On Monday, November 16, 2015 at 12:44:57 PM UTC-6, Christopher Wood wrote: > > No, I mean you need to fix your DNS lookups. Puppet relies on correct DNS > both to find the puppetmaster as well as checking that the puppetmaster is > presenting the correct ssl cert. >
... and the error message you, Nikhil, reported indicates that essential early step to be failing *on the affected nodes*. Verify that a resolvable name for the master is configured in the [agent] section of each node's puppet.conf, and as Christopher said, troubleshoot the name resolution configuration *on those nodes* for the configured server name. For this purpose, each node needs to be able to resolve (only) the specified master's name. The master does not need to be able to resolve nodes' names; it just needs to be willing to trust the SSL certs they present. Additionally, the configured name for the master must be among the names configured into the certificate the master presents to the agents, but your runs are failing before reaching that check. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/cfd719bf-a70b-42fd-9121-389206c2e8cd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
