Thanks again Ken!! I found it, /etc/puppet/puppet.conf requires: server = <server_name>
and then: puppetd --test works without having to specify the server name......doh!!!! I should have checked that this morning! At last I can start testing a module layout and augeas :)) I'll be sure to post the results in case others have a similar question. Bruce On Jun 20, 7:30 pm, Ken Barber <k...@puppetlabs.com> wrote: > > Getting back to my ultra simple setup, I'm finding that I can't run > > "puppetd --test": > > [root@msukpuppet02 puppet]# puppetd --test > > err: Could not retrieve catalog from remote server: SSL_connect > > returned=1 errno=0 state=SSLv3 read server certificate B: certificate > > verify failed > > warning: Not using cache on failed catalog > > err: Could not retrieve catalog; skipping run > > [root@msukpuppet02 puppet]# > > > HOWEVER...this works perfectly: > > > [root@msukpuppet02 puppet]# puppetd --test -- > > server=msukpuppet01.mserv.local > > info: Caching catalog for msukpuppet02.mserv.local > > info: Applying configuration version '1308583986' > > notice: Finished catalog run in 0.02 seconds > > [root@msukpuppet02 puppet]# > > > My puppet config file sits in "/etc/sysconfig/puppet" > > Well - thats the RedHat specific environment file. Your configuration > file for puppet (at least the one we usually refer to) is usually > /etc/puppet/puppet.conf ;-). > > Anyway - the error you are getting is an SSL certificate security > issue. When you run: > > puppet agent --test > > Its looking for the hostname 'puppet' and trying to connect to it. Now > if the server side certificate doesn't have the alias 'puppet' in the > CN field its going to get rejected by the client. Think web server > certificates in your browser ... except instead of giving you a > warning you can push through ... we reject the connection. > > This is why using the alternate hostname works: > > puppet agent --test --server=msukpuppet01.mserv.local > > The hostname matches the CN field in the certificate this time :-). > > So you have a few choices here. You can update the > /etc/puppet/puppet.conf on your clients with the setting: > > [agent] > server=msukpuppet01.mserv.local > > That way it will just use that each time you do a 'puppet agent -t'. > > Or, you can regenerate your server certificate to have a number of > aliases: puppet, msukpuppet01.mserv.local, puppet.mserv.local etc. I > can explain this but ... what version of Puppet are you running btw? I > get the impression its an old one. I would recommend upgrading to 2.6 > before you proceed too far :-). If you already run 2.6 let me know > :-). > > ken. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
