On Tuesday, October 28, 2014 3:41:06 PM UTC-5, Victor Danilchenko wrote: > > So, I just started randomly twiddling knobs, and I realized the 'puppet > module list' starts returning proper values once I comment out the ' > certname' setting in /etc/puppet/puppet.conf: > > certname=kmadmin102.vistaprint.net > > (I had unqualified name there before, but whether unqualified or FQDN, it > makes no difference). Note that my certname is set correctly, and matches > the certificate Puppetmaster is using: > > # openssl s_client -connect test-kmpuppet:8140 </dev/null 2>&1 | openssl > x509 -noout -issuer -subject -dates > issuer= /CN=Puppet CA: kmadmin102 > subject= /CN=*kmadmin102.vistaprint.net > <http://kmadmin102.vistaprint.net>* > notBefore=Oct 27 20:20:30 2014 GMT > notAfter=Oct 27 20:20:30 2019 GMT > > Plus, the certname value should only affect communications with agent -- > it should have absolutely nothing to do with the local operation like > 'puppet module list', right? > >
This does smell fishy. I could imagine that absent an explicit modulepath, 'puppet module list' uses the certname to determine which environment's modulepath to use, but it does not then make sense that removing the setting altogether changes the results, especially if the specified certname is the one that Puppet would use by default anyway. Without the certname specified in your config file, does Puppet successfully serve correct manifests? Including to the master itself? Also does it make a difference in which section you put the 'certname' setting? It makes sense for the master to put it in the '[main]' section, but does it work differently if instead you put it in both the '[master]' and the '[agent]' section? As you probably recognize, I'm now for the most part probing the shape of what appears to me to be a bug. I do hope, however, that some of these questions will help you find an acceptable workaround for the overall problem (inasmuch as I assume you had a 'certname' setting in your configuration for good reason). I also hope that once the nature of the issue is a bit more clearly defined, you will consider filing a bug report about it. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/c7b6cafc-1ea0-4e4e-abf6-8eea53bce80c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
