Hey; I'm trying to figure out puppet ver 4 after a long absence from puppet - in fact, I missed pretty much all of ver 3.
The recommendation everywhere is basically don't use the same name for the puppet server as the node on which it's running. Short way of saying that from one book is: The server is not the node. So, I have puppet resolving in DNS as a cname for the node on which my puppetserver will be running: # host puppet puppet.olearycomputers.com is an alias for pm.olearycomputers.com. pm.olearycomputers.com has address 192.168.122.2 The initial run of the puppet server generates the host key and what not: # puppet cert list --all + "pm.olearycomputers.com" (SHA256) 3E:48:31:69:42:D9:F1:9D:85:E2:CF:D2:A9:95:6C:54:24:9A:DF:CF:44:07:F1:E8:AB:7F:5C:79:78:51:CE:93 (alt names: "DNS:puppet", "DNS:pm.olearycomputers.com") The CA is pointing to pm from what I see: # puppet ca list --all + pm.olearycomputers.com (SHA256) 3E:48:31:69:42:D9:F1:9D:85:E2:CF:D2:A9:95:6C:54:24:9A:DF:CF:44:07:F1:E8:AB:7F:5C:79:78:51:CE:93 Yet, when I try to run the puppet agent on the puppet server, I'm getting the certificate error: # puppet agent -t Error: Could not request certificate: The certificate retrieved from the master does not match the agent's private key. Certificate fingerprint: 2B:DD:26:A3:DE:E4:52:A4:51:91:55:25:17:90:08:6E:A5:62:31:0F:59:A2:D7:DC:B3:A9:84:53:E5:19:EB:61 [[snip]] I'm betting I missed something very basic; but, if someone could point it out to me, I'd appreciate it. BTW, I have had success configuring the server *as* pm; however, that breaks the rule 'the server is not the node'. Thanks Doug O'Leary -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/b666350c-3e2a-4703-a574-6d196c08386a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
