I just did another test on another new agent. Same behaviour. The value of
certname does not feature in the log at all. Here is the debug level agent
log. I've replaced the actual FQDN with <FQDN>. There's no reference to the
value set in certname. Seems that it's completely ignored.
debug: Failed to load library 'selinux' for feature 'selinux'
debug: Puppet::Type::File::ProviderWindows: feature microsoft_windows is
missing
debug: Failed to load library 'ldap' for feature 'ldap'
debug: Failed to load library 'shadow' for feature 'libshadow'
debug: /File[<DATA-DIR>/run]: Autorequiring File[<DATA-DIR>]
debug: /File[<DATA-DIR>/state]: Autorequiring File[<DATA-DIR>]
debug: /File[<CONF-DIR>/ssl/private_keys/<FQDN>.pem]: Autorequiring
File[<CONF-DIR>/ssl/private_keys]
debug: /File[<DATA-DIR>/client_yaml]: Autorequiring File[<DATA-DIR>]
debug: /File[<CONF-DIR>/ssl/certificate_requests]: Autorequiring
File[<CONF-DIR>/ssl]
debug: /File[<CONF-DIR>/ssl/public_keys/<FQDN>.pem]: Autorequiring
File[<CONF-DIR>/ssl/public_keys]
debug: /File[<CONF-DIR>/ssl]: Autorequiring File[<CONF-DIR>]
debug: /File[<DATA-DIR>/client_data]: Autorequiring File[<DATA-DIR>]
debug: /File[<CONF-DIR>/ssl/private]: Autorequiring File[<CONF-DIR>/ssl]
debug: /File[<CONF-DIR>/ssl/certs/<FQDN>.pem]: Autorequiring
File[<CONF-DIR>/ssl/certs]
debug: /File[<DATA-DIR>/lib]: Autorequiring File[<DATA-DIR>]
debug: /File[<CONF-DIR>/ssl/public_keys]: Autorequiring File[<CONF-DIR>/ssl]
debug: /File[<DATA-DIR>/state/graphs]: Autorequiring File[<DATA-DIR>/state]
debug: /File[<DATA-DIR>/log]: Autorequiring File[<DATA-DIR>]
debug: /File[<CONF-DIR>/ssl/certs/ca.pem]: Autorequiring
File[<CONF-DIR>/ssl/certs]
debug: /File[<CONF-DIR>/puppet.conf]: Autorequiring File[<CONF-DIR>]
debug: /File[<CONF-DIR>/ssl/private_keys]: Autorequiring
File[<CONF-DIR>/ssl]
debug: /File[<DATA-DIR>/facts]: Autorequiring File[<DATA-DIR>]
debug: /File[<CONF-DIR>/ssl/certs]: Autorequiring File[<CONF-DIR>/ssl]
debug: /File[<DATA-DIR>/clientbucket]: Autorequiring File[<DATA-DIR>]
debug: /File[<CONF-DIR>/ssl/private_keys/<FQDN>.pem]/mode: mode changed
'640' to '600'
debug: /File[<CONF-DIR>/ssl/private_keys/<FQDN>.pem]: The container
<CONF-DIR>/ssl/private_keys/<FQDN>.pem will propagate my refresh event
debug: /File[<CONF-DIR>/ssl/public_keys/<FQDN>.pem]/mode: mode changed
'640' to '644'
debug: /File[<CONF-DIR>/ssl/public_keys/<FQDN>.pem]: The container
<CONF-DIR>/ssl/public_keys/<FQDN>.pem will propagate my refresh event
debug: /File[<CONF-DIR>/ssl/certs/<FQDN>.pem]/mode: mode changed '640' to
'644'
debug: /File[<CONF-DIR>/ssl/certs/<FQDN>.pem]: The container
<CONF-DIR>/ssl/certs/<FQDN>.pem will propagate my refresh event
debug: Finishing transaction 2161652120
debug: /File[<CONF-DIR>/ssl/private_keys/<FQDN>.pem]: Autorequiring
File[<CONF-DIR>/ssl/private_keys]
debug: /File[<DATA-DIR>/log]: Autorequiring File[<DATA-DIR>]
debug: /File[<DATA-DIR>/state]: Autorequiring File[<DATA-DIR>]
