Hi, I'm rolling out a new Puppet install and am having some problems with certs. I've googled and read the docs but can't find anything.
Almost all boxes on the network are dual-homed, with a primary network (VLAN, /27 subnet) for public data and an admin/management network for backups and other backend stuff. All hosts have a primary interface on the main network (and their "real" hostname resolves to that IP) and a second interface on the admin network, with the DNS name for that IP like "hostname"-mgmt. I have puppet setup on a few clients and one puppetmaster (named puppet, with a name of puppet-mgmt on the second network). All of the clients (I've setup 4 so far) pull their configs from the master fine, either running `puppetd --no-daemonize --verbose --listen --server=puppet-mgmt.mydomain.com` or through the init script. Each host has certname= specified in their puppet.conf [puppetd] section as the FQDN, and also has certdnsnames= hostname-mgmt.mydomain.com defined there. However, when I try (from the puppetmaster) to puppetrun --host=hostname.mydomain.com, I get a HTTP-Error 500 from puppetrun and in the client logs, I see: notice: Denying unauthenticated client puppet.mydomain.com(192.168.0.10) access to puppetrunner.run The one thing that I've noticed is that in /var/lib/puppet/ssl on the clients, there's no server cert, and the CA cert only has the main network FQDN, not the "-mgmt" name. Any ideas? Where should I be looking? And is there any way to get *seriously* verbose debugging information? I even tried running puppetd with "--trace", but I never get anything more than "notice: Denying unauthenticated client" Thanks, Jason Antman --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
