Thanks John.
Yes. So I have a similar node configuration setup, as described in the
previous post. I am writing out these steps so I can document this and
hopefully will benefit more people....
on master:
service puppetmaster stop
service puppetmaster start
on client
service puppet stop
puppet agent --test
Check cert list on master, none.
*NOW*
on client, delete sudo rm -rf /var/lib/puppet/ssl
then run sudo puppetd -tdv
info: Creating a new SSL key for giab10
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for giab10
info: Certificate Request fingerprint (md5): FF:FF:...........
Wow...
Back to master....
sudo puppetca --list
giab10 (FF:FF:...................)
glasslab@ghive-ldap:~$ sudo puppet cert sign giab1
notice: Signed certificate request for giab10
notice: Removing file Puppet::SSL::CertificateRequest giab10 at
'/etc/puppet/ssl/ca/requests/giab10.pem'
Cool.
Can we test again? Back to client...
sudo puppet agent --test
err: Could not retrieve catalog from remote server: SSL_connect returned=1
errno=0 state=SSLv3 read server certificate B: certificate verify failed
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
AHHHH... Try this? First delete the ssl....
sudo rm -rf /etc/puppet/ssl/
giabadmin@giab10:~$ sudo puppet agent --server puppet --waitforcert 60
--test --verbose
sudo puppet agent --server ghive-ldap --waitforcert 60 --test
--verbose
or
sudo puppet agent --test
err: Could not retrieve catalog from remote server: SSL_connect returned=1
errno=0 state=SSLv3 read server certificate B: certificate verify failed
warning: Not using cache on failed catalog
NO LUCK....
Where's the problem?
Thanks.
On Friday, June 15, 2012 10:31:50 AM UTC-4, jcbollinger wrote:
>
>
>
> On Thursday, June 14, 2012 6:39:36 PM UTC-5, tas wrote:
>>
>> Dear Ygor,
>>
>> Thank you for the guidance.
>> I didn't know we have to specify one... almost every single tutorial I
>> visit didn't mention it :( bad...
>>
>> http://pratikamin.wordpress.com/2011/05/24/turning-a-blueprint-puppet-recipe-into-a-puppet-deployment/
>>
>
> Do you mean like this section from that article?
>
> 4. Edit /etc/puppet/manifests/site.pp, this is the default file puppet
> looks for, and loads first. For now you probably want to do it in here, but
> later put it into node.pp or something(assuming client name is
> blogtest.test.com)
>
> node vpsblueprint {
> include vps_blueprint
> }
>
> node 'blogtest.test.com' inherits vpsblueprint{
> }
>
> This tells puppet for the client connecting with the hostname
> blogtest.test.com it should use the vpsblueprint node, which includes the
> vps_blueprint module.
>
> I must say that I have not noticed tutorials to be systematically
> deficient in that regard. Puppetlabs's own cover the topic, and I don't
> recall seeing any full-blown tutorials that miss it. More narrowly-focused
> tutorials might omit it where it would be out of scope, of course.
>
> John
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/t_kEkkr1M3kJ.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