debug: /File[<DATA-DIR>/lib]: Autorequiring File[<DATA-DIR>]
debug: /File[<CONF-DIR>/ssl]: Autorequiring File[<CONF-DIR>]
debug: /File[<DATA-DIR>/run]: Autorequiring File[<DATA-DIR>]
debug: /File[<CONF-DIR>/ssl/public_keys/<FQDN>.pem]: Autorequiring
File[<CONF-DIR>/ssl/public_keys]
debug: /File[<CONF-DIR>/ssl/private]: Autorequiring File[<CONF-DIR>/ssl]
debug: /File[<CONF-DIR>/ssl/public_keys]: Autorequiring File[<CONF-DIR>/ssl]
debug: /File[<CONF-DIR>/ssl/certificate_requests]: Autorequiring
File[<CONF-DIR>/ssl]
debug: /File[<CONF-DIR>/ssl/certs]: Autorequiring File[<CONF-DIR>/ssl]
debug: /File[<CONF-DIR>/ssl/certs/ca.pem]: Autorequiring
File[<CONF-DIR>/ssl/certs]
debug: /File[<CONF-DIR>/ssl/private_keys]: Autorequiring
File[<CONF-DIR>/ssl]
debug: /File[<DATA-DIR>/facts]: Autorequiring File[<DATA-DIR>]
debug: /File[<CONF-DIR>/ssl/certs/<FQDN>.pem]: Autorequiring
File[<CONF-DIR>/ssl/certs]
debug: Finishing transaction 2160330700
debug: Using cached certificate for ca
debug: Using cached certificate for <FQDN>
info: Sleeping for 102 seconds (splay is enabled)
debug: Finishing transaction 2162067520
info: Retrieving plugin
debug: file_metadata supports formats: b64_zlib_yaml marshal pson raw yaml;
using pson
debug: Using cached certificate for ca
debug: Using cached certificate for <FQDN>
info: Caching certificate_revocation_list for ca
notice: /File[<DATA-DIR>/lib]/mode: mode changed '755' to '775'
debug: /File[<DATA-DIR>/lib]: The container <DATA-DIR>/lib will propagate
my refresh event
notice: /File[<DATA-DIR>/lib/facter]/ensure: created
debug: /File[<DATA-DIR>/lib/facter]: The container <DATA-DIR>/lib/facter
will propagate my refresh event
debug: <DATA-DIR>/lib/facter: The container <DATA-DIR>/lib will propagate
my refresh event
notice: /File[<DATA-DIR>/lib/facter/opco.rb]/ensure: defined content as
'{md5}b8c8355306bac503c7a40a41667354bf'
debug: /File[<DATA-DIR>/lib/facter/opco.rb]: The container
<DATA-DIR>/lib/facter/opco.rb will propagate my refresh event
notice: /File[<DATA-DIR>/lib/facter/env.rb]/ensure: defined content as
'{md5}e2e9a41cc4f52a8fa807ec3a1f99fdfd'
debug: /File[<DATA-DIR>/lib/facter/env.rb]: The container
<DATA-DIR>/lib/facter/env.rb will propagate my refresh event
debug: <DATA-DIR>/lib/facter/env.rb: The container <DATA-DIR>/lib will
propagate my refresh event
debug: <DATA-DIR>/lib/facter/opco.rb: The container <DATA-DIR>/lib will
propagate my refresh event
debug: Finishing transaction 2161732220
info: Loading downloaded plugin <DATA-DIR>/lib/facter/opco.rb
info: Loading downloaded plugin <DATA-DIR>/lib/facter/env.rb
info: Loading facts in env
info: Loading facts in opco
info: Loading facts in env
info: Loading facts in opco
debug: catalog supports formats: b64_zlib_yaml dot marshal pson raw yaml;
using pson
<RUBY-DIR>/lib/ruby/gems/1.8/gems/puppet-2.7.6/lib/puppet/indirector/rest.rb:56:in
`deserialize'
<RUBY-DIR>/lib/ruby/gems/1.8/gems/puppet-2.7.6/lib/puppet/indirector/rest.rb:120:in
`find'
