PuppetNewbie <jtsta...@gmail.com> wrote:
>I could use some help. I am a newbie with puppet, and am trying to >learn it and use it here at the office. I have created 2 CentOS 5.5 >machines ( puppet.1on1.com - puppetmaster and puppetclient.1on1.com - >which will be the client that I control.) When I attempt to connect >my client to the master, I get the following output: > ># puppet agent --server=puppet.1on1.com --no-daemonize --verbose -- >debug --trace >debug: Failed to load library 'selinux' for feature 'selinux' >debug: Failed to load library 'shadow' for feature 'libshadow' >debug: Failed to load library 'ldap' for feature 'ldap' >debug: Puppet::Type::User::ProviderLdap: feature ldap is missing >debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/ >dscl does not exist >debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does >not exist >debug: Puppet::Type::User::ProviderPw: file pw does not exist >debug: Puppet::Type::File::ProviderMicrosoft_windows: feature >microsoft_windows is missing >debug: /File[/var/lib/puppet/log]: Autorequiring File[/var/lib/puppet] >debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/ >puppet] >debug: /File[/var/lib/puppet/run]: Autorequiring File[/var/lib/puppet] >debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] >debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/ >ssl] >debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet] >debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring File[/etc/ >puppet/ssl] >debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring >File[/etc/puppet/ssl] >debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring File[/etc/ >puppet/ssl] >debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/ >ssl] >debug: /File[/etc/puppet/ssl/private_keys/puppetclient.1on1.com.pem]: >Autorequiring File[/etc/puppet/ssl/private_keys] >debug: /File[/etc/puppet/ssl/public_keys/puppetclient.1on1.com.pem]: >Autorequiring File[/etc/puppet/ssl/public_keys] >debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet] >debug: /File[/var/lib/puppet/run/agent.pid]: Autorequiring File[/var/ >lib/puppet/run] >debug: /File[/var/lib/puppet/client_yaml]: Autorequiring File[/var/lib/ >puppet] >debug: /File[/var/lib/puppet/client_data]: Autorequiring File[/var/lib/ >puppet] >debug: /File[/var/lib/puppet/clientbucket]: Autorequiring File[/var/ >lib/puppet] >debug: /File[/var/lib/puppet/state/graphs]: Autorequiring File[/var/ >lib/puppet/state] >debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/ >puppet] >debug: Finishing transaction 167894360 >debug: /File[/var/lib/puppet/log]: Autorequiring File[/var/lib/puppet] >debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/ >puppet] >debug: /File[/var/lib/puppet/run]: Autorequiring File[/var/lib/puppet] >debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] >debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/ >ssl] >debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet] >debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring File[/etc/ >puppet/ssl] >debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring >File[/etc/puppet/ssl] >debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring File[/etc/ >puppet/ssl] >debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/ >ssl] >debug: /File[/etc/puppet/ssl/private_keys/puppetclient.1on1.com.pem]: >Autorequiring File[/etc/puppet/ssl/private_keys] >debug: /File[/etc/puppet/ssl/public_keys/puppetclient.1on1.com.pem]: >Autorequiring File[/etc/puppet/ssl/public_keys] >debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/ >puppet] >debug: Finishing transaction 174279260 >/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/ >indirector/rest.rb:97:in `rescue in http_request' >/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/ >indirector/rest.rb:81:in `http_request' >/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/ >indirector/rest.rb:76:in `block (2 levels) in <class:REST>' >/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/ >indirector/rest.rb:118:in `find' >/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/ >indirector/certificate/rest.rb:11:in `find' >/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/ >indirector/indirection.rb:188:in `find' >/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/ssl/ >host.rb:180:in `certificate' >/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/ssl/ >host.rb:263:in `wait_for_cert' >/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/ >application/agent.rb:416:in `setup_host' >/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/ >application/agent.rb:480:in `setup' >/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/ >application.rb:305:in `block (2 levels) in run' >/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/ >application.rb:411:in `hook' >/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/ >application.rb:305:in `block in run' >/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/ >application.rb:402:in `exit_on_fail' >/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/ >application.rb:305:in `run' >/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/util/ >command_line.rb:69:in `execute' >/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/bin/puppet:4:in >`<top (required)>' >/usr/local/rvm/gems/ruby-1.9.2-p290/bin/puppet:19:in `load' >/usr/local/rvm/gems/ruby-1.9.2-p290/bin/puppet:19:in `<main>' >err: Could not request certificate: SSL_connect returned=1 errno=0 >state=SSLv3 read server certificate B: certificate verify failed. >This is often because the time is out of sync on the server or client > > >In the /var/lib/puppet/log/maserhttp.log file I get the following >corresponding message: >[2011-08-26 12:41:42] ERROR OpenSSL::SSL::SSLError: SSL_accept >returned=1 errno=0 state=SSLv3 read client certificate A: tlsv1 alert >unknown ca > /usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/ >puppet/network/http/webrick.rb:44:in `accept' > /usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/ >puppet/network/http/webrick.rb:44:in `block (3 levels) in listen' > /usr/local/rvm/rubies/ruby-1.9.2-p290/lib/ruby/1.9.1/webrick/ >server.rb:183:in `call' > /usr/local/rvm/rubies/ruby-1.9.2-p290/lib/ruby/1.9.1/webrick/ >server.rb:183:in `block in start_thread' > >I have verified that the times/date match on the two systems and they >are using the same ntp server. > >I have run openssl against the certificate and get the following: > ># openssl x509 -text -noout -in /etc/puppet/ssl/certs/puppet. >1on1.com.pem | grep -A2 Validity > Validity > Not Before: Aug 25 15:29:18 2011 GMT > Not After : Aug 23 15:29:18 2016 GMT > > >I installed puppet using rvm and these steps: > >rvm use 1.9.2-p290 --default >gem install facter --version '1.6.0' --no-ri --no-rdoc >gem install puppet --version '2.7.3' --no-ri --no-rdoc >rvm wrapper 1.9.2-p290@system --no-prefix puppet >rvm wrapper 1.9.2-p290@system --no-prefix puppetca >rvm wrapper 1.9.2-p290@system --no-prefix facter >rvm wrapper 1.9.2-p290@system --no-prefix puppetd >rvm wrapper 1.9.2-p290@system --no-prefix puppetdoc >rvm wrapper 1.9.2-p290@system --no-prefix puppetmasterd # (on puppet. >1on1.com only) >rvm wrapper 1.9.2-p290@system --no-prefix puppetrun > >mkdir -p /etc/puppet >mkdir -p /var/lib/puppet/ssl >mkdir -p /var/log/puppet >mkdir -p /var/run/puppet > >I also added a startup script into /etc/init.d and used checkconfig >and server to setup and run the puppetmaster. > >At this point, I am way confused as to why I cannot connect the client >to the master. Any ideas or suggestions are greatly appreciated. > >-- >You received this message because you are subscribed to the Google Groups >"Puppet Users" group. >To post to this group, send email to puppet-users@googlegroups.com. >To unsubscribe from this group, send email to >puppet-users+unsubscr...@googlegroups.com. >For more options, visit this group at >http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
