not sure, but try putting the FQDN for the certname, not just vps200
---
Thanks,
Allan Marcus
505-667-5666
On Aug 26, 2009, at 9:35 AM, ELTigre wrote:
>
> I'm running puppetmasterd (0.24.8) with apache2 and mongrel on a
> debian host. Apache2, mongrel instances and puppetmaster runs in the
> same server. For example, a puppet client sign in puppetmaster and
> catch his catalog, it creaste files, folders, change permissions,
> start/stop services BUT can noy use files on the fileserver. See a
> part of puppetmaster syslog file:
>
> Aug 26 11:20:15 vps200 puppetmasterd[29596]: Allowing authenticated
> client vps198.domain(127.0.0.1) access to
> puppetmaster.getconfig
> Aug 26 11:20:15 vps200 puppetmasterd[29596]: Our client is remote
> Aug 26 11:20:15 vps200 puppetmasterd[29596]: Expiring the node cache
> of vps198.domain
> Aug 26 11:20:15 vps200 puppetmasterd[29596]: Not using expired node
> for vps198.domain from cache; expired at Wed Aug 26 11:19:15 -0400
> 2009
> Aug 26 11:20:15 vps200 puppetmasterd[29596]: Caching node for
> vps198.domain
> Aug 26 11:20:15 vps200 puppetmasterd[29596]: importing '/etc/puppet/
> manifests/defaults.pp'
> Aug 26 11:20:15 vps200 puppetmasterd[29596]: importing '/etc/puppet/
> manifests/modules.pp'
> Aug 26 11:20:15 vps200 puppetmasterd[29596]: importing '/etc/puppet/
> modules/apt/manifests/init.pp'
> Aug 26 11:20:15 vps200 puppetmasterd[29596]: importing '/etc/puppet/
> modules/collectd/manifests/init.pp'
> Aug 26 11:20:15 vps200 puppetmasterd[29596]: Adding code to main on
> line 2 in file /etc/puppet/manifests/modules.pp
> Aug 26 11:20:15 vps200 puppetmasterd[29596]: importing '/etc/puppet/
> manifests/nodes.pp'
> Aug 26 11:20:15 vps200 puppetmasterd[29596]: Adding code to main on
> line 16 in file /etc/puppet/manifests/site.pp
> Aug 26 11:20:15 vps200 puppetmasterd[29596]: (File[/tmp/
> file_de_prueba]) Adding default for backup
> Aug 26 11:20:15 vps200 puppetmasterd[29596]: (File[/tmp/
> file_de_prueba]) Adding default for ignore
> Aug 26 11:20:15 vps200 puppetmasterd[29596]: (File[/etc/apt/
> sources.list]) Adding default for backup
> Aug 26 11:20:15 vps200 puppetmasterd[29596]: (File[/etc/apt/
> sources.list]) Adding default for ignore
> Aug 26 11:20:15 vps200 puppetmasterd[29596]: Compiled catalog for
> vps198.domain in 0.05 seconds
> Aug 26 11:20:16 vps200 puppetmasterd[29621]: Allowing authenticated
> client vps198.domain(127.0.0.1)access to fileserver.describe
> Aug 26 11:20:16 vps200 puppetmasterd[29621]: Using cached node for
> vps198.domain
> Aug 26 11:20:16 vps200 puppetmasterd[29621]: (mount[apt]) Describing /
> apt/sources.list for vps198.domain
> Aug 26 11:20:16 vps200 puppetmasterd[29646]: Allowing authenticated
> client vps198.domain(127.0.0.1)access to fileserver.retrieve
> Aug 26 11:20:16 vps200 puppetmasterd[29646]: Using cached node for
> vps198.domain
> Aug 26 11:20:16 vps200 puppetmasterd[29646]: (mount[apt]) Sending /
> apt/
> sources.list to vps198.domain
> Aug 26 11:20:16 vps200 puppetmasterd[29671]: Allowing authenticated
> client vps198.domain(127.0.0.1)access to puppetreports.report
> Aug 26 11:20:16 vps200 puppetmasterd[29671]: Processing reports store,
> log, tagmail, rrdgraph for vps198.domain
> Aug 26 11:20:16 vps200 puppetmasterd[29671]: Certificate validation
> failed; consider using the certname configuration option
> Aug 26 11:20:16 vps200 puppetmasterd[29671]: (//Node[vps198.domain]/
> apt/File[/etc/apt/sources.list] /source) change from {md5}
> bfbd1ab9e28ec69d38e7cab4219283ab to puppet:///apt/sources.list failed:
> Certificates were not trusted: hostname was not match with the server
> certificate
>
> I'm also using a certname, here my puppetmaster config file:
> vps200:/etc# cat /etc/puppet/puppet.conf
> [main]
> logdir=/var/log/puppet
> vardir=/var/lib/puppet
> ssldir=/var/lib/puppet/ssl
> rundir=/var/run/puppet
> factpath=$vardir/lib/facter
> syslogfacility=user
> modulepath=/etc/puppet/modules
>
>
> [puppetmasterd]
> templatedir=/var/lib/puppet/templates
> reportdir=/var/log/puppet/reports
> reports=store,log,tagmail,rrdgraph
> tagmap=$confdir/tagmail.conf
> rrddir=$vardir/rrd
> rrdgraph=true
> rrdinterval=$runinterval
> certname=vps200
>
>
> [puppetd]
> server=vps200.domain
> runinterval=1800
>
> Does fileserver use another SSL certificate? or I'm making some
> mistake.
>
> regards,
> Israel.
>
>
> >
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
