On Sun, Aug 18, 2013 at 10:48 PM, Pete Brown <[email protected]> wrote:
> Ahh. > I need to get it working before the end of the week so I think I will > switch it to self generated certs and try to get the FreeIPA certs > working later. > > I will submit a bug after I get this new environment setup. > I believe the following pull request should resolve the exception you posted earlier: https://github.com/puppetlabs/puppetdb/pull/708 deepak > > > > On 19 August 2013 11:23, Deepak Giridharagopal <[email protected]> > wrote: > > On Aug 18, 2013, at 7:06 PM, Pete Brown <[email protected]> wrote: > > > >> Hi everyone, > >> > >> I am attempting to use FreeIPA as the external CA for my puppet > environment. > >> I can get puppetmaster running under pasenger using certs stored in an > >> nss db and puppet to work with standard pem encoded x509s issued from > >> FreeIPA. > >> I also got the Foreman working with those certs but i am having some > >> issues getting puppet to get node data out of Foreman. > >> It gives me this error when i try to query a node > >> > >> Error retrieving node puppet.webgatetec.com: Net::HTTPForbidden > >> > >> I haven't started investigating that so that may be a simple fix. > >> The main problem is getting puppetdb working. > >> I have puppetdb 1.4 installed on Fedora 19 and it uses the new method > >> of using pem certs instead of keystore which i thought would make this > >> easier but I was wrong. > >> I have it setup with the puppetmaster and ca certs. > >> The certificates I have are setup with CN=puppet_fqdn > >> subjectAltName=puppetmaster/$puppet_fqdn subjectAltName=$puppet_fqdn > >> > >> PuppetBD starts up but crashes after while with this error in the log > file. > >> > >> 2013-08-19 10:49:08,195 DEBUG [main] [puppetlabs.ssl] Loaded PEM > >> object of type 'class > >> org.bouncycastle.jcajce.provider.asymmetric.x509.X509CertificateObject' > >> from '/etc/ipa/ca.crt' > >> 2013-08-19 10:49:08,201 DEBUG [main] [puppetlabs.ssl] Loaded PEM > >> object of type 'class > >> org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPrivateCrtKey' > >> from '/etc/puppetdb/ssl/private.pem' > >> 2013-08-19 10:49:08,221 ERROR [main] [puppetlabs.utils] Uncaught > exception > >> java.lang.IllegalArgumentException: No matching field found: > >> getPrivate for class > >> org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPrivateCrtKey > >> at clojure.lang.Reflector.getInstanceField(Reflector.java:271) > >> at > clojure.lang.Reflector.invokeNoArgInstanceMember(Reflector.java:300) > >> at com.puppetlabs.ssl$pem__GT_private_key.invoke(ssl.clj:58) > >> at > com.puppetlabs.ssl$assoc_private_key_file_BANG_.invoke(ssl.clj:132) > >> at > com.puppetlabs.puppetdb.cli.services$configure_web_server_ssl_from_pems.invoke(services.clj:240) > >> at > com.puppetlabs.puppetdb.cli.services$configure_web_server.invoke(services.clj:260) > >> at > com.puppetlabs.puppetdb.cli.services$parse_config_BANG_.invoke(services.clj:374) > >> at > com.puppetlabs.puppetdb.cli.services$_main.doInvoke(services.clj:403) > >> at clojure.lang.RestFn.invoke(RestFn.java:421) > >> at clojure.lang.Var.invoke(Var.java:419) > >> at clojure.lang.AFn.applyToHelper(AFn.java:163) > >> at clojure.lang.Var.applyTo(Var.java:532) > >> at clojure.core$apply.invoke(core.clj:617) > >> at com.puppetlabs.puppetdb.core$_main.doInvoke(core.clj:79) > >> at clojure.lang.RestFn.applyTo(RestFn.java:137) > >> at com.puppetlabs.puppetdb.core.main(Unknown Source) > >> > >> I am unsure which field it is trying to find in the cert so I have no > >> idea how to fix it. > >> Can someone please point me in the right direction? > > > > Thanks for the stacktrace...that should help us triangulate the issue. > Unfortunately, with Puppetconf all this week, nearly all the people within > Puppet Labs who can look at this will be out. > > > > Can you file an issue against PuppetDB for this? What would be even > better is if you could attach some sample .pem files that exhibit the > issue. Then we can load those up on our end to see where things are going > wrong. > > > > Cheers, > > deepak > > > >> > >> Thanks in advance. > >> Pete. > >> > >> -- > >> You received this message because you are subscribed to the Google > Groups "Puppet Users" group. > >> To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]. > >> To post to this group, send email to [email protected]. > >> Visit this group at http://groups.google.com/group/puppet-users. > >> For more options, visit https://groups.google.com/groups/opt_out. > > > > -- > > You received this message because you are subscribed to the Google > Groups "Puppet Users" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]. > > To post to this group, send email to [email protected]. > > Visit this group at http://groups.google.com/group/puppet-users. > > For more options, visit https://groups.google.com/groups/opt_out. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/puppet-users. > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
