I have installed on the client and on the server puppet version
0.25.5.
The setup was successfully tested with Webrick server on the
puppetserver. Afterwards i switched to passenger (2.2.11) and rack
(1.0.1) on the server.
Puppetmaster starts successfully with an httpd start.
Making a certificate request works and signing on the server was also
no problem. However afterwards following message appears.
/usr/sbin/puppetd --server <SERVER_NAME> --waitforcert 60 --
test --debug --trace --verbose
debug: Puppet::Type::User::ProviderLdap: true value when expecting
false
debug: Puppet::Type::User::ProviderUser_role_add: file roledel does
not exist
debug: Puppet::Type::User::ProviderPw: file pw does not exist
debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/
dscl does not exist
debug: Failed to load library 'ldap' for feature 'ldap'
debug: /File[/var/lib/puppet/client_yaml]: Autorequiring File[/var/
lib/
puppet]
debug: /File[/var/lib/puppet/clientbucket]: Autorequiring File[/var/
lib/puppet]
debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/
puppet/ssl]
debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/
var/lib/puppet/ssl]
debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet]
debug: /File[/var/lib/puppet/ssl/certs/HOSTNAME.pem]: Autorequiring
File[/var/lib/puppet/ssl/certs]
debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/
var/
lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/
puppet]
debug: /File[/var/lib/puppet/ssl/private_keys/HOSTNAME.pem]:
Autorequiring File[/var/lib/puppet/ssl/private_keys]
debug: /File[/var/lib/puppet/state/graphs]: Autorequiring File[/var/
lib/puppet/state]
debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/
puppet]
debug: /File[/var/lib/puppet/ssl/public_keys/HOSTNAME.pem]:
Autorequiring File[/var/lib/puppet/ssl/public_keys]
debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/
var/lib/puppet/ssl/certs]
debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring
File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/
lib/
puppet/ssl]
debug: Finishing transaction -606761748 with 0 changes
debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/
puppet]
debug: /File[/var/lib/puppet/ssl/private_keys/HOSTNAME.pem]:
Autorequiring File[/var/lib/puppet/ssl/private_keys]
debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/
var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/
var/
lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/certs/HOSTNAME.pem]: Autorequiring
File[/var/lib/puppet/ssl/certs]
debug: /File[/var/lib/puppet/ssl/public_keys/HOSTNAME.pem]:
Autorequiring File[/var/lib/puppet/ssl/public_keys]
debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring
File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/
lib/
puppet/ssl]
debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/
puppet/ssl]
debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/
var/lib/puppet/ssl/certs]
debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/
puppet]
debug: Finishing transaction -607024878 with 0 changes
debug: Using cached certificate for ca
debug: Using cached certificate for HOSTNAME
debug: Finishing transaction -607157058 with 0 changes
debug: Using cached certificate for ca
debug: Using cached certificate for HOSTNAME
/usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:55:in
`deserialize'
/usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:69:in `find'
/usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:202:in
`find'
/usr/lib/ruby/site_ruby/1.8/puppet/indirector.rb:51:in `find'
/usr/lib/ruby/site_ruby/1.8/puppet/ssl/host.rb:215:in `ssl_store'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http_pool.rb:56:in
`cert_setup'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http_pool.rb:98:in
`http_instance'
/usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:65:in `network'
/usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:69:in `find'
/usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:202:in
`find'
/usr/lib/ruby/site_ruby/1.8/puppet/indirector.rb:51:in `find'
/usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:208:in
`retrieve_new_catalog'
/usr/lib/ruby/site_ruby/1.8/puppet/util.rb:418:in `thinmark'
/usr/lib/ruby/1.8/benchmark.rb:293:in `measure'
/usr/lib/ruby/1.8/benchmark.rb:307:in `realtime'
/usr/lib/ruby/site_ruby/1.8/puppet/util.rb:417:in `thinmark'
/usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:207:in
`retrieve_new_catalog'
/usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:104:in
`retrieve_catalog'
/usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:142:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:53:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/agent/locker.rb:21:in `lock'
/usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:53:in `run'
/usr/lib/ruby/1.8/sync.rb:229:in `synchronize'
/usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:53:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:134:in `with_client'
/usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:51:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/application/puppetd.rb:103:in
`onetime'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in `send'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in `run_command'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:306:in
`exit_on_fail'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in `run'
/usr/sbin/puppetd:160
err: Could not retrieve catalog from remote server: Error 403 on
SERVER: Forbidden request: HOSTNAME(IP_ADDRESSE) access to /
certificate_revocation_list/ca [find] at line 0
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
I set the required puppet.conf settings:
[puppetmasterd]
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
It seems there are quite a lot of issues around those CA errors
already available. However the most were related to older puppet
versions and declared as fixed already.
Does somebody have an idea what is going wrong here.
Thanks a lot
Christian
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
