On Thu, July 22, 2010 18:20, Patrick Mohr wrote: > > On Jul 22, 2010, at 12:20 PM, David Dyer-Bennet wrote: > >> >> On Thu, July 22, 2010 12:27, Patrick Mohr wrote: >>> The hostname the client connects to, must match the name on the >>> server's >>> certificate. >> >> I believe I have that right. >> >> On the server, >> >> [r...@wrkapp00 ddb]# hostname >> wrkapp00.esteemedemployer.local >> [r...@wrkapp00 ddb]# puppetca --all --list >> + wrkapp00.esteemedemployer.local >> >> The only certificate is its own, and that's in the name I expect. >> >> On the client, >> >> [r...@prc-mn-lnx01 ~]# puppetd --server wrkapp00.esteemedemployer.local >> --waitforcert 60 --test >> notice: Ignoring --listen on onetime run >> err: Could not retrieve catalog from remote server: certificate verify >> failed >> warning: Not using cache on failed catalog >> err: Could not retrieve catalog; skipping run >> >> (Ping from the client shows the name is resolving to the IP I expect it >> to; that it's actually talking to the server I checked certificate names >> on.) > > That's strange. > > Are you running puppet under Passenger or Mongrel? If you don't know, the > answer is probably no.
I don't believe I am (it's the Centos rpm install though, I didn't lovingly hand-craft each character of configuration). > What does this command give you on the server? > puppetmasterd --genconfig | grep "certname " > > > What does this command give you on the client? > puppetd --genconfig | grep "certname " > > What's in /var/lib/puppet/ssl on the client and server? > > Does /var/lib/puppet/ssl/certs/ca.pem on the client and server match? At this point I'm three configurations down the road and can't exactly answer those questions, at least not from the same source as what I previously posted. I've been trying to "simplify" and make things more "normal", hoping I can get that running and then build up from there. I'll keep this on hand if I get back to that error, to provide more useful information. Which is easier, a client on the server, or a client on a different host? (I've got both situations that I want to set up, I'm looking for the simplest starting place.) What does the simplest setup look like in general? Also, what are namespaces? My current error references namespaces, and I haven't so far been able to find them in the documentation (running 0.25.5). -- David Dyer-Bennet, [email protected]; http://dd-b.net/ Snapshots: http://dd-b.net/dd-b/SnapshotAlbum/data/ Photos: http://dd-b.net/photography/gallery/ Dragaera: http://dragaera.info -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
