I am attempting to set up file serving in a testing environment. I
currently have puppet/puppetmaster running "successfully" in that I
have users and hosts updating correctly across all clients, but when I
try to source /etc/sudoers, I am getting the following errors on my
client:
Sep 2 08:30:53 vm1 puppetd[20098]: Certificate validation failed;
consider using the certname configuration option
Sep 2 08:30:53 vm1 puppetd[20098]: (//Node[default]/baseclass/sudo/
File[/etc/sudoers]/source) change from {md5}
7979b7220807b750f3a1e45e93b0da3f to puppet://vm1.mydomain.com/files/sudoers
failed: Certificates were not trusted: hostname not match with the
server certificate
Sep 2 08:30:53 vm1 puppetd[20098]: (//Node[default]/baseclass/hosts/
Host[vm1.mydomain.com]/alias) alias changed 'vm1 foo' to 'vm1'
Sep 2 08:30:53 vm1 puppetd[20098]: Finished catalog run in 0.24
seconds
As you can see, an /etc/hosts alias is correctly updating -
previously, it also added some users for me.
The puppetmaster is: vm1.mydomain.com (domain name changed to protect
the guilty)
The client is: vm2.mydomain.com
Both of the hostnames are confirmed by running `hostname` as well as
facter fqdn
Here is /etc/puppet.conf (on the client)
[main]
vardir = /var/lib/puppet
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl
[puppetd]
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
server = vm1.mydomain.com
I have also tried adding "certname = vm1.mydomain.com" on both the
client and server to resolve the issue, to no avail. In between every
attempt, I have nuked everything under /var/lib/puppet on both the
client and server, restarted both and resigned the certificates with
puppetca --sign hostname.
Both clocks are in sync. I looked at
http://reductivelabs.com/trac/puppet/wiki/CertificatesAndSecurity
and ran the following command on the server, but am not sure exactly
what I'm looking for:
[r...@vm1 lib]# openssl x509 -text -noout -in /var/lib/puppet/ssl/
certs/vm1.mydomain.com.pem | grep -A2 Validity
Validity
Not Before: Sep 1 12:24:33 2009 GMT
Not After : Aug 31 12:24:33 2014 GMT
Here is my /etc/puppet/manifests/classes/sudo.pp definition:
class sudo {
file { "/etc/sudoers":
owner => "root",
group => "root",
mode => 440,
source => "puppet://vm1.mydomain.com/files/sudoers"
}
}
...and my /etc/puppet/fileserver.conf (temporarily set to allow *
until I sort this out)
[files]
path /etc/puppet/files
allow *
Any ideas? This configuration seems pretty dead simple and it is half
working, it's just not serving files. I am using puppet 0.24.8-1 on
CentOS 5.3 from the epel yum repository.
Thanks in advance for any help you might be able to provide.
Aaron
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
