Public bug reported: For puppet 2.7.1-1ubuntu3.5~maverick1 running on maverick server, the agent fails to be able to obtain catalogs from the puppetmaster, due to a failure to validate the ca certificate.
This is a dangerous bug as it appears when following the instructions in the server guide for installing puppet and is just silent, in the sense that there is nothing normally in the logs. It only appear if one checks whether the changes are being propagated or runs the puppet agent with a command like: sudo puppetd agent --no-daemonize --verbose --debug which will show something like: err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: sslv3 alert bad certificate notice: Using cached catalog err: Could not retrieve catalog; skipping run after retrieving the signed ca certificate. It is NOT due to a problem with time syncing, as can be verified by checking the validity time of the certificate with a command like: sudo openssl x509 -text -noout -in /etc/puppet/ssl/certs/ca.pem and ensuring that the not before time lies in the future. It is likely due to an inability of the ruby puppet application to properly verify the ca certificate. See for example this now closed bug at puppetlabs: http://projects.puppetlabs.com/issues/14067 This page contains a fair amount of useful information about puppet's use of certificates: http://projects.puppetlabs.com/projects/1/wiki/Certificates_And_Security ** Affects: puppet (Ubuntu) Importance: Undecided Status: New ** Tags: puppet server -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to puppet in Ubuntu. https://bugs.launchpad.net/bugs/986649 Title: puppet agent can't obtain catalogs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/986649/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs