I've had a small working puppet setup, reduced by circumstances to 1.5
clients, for a while. It was up to 6 at one point, but things scaled
down. So I thought I knew how to make the most basic things work.
But I've been beating my head against the wall trying to get a new
master and new clients set up. (The new master will eventually
replace the old one and take on its client as well.)
I've got weird naming issues.
The old master is 192.168.1.4, dns name
wrkapp00.esteemedemployer.local (local DNS) and also a public IP under
wrkapp00.esteemedemployer.com.
The new master is 192.168.1.19, no dns name (yet; it's going to take
over the old name when we cut over).
I'm using /etc/hosts files to make it function as
wrkapp00.esteemedemployer.local to itself and the new clients.
(Puppet, or perhaps merely the documentation, seems very weak on
dealing with systems with no DNS name, and with situations where a
system changes its DNS name. In my experience, when I'm at the stage
of configuring a system where I need to get puppet working, we haven't
settled the DNS name for the system yet. I could probably get
something temporary put in, but then I'd have to switch it later, and
I'm scared of that given how much trouble I'm having with this.)
In playing with this, I've many times wanted to wipe out all existing
certs on the master. I've been doing that with this command:
rm ` find /var/lib/puppet/ssl -type f `
(after stopping puppetmaster). This seems to work; when I restart
puppetmaster it seems to create its own cert (files appear, and
puppetca --all --list reports it).
I've installed a manifest and set of files slightly enhanced from what
worked on the old installation.
So, on the new client system (192.168.1.22, prc-mn-
lnx01.esteemedemployer.local), I do:
[r...@prc-mn-lnx01 ~]# puppetd --server
wrkapp00.esteemedemployer.local --waitforcert 60 --test
notice: Ignoring --listen on onetime run
err: Could not retrieve catalog from remote server: certificate verify
failed
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
And as you see it fails spectacularly. No signing request appears on
the master, either.
Clues please!
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
