Re: [Puppet Users] SSL Cert issues - Puppet Agent and Master on same host
On 11/18/2014 10:26 PM, kevin.mastel...@gmail.com wrote: [root@- puppet]# ./node.rb my-puppet-svr Could not send facts to Foreman: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed Hmm, I don't know which TCP port is used to contact Foreman, but I suggest using `openssl s_client` to see which certificate is being presented, and to see whether it can be verified using -CAfile. HTH, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5470F7C9.8090502%40Alumni.TU-Berlin.de. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] SSL Cert issues - Puppet Agent and Master on same host
Currently trying to get puppet, katello and foreman to play nicely. Everything except puppet is working as I would expect. No matter what I try, whether it be blasting the /var/lib/puppet/ssl directory, running --clean (or whatever the commands are), or trying all the steps on the Puppet troubleshooting page, I always get the same messages--- [root@- ]# puppet agent -t info: Retrieving plugin err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve information from environment production source(s) my-puppet-svr err: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find node 'my-puppet-svr'; cannot compile warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run [root@- puppet]# ./node.rb my-puppet-svr Could not send facts to Foreman: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed Since the puppet agent and master are running on the same machine and using the same physical certificate files, I do not understand what the issue is Any help is greatly appreciated. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d1477d4d-451a-45ae-bfb5-5bd3d8b8a2f6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] SSL Cert issues - Puppet Agent and Master on same host
On 18/11/14 22:26, kevin.mastel...@gmail.com wrote: Currently trying to get puppet, katello and foreman to play nicely. Everything except puppet is working as I would expect. No matter what I try, whether it be blasting the /var/lib/puppet/ssl directory, running --clean (or whatever the commands are), or trying all the steps on the Puppet troubleshooting page, I always get the same messages--- [root@- ]# puppet agent -t info: Retrieving plugin err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve information from environment production source(s) my-puppet-svr err: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find node 'my-puppet-svr'; cannot compile warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run [root@- puppet]# ./node.rb my-puppet-svr Could not send facts to Foreman: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed Since the puppet agent and master are running on the same machine and using the same physical certificate files, I do not understand what the issue is Any help is greatly appreciated. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com mailto:puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d1477d4d-451a-45ae-bfb5-5bd3d8b8a2f6%40googlegroups.com https://groups.google.com/d/msgid/puppet-users/d1477d4d-451a-45ae-bfb5-5bd3d8b8a2f6%40googlegroups.com?utm_medium=emailutm_source=footer. For more options, visit https://groups.google.com/d/optout. netstat -tupln | grep 8140 : is puppet master up and running and listening iptables -L -n : firewall settings correct ping my-puppet-svr : name resolution working Just checking the obvious stuff first ... -- Johan De Wit Open Source Consultant Red Hat Certified Engineer (805008667232363) Puppet Certified Professional 2013/2014 (PCP006) _ Open-Future Phone +32 (0)2/255 70 70 Zavelstraat 72 Fax +32 (0)2/255 70 71 3071 KORTENBERG Mobile+32 (0)474/42 40 73 BELGIUM http://www.open-future.be _ Next Events: Puppet Introduction Course | http://www.open-future.be/puppet-introduction-course-10th-november Puppet Fundamentals Training | http://www.open-future.be/puppet-fundamentals-training-12-till-14th-november Zabbix Certified Training | http://www.open-future.be/zabbix-certified-specialist-training-17-till-19th-november Zabbix Certified Professional | http://www.open-future.be/zabbix-certified-professional-training-20-till-21st-november Subscribe to our newsletter | http://eepurl.com/BUG8H -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/546C7DE1.2050708%40open-future.be. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] SSL Cert issues - Puppet Agent and Master on same host
On Wednesday, November 19, 2014 6:24:28 AM UTC-5, Johan De Wit wrote: netstat -tupln | grep 8140 : is puppet master up and running and listening iptables -L -n : firewall settings correct ping my-puppet-svr : name resolution working Just checking the obvious stuff first ... [root@e-imgsrv puppet]# netstat -tulpn | grep 8140 tcp0 0 0.0.0.0:81400.0.0.0:* LISTEN 48905/ruby Don't have any firewall settings as network is unreachable from outside, but [root@e-imgsrv puppet]# iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination PING e-imgsrv.ufhpc (172.16.168.80) 56(84) bytes of data. 64 bytes from e-imgsrv.ufhpc (172.16.168.80): icmp_seq=1 ttl=64 time=0.016 ms 64 bytes from e-imgsrv.ufhpc (172.16.168.80): icmp_seq=2 ttl=64 time=0.020 ms -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/dc71c782-7921-4cd7-9a40-40c65040fdad%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] SSL Cert issues - Puppet Agent and Master on same host
[root@e-imgsrv puppet]# netstat -tulpn | grep 8140 tcp0 0 0.0.0.0:81400.0.0.0:* LISTEN 48905/ruby Don't have any firewall settings as network is unreachable from outside, but [root@e-imgsrv puppet]# iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination PING e-imgsrv.ufhpc (172.16.168.80) 56(84) bytes of data. 64 bytes from e-imgsrv.ufhpc (172.16.168.80): icmp_seq=1 ttl=64 time=0.016 ms 64 bytes from e-imgsrv.ufhpc (172.16.168.80): icmp_seq=2 ttl=64 time=0.020 ms -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/ab6747f7-ec3b-4a9a-ac8e-ed6cac5fafba%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.