<RUBY-DIR>/lib/ruby/gems/1.8/gems/puppet-2.7.6/lib/puppet/indirector/indirection.rb:189:in
`find'
<RUBY-DIR>/lib/ruby/gems/1.8/gems/puppet-2.7.6/lib/puppet/configurer.rb:237:in
`retrieve_new_catalog'
<RUBY-DIR>/lib/ruby/gems/1.8/gems/puppet-2.7.6/lib/puppet/util.rb:464:in
`thinmark'
<RUBY-DIR>/lib/ruby/1.8/benchmark.rb:308:in `realtime'
<RUBY-DIR>/lib/ruby/gems/1.8/gems/puppet-2.7.6/lib/puppet/util.rb:463:in
`thinmark'
<RUBY-DIR>/lib/ruby/gems/1.8/gems/puppet-2.7.6/lib/puppet/configurer.rb:236:in
`retrieve_new_catalog'
<RUBY-DIR>/lib/ruby/gems/1.8/gems/puppet-2.7.6/lib/puppet/configurer.rb:86:in
`retrieve_catalog'
<RUBY-DIR>/lib/ruby/gems/1.8/gems/puppet-2.7.6/lib/puppet/configurer.rb:112:in
`retrieve_and_apply_catalog'
<RUBY-DIR>/lib/ruby/gems/1.8/gems/puppet-2.7.6/lib/puppet/configurer.rb:151:in
`run'
<RUBY-DIR>/lib/ruby/gems/1.8/gems/puppet-2.7.6/lib/puppet/agent.rb:39:in
`run'
<RUBY-DIR>/lib/ruby/gems/1.8/gems/puppet-2.7.6/lib/puppet/agent/locker.rb:21:in
`lock'
<RUBY-DIR>/lib/ruby/gems/1.8/gems/puppet-2.7.6/lib/puppet/agent.rb:39:in
`run'
<RUBY-DIR>/lib/ruby/1.8/sync.rb:230:in `synchronize'
<RUBY-DIR>/lib/ruby/gems/1.8/gems/puppet-2.7.6/lib/puppet/agent.rb:39:in
`run'
<RUBY-DIR>/lib/ruby/gems/1.8/gems/puppet-2.7.6/lib/puppet/agent.rb:103:in
`with_client'
<RUBY-DIR>/lib/ruby/gems/1.8/gems/puppet-2.7.6/lib/puppet/agent.rb:37:in
`run'
<RUBY-DIR>/lib/ruby/gems/1.8/gems/puppet-2.7.6/lib/puppet/application.rb:172:in
`call'
<RUBY-DIR>/lib/ruby/gems/1.8/gems/puppet-2.7.6/lib/puppet/application.rb:172:in
`controlled_run'
<RUBY-DIR>/lib/ruby/gems/1.8/gems/puppet-2.7.6/lib/puppet/agent.rb:35:in
`run'
<RUBY-DIR>/lib/ruby/gems/1.8/gems/puppet-2.7.6/lib/puppet/application/agent.rb:336:in
`onetime'
<RUBY-DIR>/lib/ruby/gems/1.8/gems/puppet-2.7.6/lib/puppet/application/agent.rb:310:in
`run_command'
<RUBY-DIR>/lib/ruby/gems/1.8/gems/puppet-2.7.6/lib/puppet/application.rb:306:in
`run'
<RUBY-DIR>/lib/ruby/gems/1.8/gems/puppet-2.7.6/lib/puppet/application.rb:410:in
`hook'
<RUBY-DIR>/lib/ruby/gems/1.8/gems/puppet-2.7.6/lib/puppet/application.rb:306:in
`run'
<RUBY-DIR>/lib/ruby/gems/1.8/gems/puppet-2.7.6/lib/puppet/application.rb:401:in
`exit_on_fail'
<RUBY-DIR>/lib/ruby/gems/1.8/gems/puppet-2.7.6/lib/puppet/application.rb:306:in
`run'
<RUBY-DIR>/lib/ruby/gems/1.8/gems/puppet-2.7.6/bin/puppetd:4
<BIN-DIR>/puppetd:19:in `load'
<BIN-DIR>/puppetd:19
err: Could not retrieve catalog from remote server: Error 400 on SERVER:
Could not find data item puppet_user in any Hiera data file and no default
supplied at <DATA-DIR>/modules/puppet/manifests/init.pp:3 on node <FQDN>
notice: Using cached catalog
err: Could not retrieve catalog; skipping run
debug: Value of 'preferred_serialization_format' (pson) is invalid for
report, using default (b64_zlib_yaml)
debug: report supports formats: b64_zlib_yaml marshal raw yaml; using
b64_zlib_yaml
Regards,
On Thursday, 12 July 2012 13:04:20 UTC+2, Kmbu wrote:There was no current cert. It was a new host. The cert was generated using
the FQDN..
