, author of "In Defense of Food" > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
