I could use some help. I am a newbie with puppet, and am trying to
learn it and use it here at the office. I have created 2 CentOS 5.5
machines ( puppet.1on1.com - puppetmaster and puppetclient.1on1.com -
which will be the client that I control.) When I attempt to connect
my client to the master, I get the following output:
# puppet agent --server=puppet.1on1.com --no-daemonize --verbose --
debug --trace
debug: Failed to load library 'selinux' for feature 'selinux'
debug: Failed to load library 'shadow' for feature 'libshadow'
debug: Failed to load library 'ldap' for feature 'ldap'
debug: Puppet::Type::User::ProviderLdap: feature ldap is missing
debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/
dscl does not exist
debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does
not exist
debug: Puppet::Type::User::ProviderPw: file pw does not exist
debug: Puppet::Type::File::ProviderMicrosoft_windows: feature
microsoft_windows is missing
debug: /File[/var/lib/puppet/log]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/
puppet]
debug: /File[/var/lib/puppet/run]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/
ssl]
debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet]
debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring File[/etc/
puppet/ssl]
debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring
File[/etc/puppet/ssl]
debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring File[/etc/
puppet/ssl]
debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/
ssl]
debug: /File[/etc/puppet/ssl/private_keys/puppetclient.1on1.com.pem]:
Autorequiring File[/etc/puppet/ssl/private_keys]
debug: /File[/etc/puppet/ssl/public_keys/puppetclient.1on1.com.pem]:
Autorequiring File[/etc/puppet/ssl/public_keys]
debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet]
debug: /File[/var/lib/puppet/run/agent.pid]: Autorequiring File[/var/
lib/puppet/run]
debug: /File[/var/lib/puppet/client_yaml]: Autorequiring File[/var/lib/
puppet]
debug: /File[/var/lib/puppet/client_data]: Autorequiring File[/var/lib/
puppet]
debug: /File[/var/lib/puppet/clientbucket]: Autorequiring File[/var/
lib/puppet]
debug: /File[/var/lib/puppet/state/graphs]: Autorequiring File[/var/
lib/puppet/state]
debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/
puppet]
debug: Finishing transaction 167894360
debug: /File[/var/lib/puppet/log]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/
puppet]
debug: /File[/var/lib/puppet/run]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/
ssl]
debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet]
debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring File[/etc/
puppet/ssl]
debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring
File[/etc/puppet/ssl]
debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring File[/etc/
puppet/ssl]
debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/
ssl]
debug: /File[/etc/puppet/ssl/private_keys/puppetclient.1on1.com.pem]:
Autorequiring File[/etc/puppet/ssl/private_keys]
debug: /File[/etc/puppet/ssl/public_keys/puppetclient.1on1.com.pem]:
Autorequiring File[/etc/puppet/ssl/public_keys]
debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/
puppet]
debug: Finishing transaction 174279260
/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
indirector/rest.rb:97:in `rescue in http_request'
/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
indirector/rest.rb:81:in `http_request'
/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
indirector/rest.rb:76:in `block (2 levels) in <class:REST>'
/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
indirector/rest.rb:118:in `find'
/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
indirector/certificate/rest.rb:11:in `find'
/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
indirector/indirection.rb:188:in `find'
/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/ssl/
host.rb:180:in `certificate'
/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/ssl/
host.rb:263:in `wait_for_cert'
/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
application/agent.rb:416:in `setup_host'
/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
application/agent.rb:480:in `setup'
/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
application.rb:305:in `block (2 levels) in run'
/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
application.rb:411:in `hook'
/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
application.rb:305:in `block in run'
/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
application.rb:402:in `exit_on_fail'
/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
application.rb:305:in `run'
/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/util/
command_line.rb:69:in `execute'
/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/bin/puppet:4:in
`<top (required)>'
/usr/local/rvm/gems/ruby-1.9.2-p290/bin/puppet:19:in `load'
/usr/local/rvm/gems/ruby-1.9.2-p290/bin/puppet:19:in `<main>'
err: Could not request certificate: SSL_connect returned=1 errno=0
state=SSLv3 read server certificate B: certificate verify failed.
This is often because the time is out of sync on the server or client
In the /var/lib/puppet/log/maserhttp.log file I get the following
corresponding message:
[2011-08-26 12:41:42] ERROR OpenSSL::SSL::SSLError: SSL_accept
returned=1 errno=0 state=SSLv3 read client certificate A: tlsv1 alert
unknown ca
/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/
puppet/network/http/webrick.rb:44:in `accept'
/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/
puppet/network/http/webrick.rb:44:in `block (3 levels) in listen'
/usr/local/rvm/rubies/ruby-1.9.2-p290/lib/ruby/1.9.1/webrick/
server.rb:183:in `call'
/usr/local/rvm/rubies/ruby-1.9.2-p290/lib/ruby/1.9.1/webrick/
server.rb:183:in `block in start_thread'
I have verified that the times/date match on the two systems and they
are using the same ntp server.
I have run openssl against the certificate and get the following:
# openssl x509 -text -noout -in /etc/puppet/ssl/certs/puppet.
1on1.com.pem | grep -A2 Validity
Validity
Not Before: Aug 25 15:29:18 2011 GMT
Not After : Aug 23 15:29:18 2016 GMT
I installed puppet using rvm and these steps:
rvm use 1.9.2-p290 --default
gem install facter --version '1.6.0' --no-ri --no-rdoc
gem install puppet --version '2.7.3' --no-ri --no-rdoc
rvm wrapper 1.9.2-p290@system --no-prefix puppet
rvm wrapper 1.9.2-p290@system --no-prefix puppetca
rvm wrapper 1.9.2-p290@system --no-prefix facter
rvm wrapper 1.9.2-p290@system --no-prefix puppetd
rvm wrapper 1.9.2-p290@system --no-prefix puppetdoc
rvm wrapper 1.9.2-p290@system --no-prefix puppetmasterd # (on puppet.
1on1.com only)
rvm wrapper 1.9.2-p290@system --no-prefix puppetrun
mkdir -p /etc/puppet
mkdir -p /var/lib/puppet/ssl
mkdir -p /var/log/puppet
mkdir -p /var/run/puppet
I also added a startup script into /etc/init.d and used checkconfig
and server to setup and run the puppetmaster.
At this point, I am way confused as to why I cannot connect the client
to the master. Any ideas or suggestions are greatly appreciated.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
