I've spent most time than I care to admit to trying to setup Puppet in our production environment. I had previously tested it out and gotten it to work and now I cannot for some reason. I am attempting to get Puppet server (with passenger on Apache2) up and running under Ubuntu 11.10 (client too).
== Server Side == # puppet cert --list monitor-1.site.toplevel.tld (51:21:C7:52:05:C5:70:0B:9F:7C:7A:65:D1:22:34:DC) # puppet cert --sign monitor-1.site.toplevel.tld notice: Signed certificate request for monitor-1.site.toplevel.tld notice: Removing file Puppet::SSL::CertificateRequest monitor-1.site.toplevel.tld at '/var/lib/puppet/ssl/ca/requests/monitor-1.site.toplevel.tld.pem' ( Full server side puppet.conf: http://pastebin.com/e8qtWNpi ) == Client Side == # puppet agent --waitforcert 60 --test info: Creating a new SSL key for monitor-1.site.toplevel.tld warning: peer certificate won't be verified in this SSL session info: Caching certificate for ca warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session info: Creating a new SSL certificate request for monitor-1.site.toplevel.tld info: Certificate Request fingerprint (md5): 51:xx:xx:xx:xx:xx:xx:DC warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session info: Caching certificate for monitor-1.site.toplevel.tld err: Could not retrieve catalog from remote server: hostname was not match with the server certificate warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run err: Could not send report: hostname was not match with the server certificate ( Full debug text: http://pastebin.com/gFhFfF7p ) == I dont get it == I can ping `puppet` and it works (it is a CNAME to puppet-1.site.toplevel.tld which is the servers name). On the puppet server I have "certname=puppet.site.toplevel.tld" set. I've regenerated the servers certificates and I can goto https://puppet.site.toplevel.tld:8140/and the certificate says that it's the same domain name. I can even pull out the certs from the client machine and they all match the names. I'm totally at a loss and I could really use some help. -- Jon [[User:ShakataGaNai]] / KJ6FNQ http://snowulf.com/ http://www.linkedin.com/in/shakataganai -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
