Ken, it's working now! "Solution" below. On Fri, May 17, 2013 at 4:27 PM, Ken Barber <k...@puppetlabs.com> wrote: > Could very well be, however it seems so far you're the first unlucky > one to see this issue afaik :-). I've been trying to reproduce it on > my own setup with no luck yet, although I've got some ideas to try > today.
Thanks a lot for trying though. Your replies have been very helpful. > Also - remember this command? > > echo "GET /" | openssl s_client -connect 127.0.1.1:8081 -cert > `puppet master --configprint hostcert` -key `puppet master > --configprint hostprivkey` -CAfile `puppet master --configprint > cacert` > > Did you try running that from the puppet master node itself - > attempting to connect to puppetdb? I believe the last test you tried > was directly from the puppetdb node instead. Good catch. I was trying it from the puppetdb itself. That was working well. I then tried from the puppet server itself. The problem was the following: - For everything puppet, I use puppet.local as the fqdn for the puppet master. - The actual hostname (and thus the cert) for the puppet master node is gaia.local. - For some reason (config probably ;) ), puppet agents don't think this is a problem. - When I tried your GET|openssl command, it was complaining about not being able to find certs/puppet.local.something and private_keys/puppet.local.something. - I symlinked puppet.local (to use gaia.local, the actual certificate). This works. Probably not the nicest way, but it works! Exported config now works. I'm very happy it works now, Thanks again! /kl -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
