Hi everyone,
I am attempting to use FreeIPA as the external CA for my puppet environment.
I can get puppetmaster running under pasenger using certs stored in an
nss db and puppet to work with standard pem encoded x509s issued from
FreeIPA.
I also got the Foreman working with those certs but i am having some
issues getting puppet to get node data out of Foreman.
It gives me this error when i try to query a node
Error retrieving node puppet.webgatetec.com: Net::HTTPForbidden
I haven't started investigating that so that may be a simple fix.
The main problem is getting puppetdb working.
I have puppetdb 1.4 installed on Fedora 19 and it uses the new method
of using pem certs instead of keystore which i thought would make this
easier but I was wrong.
I have it setup with the puppetmaster and ca certs.
The certificates I have are setup with CN=puppet_fqdn
subjectAltName=puppetmaster/$puppet_fqdn subjectAltName=$puppet_fqdn
PuppetBD starts up but crashes after while with this error in the log file.
2013-08-19 10:49:08,195 DEBUG [main] [puppetlabs.ssl] Loaded PEM
object of type 'class
org.bouncycastle.jcajce.provider.asymmetric.x509.X509CertificateObject'
from '/etc/ipa/ca.crt'
2013-08-19 10:49:08,201 DEBUG [main] [puppetlabs.ssl] Loaded PEM
object of type 'class
org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPrivateCrtKey'
from '/etc/puppetdb/ssl/private.pem'
2013-08-19 10:49:08,221 ERROR [main] [puppetlabs.utils] Uncaught exception
java.lang.IllegalArgumentException: No matching field found:
getPrivate for class
org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPrivateCrtKey
at clojure.lang.Reflector.getInstanceField(Reflector.java:271)
at clojure.lang.Reflector.invokeNoArgInstanceMember(Reflector.java:300)
at com.puppetlabs.ssl$pem__GT_private_key.invoke(ssl.clj:58)
at com.puppetlabs.ssl$assoc_private_key_file_BANG_.invoke(ssl.clj:132)
at
com.puppetlabs.puppetdb.cli.services$configure_web_server_ssl_from_pems.invoke(services.clj:240)
at
com.puppetlabs.puppetdb.cli.services$configure_web_server.invoke(services.clj:260)
at
com.puppetlabs.puppetdb.cli.services$parse_config_BANG_.invoke(services.clj:374)
at com.puppetlabs.puppetdb.cli.services$_main.doInvoke(services.clj:403)
at clojure.lang.RestFn.invoke(RestFn.java:421)
at clojure.lang.Var.invoke(Var.java:419)
at clojure.lang.AFn.applyToHelper(AFn.java:163)
at clojure.lang.Var.applyTo(Var.java:532)
at clojure.core$apply.invoke(core.clj:617)
at com.puppetlabs.puppetdb.core$_main.doInvoke(core.clj:79)
at clojure.lang.RestFn.applyTo(RestFn.java:137)
at com.puppetlabs.puppetdb.core.main(Unknown Source)
I am unsure which field it is trying to find in the cert so I have no
idea how to fix it.
Can someone please point me in the right direction?
Thanks in advance.
Pete.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
