> Getting back to my ultra simple setup, I'm finding that I can't run > "puppetd --test": > [root@msukpuppet02 puppet]# puppetd --test > err: Could not retrieve catalog from remote server: SSL_connect > returned=1 errno=0 state=SSLv3 read server certificate B: certificate > verify failed > warning: Not using cache on failed catalog > err: Could not retrieve catalog; skipping run > [root@msukpuppet02 puppet]# > > > HOWEVER...this works perfectly: > > [root@msukpuppet02 puppet]# puppetd --test -- > server=msukpuppet01.mserv.local > info: Caching catalog for msukpuppet02.mserv.local > info: Applying configuration version '1308583986' > notice: Finished catalog run in 0.02 seconds > [root@msukpuppet02 puppet]# > > > > My puppet config file sits in "/etc/sysconfig/puppet"
Well - thats the RedHat specific environment file. Your configuration file for puppet (at least the one we usually refer to) is usually /etc/puppet/puppet.conf ;-). Anyway - the error you are getting is an SSL certificate security issue. When you run: puppet agent --test Its looking for the hostname 'puppet' and trying to connect to it. Now if the server side certificate doesn't have the alias 'puppet' in the CN field its going to get rejected by the client. Think web server certificates in your browser ... except instead of giving you a warning you can push through ... we reject the connection. This is why using the alternate hostname works: puppet agent --test --server=msukpuppet01.mserv.local The hostname matches the CN field in the certificate this time :-). So you have a few choices here. You can update the /etc/puppet/puppet.conf on your clients with the setting: [agent] server=msukpuppet01.mserv.local That way it will just use that each time you do a 'puppet agent -t'. Or, you can regenerate your server certificate to have a number of aliases: puppet, msukpuppet01.mserv.local, puppet.mserv.local etc. I can explain this but ... what version of Puppet are you running btw? I get the impression its an old one. I would recommend upgrading to 2.6 before you proceed too far :-). If you already run 2.6 let me know :-). ken. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
