The hostname the client connects to, must match the name on the server's certificate. More info at: http://groups.google.com/group/puppet-users/browse_thread/thread/8bcc83b7f52214db
On Jul 22, 2010, at 10:02 AM, WEB PAGE: http://www.dyarstraights.com (08/14/04) WEB PAGE: http://www.livejournal.com/users/allyson13/ (08/14/04) David Dyer-Bennet 11/30/04 Minneapolis, Minnesota Address(es): wrote: > I've had a small working puppet setup, reduced by circumstances to 1.5 > clients, for a while. It was up to 6 at one point, but things scaled > down. So I thought I knew how to make the most basic things work. > > But I've been beating my head against the wall trying to get a new > master and new clients set up. (The new master will eventually > replace the old one and take on its client as well.) > > I've got weird naming issues. > > The old master is 192.168.1.4, dns name > wrkapp00.esteemedemployer.local (local DNS) and also a public IP under > wrkapp00.esteemedemployer.com. > > The new master is 192.168.1.19, no dns name (yet; it's going to take > over the old name when we cut over). > > I'm using /etc/hosts files to make it function as > wrkapp00.esteemedemployer.local to itself and the new clients. > > (Puppet, or perhaps merely the documentation, seems very weak on > dealing with systems with no DNS name, and with situations where a > system changes its DNS name. In my experience, when I'm at the stage > of configuring a system where I need to get puppet working, we haven't > settled the DNS name for the system yet. I could probably get > something temporary put in, but then I'd have to switch it later, and > I'm scared of that given how much trouble I'm having with this.) > > In playing with this, I've many times wanted to wipe out all existing > certs on the master. I've been doing that with this command: > rm ` find /var/lib/puppet/ssl -type f ` > (after stopping puppetmaster). This seems to work; when I restart > puppetmaster it seems to create its own cert (files appear, and > puppetca --all --list reports it). > > I've installed a manifest and set of files slightly enhanced from what > worked on the old installation. > > So, on the new client system (192.168.1.22, prc-mn- > lnx01.esteemedemployer.local), I do: > > [r...@prc-mn-lnx01 ~]# puppetd --server > wrkapp00.esteemedemployer.local --waitforcert 60 --test > notice: Ignoring --listen on onetime run > err: Could not retrieve catalog from remote server: certificate verify > failed > warning: Not using cache on failed catalog > err: Could not retrieve catalog; skipping run > > And as you see it fails spectacularly. No signing request appears on > the master, either. > > Clues please! > > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.