Issue #1623 has been updated by luke. Category set to network Status changed from Unreviewed to Accepted Priority changed from Low to High Target version changed from 0.24.6 to 0.25.0
---------------------------------------- Bug #1623: problem registering new certifcates with puppet from git/master http://projects.reductivelabs.com/issues/show/1623 Author: grumpus Status: Accepted Priority: High Assigned to: Category: network Target version: 0.25.0 Complexity: Unknown Affected version: Keywords: I decided to try puppet from git (master branch) and found a few problems. I'll open a ticket for each. The only one I haven't resolved is: new clients can not submit their CSR. Here is what the output looks like on the client: <pre> [EMAIL PROTECTED] ~]# /usr/sbin/puppetd --onetime --no-daemonize --server inf1.md.boolecat.com --verbose --waitforcert 300 warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session notice: Did not receive certificate warning: peer certificate won't be verified in this SSL session notice: Did not receive certificate </pre> It blocks for a very long time. On the server side, I see this in the masterhttp.log: <pre> [2008-09-30 15:56:14] INFO WEBrick::HTTPServer#start: pid=10915 port=8140 [2008-09-30 15:58:34] DEBUG accept: 192.168.0.129:47307 [2008-09-30 15:58:34] DEBUG Puppet::Network::HTTP::WEBrickREST is invoked. [2008-09-30 15:58:34] centos1.md.boolecat.com - - [30/Sep/2008:15:58:34 EDT] "GET /certificate/centos1.md.boolecat.com HTTP/1.1" 404 0 [2008-09-30 15:58:34] - -> /certificate/centos1.md.boolecat.com [2008-09-30 15:58:34] DEBUG close: 192.168.0.129:47307 [2008-09-30 15:58:34] DEBUG accept: 192.168.0.129:47308 [2008-09-30 15:58:34] ERROR `/certificate_request/centos1.md.boolecat.com' not found. [2008-09-30 15:58:34] centos1.md.boolecat.com - - [30/Sep/2008:15:58:34 EDT] "GET /certificate_request/centos1.md.boolecat.com HTTP/1.1" 404 339 [2008-09-30 15:58:34] - -> /certificate_request/centos1.md.boolecat.com [2008-09-30 15:58:34] DEBUG close: 192.168.0.129:47308 [2008-09-30 15:58:34] DEBUG accept: 192.168.0.129:47309 [2008-09-30 15:58:34] ERROR `/certificate_request/' not found. [2008-09-30 15:58:34] centos1.md.boolecat.com - - [30/Sep/2008:15:58:34 EDT] "PUT /certificate_request/ HTTP/1.1" 404 316 [2008-09-30 15:58:34] - -> /certificate_request/ [2008-09-30 15:58:34] DEBUG close: 192.168.0.129:47309 [2008-09-30 15:58:35] DEBUG accept: 192.168.0.129:47310 [2008-09-30 15:58:35] DEBUG Puppet::Network::HTTP::WEBrickREST is invoked. [2008-09-30 15:58:35] centos1.md.boolecat.com - - [30/Sep/2008:15:58:35 EDT] "GET /certificate/centos1.md.boolecat.com HTTP/1.1" 404 0 [2008-09-30 15:58:35] - -> /certificate/centos1.md.boolecat.com [2008-09-30 15:58:35] DEBUG close: 192.168.0.129:47310 [2008-09-30 15:58:35] DEBUG accept: 192.168.0.129:47311 [2008-09-30 15:58:35] DEBUG Puppet::Network::HTTP::WEBrickREST is invoked. [2008-09-30 15:58:35] centos1.md.boolecat.com - - [30/Sep/2008:15:58:35 EDT] "GET /certificate/centos1.md.boolecat.com HTTP/1.1" 404 0 [2008-09-30 15:58:35] - -> /certificate/centos1.md.boolecat.com [2008-09-30 15:58:35] DEBUG close: 192.168.0.129:47311 </pre> My puppet.conf is very close to the default: <pre> [main] vardir = /var/lib/puppet logdir = /var/log/puppet rundir = /var/run/puppet ssldir = $vardir/ssl [puppetd] classfile = $vardir/classes.txt localconfig = $vardir/localconfig [puppetmasterd] bindaddress = 0.0.0.0 </pre> fileserver.conf is empty, and the site.pp is trivial: <pre> node "inf1.md.boolecat.com" { info "In node for inf1" } node "centos1.md.boolecat.com" { info "In node for centos1" } </pre> I've confirmed this in two environments (work and home), both using a locally compiled ruby (1.8.7) on centos 5.2. This is not important, as this is development code and I'm just testing it out of curiosity. Let me know if I can provide any other details. Thanks. ---------------------------------------- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://reductivelabs.com/redmine/my/account --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en -~----------~----~----~----~------~----~------~--~---