On Thursday, 12 July 2012 04:42:51 UTC+2, Pete wrote:Hi,
Your config looks about right.
Did you drop the current cert and request and sign a new one?
On 11 July 2012 19:14, Kmbu wrote:Hi guys,
I have a box that needs to identify itself to the puppetmaster as something
different from the FQDN. I added certname to the agent configuration before
the first run, but it doesn't seem to be sufficient. The certificate was
generated for the FQDN, and the host appears in the dashboard as the FQDN,
and the node name used to evaluate the manifest is also the FQDN. I would
like to set it up so that, for all intents and purposes, the node/agent has
a different name.
I'm running Puppet 2.7.6 via Apache/Passenger.
Here is my agent config:
[agent]
# Whether log files should always flush to disk.
autoflush = true
# Reporting setup for Puppet Dashboard
report = true
# Randomize agent runs to avoid clusters
splay = true
# The main Puppet configuration directory. The default for this
parameter is calculated based on the user. If the process
# is running as root or the user that Puppet is supposed to run as, it
defaults to a system directory, but if it's running as any other user,
# it defaults to being in the user's home directory.
# The default value is '/etc/puppet'.
confdir = <confdir>
# Where Puppet stores dynamic and growing data. The default for this
parameter is calculated specially, like `confdir`_.
# The default value is '/var/lib/puppet'.
vardir = <vardir>
# Whether to print stack traces on some errors
trace = true
# How often puppet agent applies the client configuration; in seconds.
Note that a runinterval of 0 means run continuously rather than never run.
# If you want puppet agent to never run, you should start it with the
--no-client option.
runinterval = 300
# Whether to use colors when logging to the console.
# Valid values are `ansi` (equivalent to `true`), `html` (mostly
# used during testing with TextMate), and `false`, which produces
# no color.
# The default value is 'ansi'.
color = ansi
# The environment Puppet is running in. For clients
# (e.g., `puppet agent`) this determines the environment itself, which
# is used to find modules and much more. For servers (i.e., `puppet
master`) this provides the default environment for nodes
# we know nothing about.
# The default value is 'production'.
environment = pre
# Where to find information about nodes.
# The default value is 'plain'.
# node_terminus = plain
# Where the puppet agent web server logs.
# The default value is '$logdir/http.log'.
httplog = <logpath>/http.log
# Send the process into the background. This is the default.
# The default value is 'true'.
daemonize = true
# The name to use when handling certificates. Defaults
# to the fully qualified domain name.
certname = <dns-name-here>
# Where Puppet should look for facts. Multiple directories should
# be colon-separated, like normal PATH variables.
# The default value is '$vardir/lib/facter:$vardir/facts'.
factpath = $vardir/lib/facter:$vardir/facts
# From where to retrieve facts. The standard Puppet `file` type
# is used for retrieval, so anything that is a valid file source can
# be used here.
# The default value is 'puppet://$server/facts/'.
factsource = puppet://<puppetmaster>/facts/
# The pid file
# The default value is '$rundir/$name.pid'.
pidfile = <vardir>/agent.pid
# The user puppet master should run as.
# The default value is 'puppet'.
user = apache
# The group puppet master should run as.
# The default value is 'puppet'.
group = apache
# Wether the master should function as a certificate authority.
# The default value is 'true'.
ca = true
# The search path for modules as a list of directories separated by the
':' character.
# The default value is
'$confdir/modules:/usr/share/puppet/modules'.
modulepath = <datadir>/modules
# The explicit value used for the node name for all requests the agent
# makes to the master. WARNING: This setting is mutually exclusive with
# node_name_fact. Changing this setting also requires changes to the
default
# auth.conf configuration on the Puppet Master. Please see
#
http://links.puppetlabs.com/node_name_value for more
information.
# The default value is '$certname'.
# node_name_value =
# The server to which server puppet agent should connect
# The default value is 'puppet'.
server = <puppetmaster>
# Which port puppet agent listens on.
# The default value is '8139'.
puppetport = 8139
# Document all resources
# document_all = false
What am I missing?
Regards,
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/Zb5d1ZmpTssJ.To post to this group, send email to
[email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en. --
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/qG0qP5iXoxUJ.To post to this group, send email to
[email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
