Hi everyone,
I am attempting to use FreeIPA as the external CA for my puppet environment.
I can get puppetmaster running under pasenger using certs stored in an
nss db and puppet to work with standard pem encoded x509s issued from
FreeIPA.
I also got the Foreman working with those certs but i am having some
issues getting puppet to get node data out of Foreman.
It gives me this error when i try to query a node
Error retrieving node puppet.webgatetec.com: Net::HTTPForbidden
I haven't started investigating that so that may be a simple fix.
The main problem is getting puppetdb working.
I have puppetdb 1.4 installed on Fedora 19 and it uses the new method
of using pem certs instead of keystore which i thought would make this
easier but I was wrong.
I have it setup with the puppetmaster and ca certs.
The certificates I have are setup with CN=puppet_fqdn
subjectAltName=puppetmaster/$puppet_fqdn subjectAltName=$puppet_fqdn
PuppetBD starts up but crashes after while with this error in the log file.
2013-08-19 10:49:08,195 DEBUG [main] [puppetlabs.ssl] Loaded PEM
object of type 'class
org.bouncycastle.jcajce.provider.asymmetric.x509.X509CertificateObject'
from '/etc/ipa/ca.crt'
2013-08-19 10:49:08,201 DEBUG [main] [puppetlabs.ssl] Loaded PEM
object of type 'class
org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPrivateCrtKey'
from '/etc/puppetdb/ssl/private.pem'
2013-08-19 10:49:08,221 ERROR [main] [puppetlabs.utils] Uncaught exception
java.lang.IllegalArgumentException: No matching field found:
getPrivate for class
org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPrivateCrtKey
at clojure.lang.Reflector.getInstanceField(Reflector.java:271)
at clojure.lang.Reflector.invokeNoArgInstanceMember(Reflector.java:300)
at com.puppetlabs.ssl$pem__GT_private_key.invoke(ssl.clj:58)
at com.puppetlabs.ssl$assoc_private_key_file_BANG_.invoke(ssl.clj:132)
at
com.puppetlabs.puppetdb.cli.services$configure_web_server_ssl_from_pems.invoke(services.clj:240)
at
com.puppetlabs.puppetdb.cli.services$configure_web_server.invoke(services.clj:260)
at
com.puppetlabs.puppetdb.cli.services$parse_config_BANG_.invoke(services.clj:374)
at com.puppetlabs.puppetdb.cli.services$_main.doInvoke(services.clj:403)
at clojure.lang.RestFn.invoke(RestFn.java:421)
at clojure.lang.Var.invoke(Var.java:419)
at clojure.lang.AFn.applyToHelper(AFn.java:163)
at clojure.lang.Var.applyTo(Var.java:532)
at clojure.core$apply.invoke(core.clj:617)
at com.puppetlabs.puppetdb.core$_main.doInvoke(core.clj:79)
at clojure.lang.RestFn.applyTo(RestFn.java:137)
at com.puppetlabs.puppetdb.core.main(Unknown Source)
I am unsure which field it is trying to find in the cert so I have no
idea how to fix it.
Can someone please point me in the right direction?
Thanks in advance.
Pete.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
