FAQ
I have a problem with puppet on a machine which has public and private
IP address. My nodes are on private lan, and hostname of master is FQDN
of the public IP.

Client's just cannot connect. Problem which I get is:

err: Could not retrieve catalog from remote server: SSL_connect
returned=1 errno=0 state=SSLv3 read server certificate B: certificate
verify failed


I've added
PUPPETMASTER_EXTRA_OPTS=--server=10.0.0.2

to the /etc/sysconfig/puppetmaster, but there is no help.

I've added:

10.0.0.2 puppet

to the hosts on both master and slaves, and again no help.


Any ideas?




--
Jakov Sosic
www.srce.unizg.hr

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Search Discussions

  • Jeff McCune at Jun 15, 2012 at 12:19 am

    On Thu, Jun 14, 2012 at 4:29 PM, Jakov Sosic wrote:

    I have a problem with puppet on a machine which has public and private
    IP address. My nodes are on private lan, and hostname of master is FQDN
    of the public IP.

    Client's just cannot connect. Problem which I get is:

    err: Could not retrieve catalog from remote server: SSL_connect
    returned=1 errno=0 state=SSLv3 read server certificate B: certificate
    verify failed


    I've added
    PUPPETMASTER_EXTRA_OPTS=--server=10.0.0.2

    to the /etc/sysconfig/puppetmaster, but there is no help.

    I've added:

    10.0.0.2 puppet

    to the hosts on both master and slaves, and again no help.
    The name the agent uses to contact the master must be listed in the master
    certificate's Subject or Alt Names field.

    puppet is a name that is in the alt names field.

    If you add 10.0.0.2 puppet to the hosts file on the agents, then you need
    to make sure "puppet" is the name the agent uses to contact the master.

    Try adding server=puppet to the agent's puppet.conf and it should work.

    -Jeff

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Jakov Sosic at Jun 15, 2012 at 6:54 pm

    On 06/15/2012 02:18 AM, Jeff McCune wrote:
    The name the agent uses to contact the master must be listed in the
    master certificate's Subject or Alt Names field.

    puppet is a name that is in the alt names field.

    If you add 10.0.0.2 puppet to the hosts file on the agents, then you
    need to make sure "puppet" is the name the agent uses to contact the master.

    Try adding server=puppet to the agent's puppet.conf and it should work.
    Thank you for your answer, although problem was kinda weird... time
    skew... different time on client and puppetmaster :D

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppuppet-users @
categoriespuppet
postedJun 14, '12 at 11:30p
activeJun 15, '12 at 6:54p
posts3
users3
websitepuppetlabs.com

People

Translate

site design / logo © 2022 Grokbase