Hi,
Thanks for you quick reply.
Try puppetd --test --waitforcert 15
I actually tried --waitforcert 48 ! But it still hang and end up into a
certificate timeout : puppetd[2078]: Could not request certificate:
Connection refused - connect(2)
I think it's complaining about waitforcert because you need that flag to
retrieve the cert from the server.
But it would have been nice to see the actual command you used to produce
that error. :)
puppet is running as regular red hat service, so there is no command
(well there is but I just let the service runs). I have nothing fancy in my
[puppetd] configuration:
[puppetd]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
server = puppetmaster.domain
The number is the interval that the puppet client will pause between
requests to the server for it's cert and is a required parameter.
Ah, ok , so maybe having a big number here ( --waitforcert 48) is a bad
idea
At that point, back on the server you should see what facter considers to
be the fqdn of the requesting machine when you issue
puppetca --list
Then sign
puppetca --sign http://host.domain.comhost.domain.com
I'd recommend turning off autosign on the puppet master as it's a security
risk.
For now I need autosign, because I'm creating instance on the fly - so I
don't want to manually accept each one. (but I'm aware of the security
risk of this setup).
Hope that is helpful.
Sent from my iPhone
On Mar 11, 2011, at 8:04 AM, Romain Pelisse bela...@gmail.com wrote:
Hi,
I'm using puppet on EC2 to setup my VMs with the following configuration:
# puppetd --version
0.25.5
# uname -a
Linux hostname.domain 2.6.16-xenU #1 SMP Mon May 28 03:41:49 SAST 2007 i686
i686 i386 GNU/Linux
But I keep facing some timeout from puppetd:
warning: peer certificate won't be verified in this SSL session
Exiting; failed to retrieve certificate and waitforcert is disabled
Puppetmaster is running on autosign, and I can see in the puppetmaster logs
that the puppets are actually able to connect and request a certificate:
info: Could not find certificate for 'hostname.domain'
But, nothing else seems to happens on puppetmaster side and the puppetd
finally timeout.
Did anybody runned into this situation ? Any idea on what could be
triggering this ?
--
Romain PELISSE,
*The trouble with having an open mind, of course, is that people will
insist on coming along and trying to put things in it -- Terry Pratchett*
http://belaran.eu/wordpress/belaranhttp://belaran.eu/wordpress/belaran
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
Romain PELISSE,
*The trouble with having an open mind, of course, is that people will
insist on coming along and trying to put things in it -- Terry Pratchett*
http://belaran.eu/wordpress/belaran
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.