I will try to work with the certificate_signer.rb file and see if I can get it to work. Thanks for the help!
Jason On Friday, February 15, 2013 8:21:28 AM UTC-5, Luigi Martin Petrella wrote: > > Jason, for the reasons we wrote before in prevoius messages (especially > what Matt Black said), Puppet 3.1.0 will never work with an agent that run > openssl library version 0.9.7 (which is the version running on RH4) > Even if you had master with Puppet 2.7.x working correctly with RH4 nodes, > it is perfectly clear that upgrading to puppet 3.1.0 (without modifying > certificate_signer.rb) the connection with RH4 agent will fail rising the > error you have. > > If you correctly modified certificate_signer.rb and re-installed puppet > with the modified source, maybe you have ALSO ANOTHER problem somewhere > else, but in that case I can't figure where... > > > > On 15 February 2013 13:54, binaryred <bina...@gmail.com <javascript:>>wrote: > >> Luigi, >> >> Thanks for the suggestion, however I've already done that in some sense. >> Here's my FULL situation: >> >> I was running a puppet 2.6.6 master on a RHEL5 machine with lots of >> RHEL4,5,6 machines (mostly RHEL5) connecting to it. The clients are all >> running puppet 0.25.5 and working just fine. >> >> I've built a new puppet server on a RHEL6 machine, running 3.1.0. I >> copied over the SSL certs from the old puppet master so that when the >> clients connect to the new server, they 'just work', and pretty much that >> has worked great for me. I certainly plan to upgrade the clients to the >> latest version of puppet I can, but for now they are working fine. EXCEPT >> for the RHEL4 machines. I tried the version of puppet that was on them >> first (0.25.5), and when that didn't work, I found some puppet 2.7 packages >> (and dependencies) to install, but they don't seem to work any better. >> >> So the short story is, that the RHEL 4 clients can talk to my old puppet >> master, but not the new one, while everything else talks to the new puppet >> master just fine. >> >> Jason >> >> >> On Friday, February 15, 2013 5:03:32 AM UTC-5, Luigi Martin Petrella >> wrote: >> >>> Jason, you could try to set one Redhat 4 node as master and verify if >>> it works correctly with another RH4 agent, so you can establish if the >>> problem is about RH4 agents or RH6 master.. >>> >>> >>> >>> On 14 February 2013 19:45, binaryred <bina...@gmail.com> wrote: >>> >>>> On my puppet master, I uninstalled my puppet RPM, downloaded the >>>> tarball for puppet 3.1.0, modified the source for the >>>> certificate_signer.rb, and ran 'ruby install.db'. It installed the >>>> modified certificate_signer.rb file and runs just fine on the master (as >>>> it >>>> did before), but my client RHEL4 boxes still don't want to talk to the >>>> puppet master server correctly. I'm still getting the same error. >>>> >>>> Jason >>>> >>>> >>>> On Thursday, February 14, 2013 12:54:36 PM UTC-5, binaryred wrote: >>>>> >>>>> Yeah, I just replaced my server name with that. I've got RHEL5 and >>>>> RHEL6 machines talking to my puppet master just fine. >>>>> >>>>> On Thursday, February 14, 2013 12:18:19 PM UTC-5, Felix.Frank wrote: >>>>>> >>>>>> On 02/14/2013 05:20 PM, binaryred wrote: >>>>>> > Any other suggestions? >>>>>> >>>>>> Yeah, actually... >>>>>> >>>>>> > err: Could not send report: certificate verify failed: [certificate >>>>>> > signature failure for /CN=puppetmaster.example.com >>>>>> > <http://puppetmaster.example.**c**om<http://puppetmaster.example.com>>] >>>>>> > >>>>>> >>>>>> >>>>>> Is the name of your master puppetmaster.example.com? >>>>>> >>>>>> Are you sure your puppetca is set up properly? >>>>>> >>>>>> Regards, >>>>>> Felix >>>>>> >>>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Puppet Users" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to puppet-users...@**googlegroups.com. >>>> To post to this group, send email to puppet...@googlegroups.com. >>>> >>>> Visit this group at >>>> http://groups.google.com/**group/puppet-users?hl=en<http://groups.google.com/group/puppet-users?hl=en> >>>> . >>>> For more options, visit >>>> https://groups.google.com/**groups/opt_out<https://groups.google.com/groups/opt_out> >>>> . >>>> >>>> >>>> >>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to puppet-users...@googlegroups.com <javascript:>. >> To post to this group, send email to puppet...@googlegroups.com<javascript:> >> . >> Visit this group at http://groups.google.com/group/puppet-users?hl=en. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
