Hello readers,
I have this little issue that my puppet client refuses to do anything
because of SSL validation errors. Maybe I'll just post dump of what
happens, that makes it clear I hope. Does anyone have a suggestion why that
might happen? what I already checked:
On the master:
- Puppet and puppetmaster is running
- Something is listening on Port 8140 (although I cannot telnet-connect
to it, it closes immediately for whatever reason)
- in /var/lib/puppet/ssl: find . -type f -delete
On the client:
- in /var/lib/puppet/ssl: find . -type f -delete
I would appreciate any help that's available ...
thanks & greetings! Axel.
... and now the little dump:
(CLIENT)
*root@l1311022:/var/lib/puppet/ssl$* *puppet agent --test*
info: Creating a new SSL key for l1311022.our.domain.de
warning: peer certificate won't be verified in this SSL session (2x)
info: Creating a new SSL certificate request for l1311022.our.domain.de
info: Certificate Request fingerprint (md5):
19:60:00:FE:95:D8:1B:D1:7A:0A:08:C1:1F:E1:94:4E
warning: peer certificate won't be verified in this SSL session (3x)
Exiting; no certificate found and waitforcert is disabled
(SERVER)
*l1215022:/var/lib/puppet/ssl # pca -l*
notice: Signed certificate request for ca
notice: Rebuilding inventory file
l1311022.our.domain.de (19:60:00:FE:95:D8:1B:D1:7A:0A:08:C1:1F:E1:94:4E)
*l1215022:/var/lib/puppet/ssl # pca -s --all*
notice: Signed certificate request for l1311022.our.domain.de
notice: Removing file Puppet::SSL::CertificateRequest
l1311022.our.domain.de at
'/var/lib/puppet/ssl/ca/requests/l1311022.our.domain.de.pem'
l1215022:/var/lib/puppet/ssl #
(CLIENT)
*root@l1311022:/var/lib/puppet/ssl$ puppet agent --test*
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for l1311022.our.domain.de
info: Retrieving plugin
err: /File[/var/lib/puppet/lib]: Failed to generate additional resources
using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read
server certificate B: certificate verify failed
err: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect returned=1
errno=0 state=SSLv3 read server certificate B: certificate verify failed
Could not retrieve file metadata for
puppet://l1215022.our.domain.de/plugins: SSL_connect returned=1 errno=0
state=SSLv3 read server certificate B: certificate verify failed
err: Could not retrieve catalog from remote server: SSL_connect returned=1
errno=0 state=SSLv3 read server certificate B: certificate verify failed
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read
server certificate B: certificate verify failed
The config files look like this:
(CLIENT)
[main]
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = /var/lib/puppet/ssl
modulepath = /etc/puppet/modules:/opt/puppet/share/puppet/modules
[agent]
certname = l1311022.our.domain.de
server = l1215022.our.domain.de
report = true
graph = true
pluginsync = true
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
(SERVER)
[main]
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = /var/lib/puppet/ssl
certname = l1215022.our.domain.de
[agent]
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/ToaPaY7mtgwJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
