[Puppet Users] Re: Connection timed out - connect(2) when using puppet module
On Wednesday, June 18, 2014 12:14:21 AM UTC-5, Torsten Kleiber wrote: Am Dienstag, 17. Juni 2014 15:03:20 UTC+2 schrieb jcbollinger: You mean you have set these in your puppet.conf or in your environment? If the former then which one (file system path) and which section? Are you running as root or as an unprivileged user? I run at the moment with root and have set it via export before the call. After setting it now in puppet.conf, the error changes similar to curl without -k: puppet module install rtyler/jenkins --debug Notice: Preparing to install into /etc/puppet/modules ... Notice: Downloading from https://forgeapi.puppetlabs.com ... Debug: HTTP GET https://forgeapi.puppetlabs.com/v3/releases?module=rtyler-jenkins https://www.google.com/url?q=https%3A%2F%2Fforgeapi.puppetlabs.com%2Fv3%2Freleases%3Fmodule%3Drtyler-jenkinssa=Dsntz=1usg=AFQjCNHu-FqhQGWQIIlMLS_p0AJTBVu6Qw Error: Could not connect via HTTPS to https://forgeapi.puppetlabs.com Unable to verify the SSL certificate The certificate may not be signed by a valid CA The CA bundle included with OpenSSL may not be valid or up to date Well you don't really want to trust unverified certificates, certainly not in an automated way. It sounds like you may need to update your trusted certificate store with one or more new CA certificates. On a RedHat-family Linux, that probably means updating package ca-certificates. For what it's worth, neither Firefox on Windows nor curl (without -k) on CentOS 6.5 complain to me about untrusted SSL certificates when I access that forge URL, and I haven't made any special accommodation for it. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/caf39dff-7544-4b4b-81de-d0dada0ae9d2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: Connection timed out - connect(2) when using puppet module
On Wed, Jun 18, 2014 at 6:11 AM, jcbollinger john.bollin...@stjude.org wrote: On Wednesday, June 18, 2014 12:14:21 AM UTC-5, Torsten Kleiber wrote: Am Dienstag, 17. Juni 2014 15:03:20 UTC+2 schrieb jcbollinger: You mean you have set these in your puppet.conf or in your environment? If the former then which one (file system path) and which section? Are you running as root or as an unprivileged user? I run at the moment with root and have set it via export before the call. After setting it now in puppet.conf, the error changes similar to curl without -k: puppet module install rtyler/jenkins --debug Notice: Preparing to install into /etc/puppet/modules ... Notice: Downloading from https://forgeapi.puppetlabs.com ... Debug: HTTP GET https://forgeapi.puppetlabs. com/v3/releases?module=rtyler-jenkins https://www.google.com/url?q=https%3A%2F%2Fforgeapi.puppetlabs.com%2Fv3%2Freleases%3Fmodule%3Drtyler-jenkinssa=Dsntz=1usg=AFQjCNHu-FqhQGWQIIlMLS_p0AJTBVu6Qw Error: Could not connect via HTTPS to https://forgeapi.puppetlabs.com Unable to verify the SSL certificate The certificate may not be signed by a valid CA The CA bundle included with OpenSSL may not be valid or up to date Well you don't really want to trust unverified certificates, certainly not in an automated way. It sounds like you may need to update your trusted certificate store with one or more new CA certificates. On a RedHat-family Linux, that probably means updating package ca-certificates. For what it's worth, neither Firefox on Windows nor curl (without -k) on CentOS 6.5 complain to me about untrusted SSL certificates when I access that forge URL, and I haven't made any special accommodation for it. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/caf39dff-7544-4b4b-81de-d0dada0ae9d2%40googlegroups.com https://groups.google.com/d/msgid/puppet-users/caf39dff-7544-4b4b-81de-d0dada0ae9d2%40googlegroups.com?utm_medium=emailutm_source=footer . For more options, visit https://groups.google.com/d/optout. FYI, after the heartbleed incident we obtained new SSL certificates for all SSL related services, including forgeapi.puppetlabs.com. The new certificate was issued by UserTrustNetwork, and caused problems for the module tool on Windows, because the UserTrustNetwork root is not trusted. See https://tickets.puppetlabs.com/browse/PUP-2365 for more info. We recently switched back to a GeoTrust Global CA issued certificate, and that may explain why the module tool fails to authenticate the forgeapi for you. Josh -- Josh Cooper Developer, Puppet Labs *Join us at PuppetConf 2014 http://www.puppetconf.com/, September 20-24 in San Francisco* *Register by July 31st to take advantage of the Early Bird discount https://puppetconf2014.eventbrite.com/?discount=EarlyBird **—**save $249!* -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CA%2Bu97u%3DqDiHaiT48pQ8TGS6%2BvLChC-%2Bdkds7g8KM4s_SWW9nxA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Connection timed out - connect(2) when using puppet module
Have nobody a hint? I have set http_proxy and https_proxy. curl -k *https://forgeapi.puppetlabs.com* https://forgeapi.puppetlabs.com/ is succesful. curl https://forgeapi.puppetlabs.com curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed More details here: http://curl.haxx.se/docs/sslcerts.html http://curl.haxx.se/docs/sslcerts.htmlcurl curl http://curl.haxx.se/docs/sslcerts.htmlcurl performs SSL certificate verification by default, using a bundle of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/b9289013-7d81-4899-9054-3e2c96c38ed4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Connection timed out - connect(2) when using puppet module
On Tuesday, June 17, 2014 4:46:47 AM UTC-5, Torsten Kleiber wrote: Have nobody a hint? I have set http_proxy and https_proxy. You mean you have set these in your puppet.conf or in your environment? If the former then which one (file system path) and which section? Are you running as root or as an unprivileged user? Puppet uses a personal configuration file (~/.puppet/puppet.conf) when run as non-root, unless you explicitly tell it otherwise (e.g. --confdir /etc/puppet). I am uncertain whether it honors proxy settings configured in the environment, but it certainly does offer its own proxy configuration configuration parameters. curl -k *https://forgeapi.puppetlabs.com* https://forgeapi.puppetlabs.com/ is succesful. And that's a useful test, but its success does not necessarily imply that puppet is configured correctly to connect to the same URL from your network. If indeed you do need to connect via a proxy, then I think your problem likely lies there. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/c7210dac-4f24-48aa-90f3-b7acb0bcbd43%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Connection timed out - connect(2) when using puppet module
Am Dienstag, 17. Juni 2014 15:03:20 UTC+2 schrieb jcbollinger: You mean you have set these in your puppet.conf or in your environment? If the former then which one (file system path) and which section? Are you running as root or as an unprivileged user? I run at the moment with root and have set it via export before the call. After setting it now in puppet.conf, the error changes similar to curl without -k: puppet module install rtyler/jenkins --debug Notice: Preparing to install into /etc/puppet/modules ... Notice: Downloading from https://forgeapi.puppetlabs.com ... Debug: HTTP GET https://forgeapi.puppetlabs.com/v3/releases?module=rtyler-jenkins Error: Could not connect via HTTPS to https://forgeapi.puppetlabs.com Unable to verify the SSL certificate The certificate may not be signed by a valid CA The CA bundle included with OpenSSL may not be valid or up to date -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/6b0b1c8b-844c-4cf2-b80f-9707a29b6fdc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.