On Apr 21, 2010, at 3:59 PM, Brian Lam wrote:
> I apologized ahead of time if this post shouldn't go here but I having
> been knocking my heading for the last two days trying to get over the
> following error while trying to "clone" my primary puppetmasterd
> because we have outgrown one puppetmasterd setup.
>
> I have basically set up a 2nd instance of our primary puppetmasterd
> and rsync'ed over /var/lib/puppet/ssl/ from the primary to the
> secondary puppetmasterd. The client ran to completion (and recorded
> the log in /var/lib/puppet/report/) but the file copying statement
> were failing:
> (see log below)
>
> Failed to generate additional resources during transaction:
> Certificates were not trusted: hostname was not match with the server
> certificate
>
> I am sorta desperate at this point and am thinking of trying to hack
> the libraries....
>
> Any advice would be appreciate. I am running 0.24.6-1. Thanks in
> advance.
>
>
>
>
> EQX r...@xen-pup-dash:/etc/puppet# puppetd -vt
> info: Loading fact kernelrelease
> info: Loading fact disk_facts
> info: Loading fact facts
> info: Loading fact www_pool
> info: Retrieving facts
> notice: /File[/var/lib/puppet/facts]/checksum: checksum changed
> '{mtime}Sat Jan 30 16:44:27 -0800 2010' to '{mtime}Sat Jan 30 16:44:28
> -0800 2010'
> info: Loading fact kernelrelease
> info: Loading fact disk_facts
> info: Loading fact facts
> info: Loading fact www_pool
> info: Caching catalog at /var/lib/puppet/localconfig.yaml
> notice: Starting catalog run
> warning: Certificate validation failed; consider using the certname
> configuration option
> err: //Node[xen-pup-dash]/common/File[/home/scripts]: Failed to
> generate additional resources during transaction: Certificates were
> not trusted: hostname was not match with the server certificate
> warning: Certificate validation failed; consider using the certname
> configuration option
> err: //Node[xen-pup-dash]/common/File[/home/scripts]: Failed to
> retrieve current state of resource: Certificates were not trusted:
> hostname was not match with the server certificate Could not describe /
> files/server-configs/eqx-sv2/common/home/scripts: Certificates were
> not trusted: hostname was not match with the server certificate at /
> etc/puppet/manifests/eqx-sv2/production/classes/common.pp:251
> notice: //Node[xen-pup-dash]/common/Remote_file[/home/scripts/
> update.whoami.sh]/File[/home/scripts/update.whoami.sh]: Dependency
> file[/home/scripts] has 1 failures
> warning: //Node[xen-pup-dash]/common/Remote_file[/home/scripts/
> update.whoami.sh]/File[/home/scripts/update.whoami.sh]: Skipping
> because of failed dependencies
> ...
> ...
> ...
I'm pretty sure that the server name that the clients see doesn't match the
name on the certificate the server is using to authenticate. I'm not sure what
the best way around this is.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
