[Puppet - Bug #1623] (Unreviewed) problem registering new certifcates with puppet from git/master

Tue, 30 Sep 2008 13:31:03 -0700 

Issue #1623 has been reported by grumpus.

----------------------------------------
Bug #1623: problem registering new certifcates with puppet from git/master
http://projects.reductivelabs.com/issues/show/1623

Author: grumpus
Status: Unreviewed
Priority: Low
Assigned to: 
Category: 
Target version: 0.24.6
Complexity: Unknown
Affected version: 
Keywords: 


I decided to try puppet from git (master branch) and found a few problems. I'll 
open a ticket for each.

The only one I haven't resolved is: new clients can not submit their CSR. Here 
is what the output looks like on the client:

<pre>
[EMAIL PROTECTED] ~]# /usr/sbin/puppetd --onetime --no-daemonize --server 
inf1.md.boolecat.com --verbose --waitforcert 300
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
notice: Did not receive certificate
warning: peer certificate won't be verified in this SSL session
notice: Did not receive certificate
</pre>

It blocks for a very long time. On the server side, I see this in the 
masterhttp.log:

<pre>
[2008-09-30 15:56:14] INFO  WEBrick::HTTPServer#start: pid=10915 port=8140
[2008-09-30 15:58:34] DEBUG accept: 192.168.0.129:47307
[2008-09-30 15:58:34] DEBUG Puppet::Network::HTTP::WEBrickREST is invoked.
[2008-09-30 15:58:34] centos1.md.boolecat.com - - [30/Sep/2008:15:58:34 EDT] 
"GET /certificate/centos1.md.boolecat.com HTTP/1.1" 404 0
[2008-09-30 15:58:34] - -> /certificate/centos1.md.boolecat.com
[2008-09-30 15:58:34] DEBUG close: 192.168.0.129:47307
[2008-09-30 15:58:34] DEBUG accept: 192.168.0.129:47308
[2008-09-30 15:58:34] ERROR `/certificate_request/centos1.md.boolecat.com' not 
found.
[2008-09-30 15:58:34] centos1.md.boolecat.com - - [30/Sep/2008:15:58:34 EDT] 
"GET /certificate_request/centos1.md.boolecat.com HTTP/1.1" 404 339
[2008-09-30 15:58:34] - -> /certificate_request/centos1.md.boolecat.com
[2008-09-30 15:58:34] DEBUG close: 192.168.0.129:47308
[2008-09-30 15:58:34] DEBUG accept: 192.168.0.129:47309
[2008-09-30 15:58:34] ERROR `/certificate_request/' not found.
[2008-09-30 15:58:34] centos1.md.boolecat.com - - [30/Sep/2008:15:58:34 EDT] 
"PUT /certificate_request/ HTTP/1.1" 404 316
[2008-09-30 15:58:34] - -> /certificate_request/
[2008-09-30 15:58:34] DEBUG close: 192.168.0.129:47309
[2008-09-30 15:58:35] DEBUG accept: 192.168.0.129:47310
[2008-09-30 15:58:35] DEBUG Puppet::Network::HTTP::WEBrickREST is invoked.
[2008-09-30 15:58:35] centos1.md.boolecat.com - - [30/Sep/2008:15:58:35 EDT] 
"GET /certificate/centos1.md.boolecat.com HTTP/1.1" 404 0
[2008-09-30 15:58:35] - -> /certificate/centos1.md.boolecat.com
[2008-09-30 15:58:35] DEBUG close: 192.168.0.129:47310
[2008-09-30 15:58:35] DEBUG accept: 192.168.0.129:47311
[2008-09-30 15:58:35] DEBUG Puppet::Network::HTTP::WEBrickREST is invoked.
[2008-09-30 15:58:35] centos1.md.boolecat.com - - [30/Sep/2008:15:58:35 EDT] 
"GET /certificate/centos1.md.boolecat.com HTTP/1.1" 404 0
[2008-09-30 15:58:35] - -> /certificate/centos1.md.boolecat.com
[2008-09-30 15:58:35] DEBUG close: 192.168.0.129:47311
</pre>

My puppet.conf is very close to the default:

<pre>
[main]
    vardir = /var/lib/puppet
    logdir = /var/log/puppet
    rundir = /var/run/puppet
    ssldir = $vardir/ssl
[puppetd]
    classfile = $vardir/classes.txt
    localconfig = $vardir/localconfig
[puppetmasterd]
    bindaddress = 0.0.0.0
</pre>

fileserver.conf is empty, and the site.pp is trivial:

<pre>
node "inf1.md.boolecat.com" {
  info "In node for inf1"
}
node "centos1.md.boolecat.com" {
  info "In node for centos1"
}
</pre>

I've confirmed this in two environments (work and home), both using a locally 
compiled ruby (1.8.7) on centos 5.2.

This is not important, as this is development code and I'm just testing it out 
of curiosity. Let me know if I can provide any other details.

Thanks.


----------------------------------------
You have received this notification because you have either subscribed to it, 
or are involved in it.
To change your notification preferences, please click here: 
http://reductivelabs.com/redmine/my/account

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Puppet Bugs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-bugs?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to