[Puppet Users] Re: SSL Issues when Puppet master and client are on the same machine

[Jamie]

Ok, I made a [puppetmasterd] section, not sure what I'd want to put
into a [puppetd] section though that isn't fine in a [main] section.

[main]

    # Default (/var/puppet/log)
    logdir = /var/log/puppet

    # Default (/var/puppet/run)
    rundir = /var/run/puppet

    # How often (in seconds) puppetd connects to the master (default:
1800)
    runinterval = 900

    # Whether to flush logs to disk immediately
    autoflush = true

[puppetmasterd]

    # Default (/etc/puppet/modules:/usr/share/puppet/modules)
    modulepath = /etc/puppet/modules

    # Needed for reverse proxy
    ssl_client_header = HTTP_X_SSL_SUBJECT

    # For external nodes via cobbler "systems"
    external_nodes = /usr/bin/cobbler-ext-nodes
    node_terminus = exec


I don't understand how certname would help me though (assuming my
puppet server is called puppet01 with a CNAME of puppet).  It all
worked fine without specifying certname prior to me cleaning out all
the certs.

Could I do something like this?

[puppetmasterd]
ssldir = /etc/puppet/puppetmaster_ssl

[puppetd]
ssldir = /etc/puppet/ssl


Here's the (cleaned) output I get trying to run puppetd.

$ sudo puppetd -td
debug: Puppet::Type::User::ProviderPw: file pw does not exist
debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/
dscl does not exist
debug: Puppet::Type::User::ProviderLdap: true value when expecting
false
debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does
not exist
debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring File
[/etc/puppet/ssl]
debug: /File[/etc/puppet/ssl/private_keys/puppet01.example.com.pem]:
Autorequiring File[/etc/puppet/ssl/private_keys]
debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/
ssl]
debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring File[/etc/
puppet/ssl/certs]
debug: /File[/etc/puppet/ssl/public_keys/puppet01.example.com.pem]:
Autorequiring File[/etc/puppet/ssl/public_keys]
debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet]
debug: /File[/var/puppet/clientbucket]: Autorequiring File[/var/
puppet]
debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring File[/etc/
puppet/ssl]
debug: /File[/var/puppet/state/graphs]: Autorequiring File[/var/puppet/
state]
debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet]
debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/
ssl]
debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring File[/etc/
puppet/ssl]
debug: /File[/var/puppet/client_yaml]: Autorequiring File[/var/puppet]
debug: /File[/var/puppet/state/state.yaml]: Autorequiring File[/var/
puppet/state]
debug: /File[/var/puppet/state/classes.txt]: Autorequiring File[/var/
puppet/state]
debug: /File[/var/puppet/state]: Autorequiring File[/var/puppet]
debug: /File[/var/puppet/lib]: Autorequiring File[/var/puppet]
debug: /File[/var/puppet/facts]: Autorequiring File[/var/puppet]
debug: /File[/etc/puppet/ssl/certs/puppet01.example.com.pem]:
Autorequiring File[/etc/puppet/ssl/certs]
debug: Finishing transaction 23703295081660 with 0 changes
debug: Using cached certificate for ca
debug: Using cached certificate for puppet01.example.com
debug: Loaded state in 0.01 seconds
debug: Using cached certificate for ca
debug: Using cached certificate for puppet01.example.com
err: Could not retrieve catalog from remote server: certificate verify
failed
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run




On Jan 18, 1:29 pm, Scott Smith <sc...@ohlol.net> wrote:
> On 1/18/10 1:11 PM, Jamie wrote:
>
> > Oh!  You're probably right :)  Can  you elaborate or point me in the
> > right direction?
>
> Umm, you don't have [puppetd] and [puppetmasterd] sections?
>
> At the bare minimum, you probably need to tell puppetmasterd and puppetd to 
> use different hostnames.
>
> http://docs.reductivelabs.com/references/latest/configuration.html
>
> Check out certname.
>
> -scott

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.