I've found it difficult to upgrade from 0.24.8 to 0.25.2. Things are great after I only upgrade the master to 0.25.2, but once the client gets switched to 0.25.2, I can't sync plugins/facts anymore. The error seems to indicate that it's some SSL issue. Any suggestions would be appreciated, as my inability to understand SSL properly despite trying numerous times is astounding.
My setup is probably a bit unorthodox. Apache + Mongrel, all my masters have identical certificates (literally copied) with CN "puppet.dev", but each is in a different datacenter (e.g. puppet.dev.us.mydomain.com). Individual machines have its "server" directive set to "puppet.dev" so that it could connect to any master, but a machine is specifically connected to the proper master by using the LOCALDOMAIN environment variable when puppetd is run. (so something like "LOCALDOMAIN=us.mydomain.com puppetd -vt". An individual puppetmaster will have its hostname set to the fqdn (e.g. puppet.dev.us.mydomain.com). This used to work in 0.24.8, but once I upgrade the client to 0.25.2, the pluginsync no longer works. Everything else in terms of executing the actual recipes connect and execute, so it doesn't seem like the certificates have an inherent problem. It seems the pluginsync mechanism has changed, and those specific files don't sync between the master/client anymore (before the actual configuration run). Here is the output from the client on -vdt mode: debug: Failed to load library 'selinux' for feature 'selinux' debug: Puppet::Type::User::ProviderLdap: true value when expecting false debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/ dscl does not exist debug: Puppet::Type::User::ProviderPw: file pw does not exist debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does not exist debug: /File[/var/puppet/client_yaml]: Autorequiring File[/var/puppet] debug: /File[/var/puppet/state/state.yaml]: Autorequiring File[/var/ puppet/state] debug: /File[/var/puppet/state/graphs]: Autorequiring File[/var/puppet/ state] debug: /File[/etc/puppet/ssl/private_keys/ ec2-67-202-4-164.compute-1.amazonaws.com.pem]: Autorequiring File[/etc/ puppet/ssl/private_keys] debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/ ssl] debug: /File[/etc/puppet/ssl/public_keys/ ec2-67-202-4-164.compute-1.amazonaws.com.pem]: Autorequiring File[/etc/ puppet/ssl/public_keys] debug: /File[/var/puppet/log]: Autorequiring File[/var/puppet] debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring File[/etc/ puppet/ssl] debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet] debug: /File[/etc/puppet/ssl/ csr_ec2-67-202-4-164.compute-1.amazonaws.com.pem]: Autorequiring File[/ etc/puppet/ssl] debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/ ssl] debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring File[/etc/ puppet/ssl] debug: /File[/etc/puppet/ssl/certs/ ec2-67-202-4-164.compute-1.amazonaws.com.pem]: Autorequiring File[/etc/ puppet/ssl/certs] debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring File[/etc/ puppet/ssl/certs] debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet] debug: /File[/var/puppet/state]: Autorequiring File[/var/puppet] debug: /File[/var/puppet/clientbucket]: Autorequiring File[/var/ puppet] debug: /File[/var/puppet/state/classes.txt]: Autorequiring File[/var/ puppet/state] debug: /File[/var/puppet/lib]: Autorequiring File[/var/puppet] debug: /File[/var/puppet/facts]: Autorequiring File[/var/puppet] debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring File [/etc/puppet/ssl] debug: Finishing transaction -606854728 with 0 changes debug: Using cached certificate for ca, good until Mon Jun 30 05:34:58 UTC 2014 debug: Using cached certificate for ec2-67-202-4-164.compute-1.amazonaws.com, good until Thu Jan 08 01:21:20 UTC 2015 debug: Loaded state in 0.01 seconds info: Retrieving plugin debug: Using cached certificate for ca, good until Mon Jun 30 05:34:58 UTC 2014 debug: Using cached certificate for ec2-67-202-4-164.compute-1.amazonaws.com, good until Thu Jan 08 01:21:20 UTC 2015 err: /File[/var/puppet/lib]: Failed to generate additional resources using 'eval_generate': hostname was not match with the server certificate debug: file_metadata supports formats: b64_zlib_yaml marshal pson raw yaml; using marshal debug: Finishing transaction -607092328 with 0 changes ....and a bunch of lines executing the recipes that only worked because the plugins were already synced back when the machine was on puppet 0.24.8 Since the error complains about hostname not matching the certificate, I tried changing the server's hostname to "puppet.dev" and rebooting the master but still no luck. Thanks, Clarence
-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
