Just in case others run into this problem... The issue in my case was that I ran puppet and *then* changed somethings in /etc/hosts. But, the first time I ran puppetd on the client, it created a $HOME/.puppet/ssl directory that had the old host/domain info. Simply deleting it solved the issue. Things I learned:
* Try running the puppetmasterd by hand with the --no-daemonize --debug --verbose options to see what is going on. * Run puppetd on the client with the same options. * Deleting the ssl directories in $HOME/.puppet and /var/lib/puppet is sometimes needed. Another subtle point is that I was doing the initial certificate signing using a regular user and sudo. The problem with this is that the certs go into $HOME/.puppet/ssl rather than the system /var/lib/puppet that would be used if you start things using the init.d scripts that come with the system. This is a bit confusing and means that the recommended way of running puppetd by hand in non-daemon mode to sign the certs doesn't work properly on Ubuntu. Cheers, Brian On Sun, May 2, 2010 at 5:40 PM, Trevor Vaughan <tvaug...@onyxpoint.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Did you set up autosign by chance? > > Try puppetca --list --all > > Trevor > > On 05/01/2010 09:18 PM, Brian Granger wrote: >> Gabriel, >> >> I am running into similar problems in configuring a single client, >> single server puppet setup. >> >>> I’ve been suffering all week to fix all manner of SSL issues on my test >>> setup, not realizing that it was my puppet master where I had made a >>> mistake. I’ve spoken to people in the IRC room for long enough to know that >>> a lot of people have this problem, so I’ve come up with a quick and dirty >>> hack, that has FIXED all 4 test setups I built. If you getting that dreaded >>> hostname not matching SSL certificate or other, and your puppet server IS >>> NOT a production server then you go do what I did ☺ >>> >>> • Okay, first nuke both SSL directories, on puppetmaster and client, I did >>> #] mv ssl sslbackup >>> • Make sure puppet is NOT running on the client >>> • Make sure that the puppet master hostname is what you expect it to be, >>> (google change linux hostname, to be SURE) >>> • Add an entry to puppet client host file, to force it to go to the right >>> server – Or you can update your DNS and wait for it to propagate >>> • On client: #] puppetd --waitforcert 60 --test --server >>> host.domainname.com, >>> • On server: #] puppetca –list >>> • On the server you should see -- puppetclient.domain.com >> >> This is where I run into problems. puppetca --list always returns >> empty. I have tried a number of different things (restart the >> puppetmaster), remove/reinstall puppetmaster/puppet on client/server. >> I don't have a firewall running and my /etc/hosts files are setup >> correctly as far as I can tell. >> >> What should I try next? >> >> Cheers, >> >> Brian >> >>> • On server #] puppetca –sign puppetclient.domain.com >>> >>> At this point your puppetclient should ‘give in’ and for ever be linked >>> with your puppet master to do it’s bidding when called upon! Don’t forget >>> to restart puppet on the client >>> >>> If anyone has anything to add, or if I got this completely wrong, feel >>> free to flame the crap out of me, at least we all learn together – and I >>> was actually able to make a contribution pretty quick in my puppet career ☺ >>> Have a good weekend! >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "Puppet Users" group. >>> To post to this group, send email to puppet-us...@googlegroups.com. >>> To unsubscribe from this group, send email to >>> puppet-users+unsubscr...@googlegroups.com. >>> For more options, visit this group >>> athttp://groups.google.com/group/puppet-users?hl=en. >> > > - -- > Trevor Vaughan > Vice President, Onyx Point, Inc. > email: tvaug...@onyxpoint.com > phone: 410-541-ONYX (6699) > pgp: 0x6C701E94 > > - -- This account not approved for unencrypted sensitive information -- > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > > iEYEARECAAYFAkveG3sACgkQyWMIJmxwHpSNGQCeJJTWNI78Hs+Lyn+5Dk0fbfGe > 88sAn2Lpeq+uoTBUqqj8O3m9UAiRTdHk > =rrt1 > -----END PGP SIGNATURE----- > -- Brian E. Granger, Ph.D. Assistant Professor of Physics Cal Poly State University, San Luis Obispo bgran...@calpoly.edu elliso...@gmail.com -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
