A quick overview of our setup:
We have an EBS-backed puppet master instance with an Elastic IP, and a
number of puppet agent AMI images in various regions. When these AMIs
were created, they were authenticated with the puppet master using the
following command:
# puppet agent --certname=$(cat /etc/puppet/certname) --server
puppet.ourdomain.net --waitforcert 30 --test
...and accepted on the puppet master with:
# puppet cert --certname=$(cat /etc/puppet/certname) --sign {instance-
name}
Spinning up new instances of the AMIs worked without issue.
Now, the problem:
Recently we had to reboot our puppet master instance. As expected, the
Elastic IP stayed the same. As far as we can tell, the *hostname*
stayed the same also. Since it was just a reboot, this can happen.
However, despite setting the --certname on both the master and agent
and the IP and hostname not changing, our agents are now complaining
that the "hostname not match with the server certificate".
We're at a loss on how to fix this. We'd rather fix this on the server
rather than have to re-image the AMIs, as it was a time-consuming
operation and we can't put aside time to re-image the AMIs every time
the master reboots.
Any suggestions on how to track down where the problem is or how to
fix it?
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
