Hi Ashish, 1st, what on my server is this: [root@edward ~]# ls -ld /var/lib/puppet/ssl/ drwxrwx--x. 8 puppet root 4096 Aug 27 17:21 /var/lib/puppet/ssl/ [root@edward ~]#
2nd, I debug on my server with puppet cert --list --debug, and the result is(not far only this,I just show 5 lines): debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does not exist debug: Puppet::Type::User::ProviderLdap: true value when expecting false debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does not exist debug: Puppet::Type::User::ProviderPw: file pw does not exist debug: /File[/var/lib/puppet/ssl/ca/requests]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl/ca/requests 3rd, I read what you have linked to me: there is one sentence(under the * Certificates*): *You can manually copy the master certificate through a secure channel to the client if you want to*, does I do that can solve my question? How can I do? --Edward. 在 2012年8月29日星期三UTC+8上午10时22分41秒,Ashish Jaiswal写道: > > Hi Edward, > > You won't be able to access as normal user, you need to be root for > that. > If you have deleted your ssl directory, nothing much to worry it will > generate again, what I was asking the permission on ssl directory.? > On my server it has something like this > > # ls > drwxrwx--x 8 puppet root 4096 2012-05-15 01:08 ssl/ > > You can refer to this link > http://projects.puppetlabs.com/projects/1/wiki/certificates_and_security > > > -Ashish > > On Wednesday 29 August 2012 07:40:06 AM IST, Edward Tuan wrote: > > Much thanks for your reply. Is this your meaning: > > [edward@edward ~]$*cd /var/lib/puppet/* > > [edward@edward puppet]$ ls > > bucket clientbucket client_yaml lib rrd ssl > yaml > > classes.txt client_data facts reports server_data state > > [edward@edward puppet]$ cd ssl > > *[edward@edward ssl]$ ls > > ls: cannot open directory .: Permission denied* > > [edward@edward ssl]$ > > > > As a regular user I can't open this directory,otherwise I am a root > > user. I deleted this directory with rm -rf when I install puppet,then > > let it create a new ssl in a root. Is that question?How can I do? > > > > 在 2012年8月29日星期三UTC+8上午12时15分07秒,Ashish Jaiswal写道: > > > > Hi, > > > > To me it seems to be permission issue on SSL directory on master > > .. can you let me what is the permission on SSL directory .. > > > > This is just a wild guess.. > > > > Regards, > > Ashish Jaiswal > > > > On Aug 28, 2012 12:53 PM, "Edward Tuan" <duany...@gmail.com > > <javascript:>> wrote: > > > > I've been confused by this question for near two days ...my > > puppet master version is 2.7.9-1.el6 and client versiong is > > 2.6.16-2.el5. This is what my command lines shows: > > > > > > *[root@agent1 ~]# puppet agent --server=edward --test > > --waitforce 30* > > info: Creating a new SSL key for agent1 > > warning: peer certificate won't be verified in this SSL session > > info: Caching certificate for ca > > warning: peer certificate won't be verified in this SSL session > > warning: peer certificate won't be verified in this SSL session > > info: Creating a new SSL certificate request for agent1 > > info: Certificate Request fingerprint (md5): > > 4C:03:FE:BD:B8:68:4A:AB:F8:DC:BA:36:38:38:9C:8E > > warning: peer certificate won't be verified in this SSL session > > err: Could not request certificate: Error 400 on SERVER: Could > > not write /var/lib/puppet/ssl/ca/requests/agent1.pem to > > csrdir: undefined method `exists?' for nil:NilClass > > > > then,I make run that with debug options and the result is : > > > > *[root@agent1 ~]# puppet agent --server=edward --debug > > --waitforce 30* > > debug: Failed to load library 'rubygems' for feature 'rubygems' > > debug: Puppet::Type::User::ProviderPw: file pw does not exist > > debug: Puppet::Type::User::ProviderDirectoryservice: file > > /usr/bin/dscl does not exist > > debug: Puppet::Type::User::ProviderLdap: true value when > > expecting false > > debug: Puppet::Type::User::ProviderUser_role_add: file roleadd > > does not exist > > debug: Puppet::Type::File::ProviderMicrosoft_windows: feature > > microsoft_windows is missing > > debug: Failed to load library 'ldap' for feature 'ldap' > > debug: /File[/var/lib/puppet/ssl/private_keys/agent1.pem]: > > Autorequiring File[/var/lib/puppet/ssl/private_keys] > > debug: /File[/var/lib/puppet/ssl/certificate_requests]: > > Autorequiring File[/var/lib/puppet/ssl] > > debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring > > File[/var/lib/puppet/ssl] > > debug: /File[/var/lib/puppet/lib]: Autorequiring > > File[/var/lib/puppet] > > debug: /File[/var/lib/puppet/ssl]: Autorequiring > > File[/var/lib/puppet] > > debug: /File[/etc/puppet/puppet.conf]: Autorequiring > > File[/etc/puppet] > > debug: /File[/var/lib/puppet/ssl/public_keys/agent1.pem]: > > Autorequiring File[/var/lib/puppet/ssl/public_keys] > > debug: /File[/var/lib/puppet/state]: Autorequiring > > File[/var/lib/puppet] > > debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring > > File[/var/lib/puppet/ssl] > > debug: /File[/var/lib/puppet/client_data]: Autorequiring > > File[/var/lib/puppet] > > debug: /File[/var/lib/puppet/facts]: Autorequiring > > File[/var/lib/puppet] > > debug: /File[/var/lib/puppet/client_yaml]: Autorequiring > > File[/var/lib/puppet] > > debug: /File[/var/lib/puppet/state/graphs]: Autorequiring > > File[/var/lib/puppet/state] > > debug: /File[/var/lib/puppet/ssl/private]: Autorequiring > > File[/var/lib/puppet/ssl] > > debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring > > File[/var/lib/puppet/ssl] > > debug: /File[/var/lib/puppet/clientbucket]: Autorequiring > > File[/var/lib/puppet] > > debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring > > File[/var/lib/puppet/ssl/certs] > > debug: > > /File[/var/lib/puppet/ssl/private_keys/agent1.pem]/mode: mode > > changed '640' to '600' > > debug: /File[/var/lib/puppet/ssl/public_keys/agent1.pem]/mode: > > mode changed '640' to '644' > > debug: Finishing transaction -606807388 > > > > Can somebody help me solve my problem? > > > > Hope your response sinceryly! > > > > -- > > You received this message because you are subscribed to the > > Google Groups "Puppet Users" group. > > To view this discussion on the web visit > > https://groups.google.com/d/msg/puppet-users/-/plfJBjR9FPQJ > > <https://groups.google.com/d/msg/puppet-users/-/plfJBjR9FPQJ>. > > To post to this group, send email to > > puppet...@googlegroups.com <javascript:>. > > To unsubscribe from this group, send email to > > puppet-users...@googlegroups.com <javascript:>. > > For more options, visit this group at > > http://groups.google.com/group/puppet-users?hl=en > > <http://groups.google.com/group/puppet-users?hl=en>. > > > > -- > > You received this message because you are subscribed to the Google > > Groups "Puppet Users" group. > > To view this discussion on the web visit > > https://groups.google.com/d/msg/puppet-users/-/KCLcnqxmvHcJ. > > To post to this group, send email to > > puppet...@googlegroups.com<javascript:>. > > > To unsubscribe from this group, send email to > > puppet-users...@googlegroups.com <javascript:>. > > For more options, visit this group at > > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/g8Yf7sES4DUJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
