I wonder if there is any way to hack to turn off ssl because I need to
really get this to work. We are running puppet w/i our internal
network so I can give up security / ssl to get it to work. Maybe I
need to modify puppetmaster client / server to just pass a "true" at
this pt.
On Apr 21, 7:07 pm, Patrick <kc7...@gmail.com> wrote:
> On Apr 21, 2010, at 3:59 PM, Brian Lam wrote:
>
>
>
> > I apologized ahead of time if this post shouldn't go here but I having
> > been knocking my heading for the last two days trying to get over the
> > following error while trying to "clone" my primary puppetmasterd
> > because we have outgrown one puppetmasterd setup.
>
> > I have basically set up a 2nd instance of our primary puppetmasterd
> > and rsync'ed over /var/lib/puppet/ssl/ from the primary to the
> > secondary puppetmasterd. The client ran to completion (and recorded
> > the log in /var/lib/puppet/report/) but the file copying statement
> > were failing:
> > (see log below)
>
> > Failed to generate additional resources during transaction:
> > Certificates were not trusted: hostname was not match with the server
> > certificate
>
> > I am sorta desperate at this point and am thinking of trying to hack
> > the libraries....
>
> > Any advice would be appreciate. I am running 0.24.6-1. Thanks in
> > advance.
>
> > EQX r...@xen-pup-dash:/etc/puppet# puppetd -vt
> > info: Loading fact kernelrelease
> > info: Loading fact disk_facts
> > info: Loading fact facts
> > info: Loading fact www_pool
> > info: Retrieving facts
> > notice: /File[/var/lib/puppet/facts]/checksum: checksum changed
> > '{mtime}Sat Jan 30 16:44:27 -0800 2010' to '{mtime}Sat Jan 30 16:44:28
> > -0800 2010'
> > info: Loading fact kernelrelease
> > info: Loading fact disk_facts
> > info: Loading fact facts
> > info: Loading fact www_pool
> > info: Caching catalog at /var/lib/puppet/localconfig.yaml
> > notice: Starting catalog run
> > warning: Certificate validation failed; consider using the certname
> > configuration option
> > err: //Node[xen-pup-dash]/common/File[/home/scripts]: Failed to
> > generate additional resources during transaction: Certificates were
> > not trusted: hostname was not match with the server certificate
> > warning: Certificate validation failed; consider using the certname
> > configuration option
> > err: //Node[xen-pup-dash]/common/File[/home/scripts]: Failed to
> > retrieve current state of resource: Certificates were not trusted:
> > hostname was not match with the server certificate Could not describe /
> > files/server-configs/eqx-sv2/common/home/scripts: Certificates were
> > not trusted: hostname was not match with the server certificate at /
> > etc/puppet/manifests/eqx-sv2/production/classes/common.pp:251
> > notice: //Node[xen-pup-dash]/common/Remote_file[/home/scripts/
> > update.whoami.sh]/File[/home/scripts/update.whoami.sh]: Dependency
> > file[/home/scripts] has 1 failures
> > warning: //Node[xen-pup-dash]/common/Remote_file[/home/scripts/
> > update.whoami.sh]/File[/home/scripts/update.whoami.sh]: Skipping
> > because of failed dependencies
> > ...
> > ...
> > ...
>
> I'm pretty sure that the server name that the clients see doesn't match the
> name on the certificate the server is using to authenticate. I'm not sure
> what the best way around this is.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group
> athttp://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
