[Pkg-puppet-devel] Bug#501504: Puppet (puppetca) needs the openssl package to work properly
Stephan Hermann
sh at sourcecode.de
Wed Oct 8 10:57:19 UTC 2008
Hi Matthew,
On Wed, 2008-10-08 at 18:43 +1100, Matthew Palmer wrote:
> On Wed, Oct 08, 2008 at 09:20:32AM +0200, Stephan Hermann wrote:
> > On Wed, 2008-10-08 at 11:33 +1100, Matthew Palmer wrote:
> > > On Tue, Oct 07, 2008 at 11:36:44PM +0200, Stephan Hermann wrote:
> > > > Package: puppet
> > > > Version: 0.24.5-2
> > > >
> > > > Dear Colleagues,
> > > >
> > > > please add the openssl package to Depends/Recommends/Suggests to the
> > > > puppet package.
> > > >
> > > > puppetca needs it to sign and generate keyfiles and signatures.
> > >
> > > That would actually be libopenssl-ruby that's needed, and it'd be a
> > > Recommends on the puppetmaster package, as that's where puppetca lives. I
> > > could have sworn that used to be in the Recommends, back in the day...
> >
> > Nope...
> > libopenssl-ruby doesn't work out properly...
> >
> > I wonder why...I didn't have openssl installed, and puppetca didn't work
> > properly...first after installing openssl puppetca worked as expected.
>
> So, let's do some basic debugging then. What operation(s) failed without
> openssl installed, and what error(s) did you see? The only place I can see
> that the openssl binary is called from puppetca is in puppetca --verify.
Ok,
I installed puppetmaster + puppet (dep of puppetmaster) on server A,
setup a basic site.pp for the manifest...so far it's working.
On Server B I installed puppet only, and did a test connect like:
puppetd --fqdn whatever3 --server puppetmaster --waitforcert 60 --test
puppetmaster now refuses to let the client (whatever3) pass through and
get its config, because server B can't be authenticated.
puppetca on puppetmaster now tells me via
puppetca -l
that there is a request for signature for an ssl key of "whatever3"
client.
puppetca -s <nodename>
-> no signed request. doesn't work
the call
puppetd --fqdn whatever3 --server syslog01 --waitforcert 60 --test
doesn't work...
after installing openssl on puppetmaster and deleting the files from the
certstore via
puppetca --clean
and
puppetca --generate <nodename> (signature included)
the client can connect to the puppetmaster and works as expected.
Regards,
\sh
More information about the Pkg-puppet-devel
mailing list