[Pkg-puppet-devel] Bug#514550: cannot use different certnames for puppetmaster/puppet on the same host

martin f krafft madduck at debian.org
Sun Feb 8 19:24:51 UTC 2009 

Package: puppet
Version: 0.24.5-3
Severity: normal

I run puppetmaster on vera.madduck.net, which I also control with
puppetd. Thus, puppetd.conf lists:

  [puppetd]
  server=puppetmaster.madduck.net
  # certname is hostname

  [puppetmasterd]
  templatedir=/etc/puppet/templates
  certname=puppetmaster.madduck.net

This prevents puppetd from running, spitting out plenty of errors
after this one:

  err: /File[/var/lib/puppet/lib]: Failed to generate additional
  resources during transaction: Certificates were not trusted:
  SSL_connect returned=1 errno=0 state=SSLv3 read finished A: tlsv1
  alert decrypt error

I can fix this by setting certname=puppetmaster.madduck.net for
puppetd as well, but that seems like a bug and puppetd/puppetmasterd
get confused by sharing the same /var/lib/puppet directory.

Maybe it would make sense to put puppetmaster stuff into
/var/lib/puppetmaster so that I can treat localhost as just another
host?

-- System Information:
Debian Release: 5.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-1-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages puppet depends on:
ii  adduser                       3.110      add and remove users and groups
ii  facter                        1.5.1-0.1  a library for retrieving facts fro
ii  libopenssl-ruby               4.2        OpenSSL interface for Ruby
ii  libruby [libxmlrpc-ruby]      4.2        Libraries necessary to run Ruby 1.
ii  libshadow-ruby1.8             1.4.1-8    Interface of shadow password for R
ii  libxmlrpc-ruby                4.2        transitional dummy package
ii  lsb-base                      3.2-20     Linux Standard Base 3.2 init scrip
ii  ruby                          4.2        An interpreter of object-oriented 

Versions of packages puppet recommends:
ii  rdoc                          4.2        Generate documentation from ruby s

puppet suggests no packages.

-- no debconf information


-- 
 .''`.   martin f. krafft <madduck at d.o>      Related projects:
: :'  :  proud Debian developer               http://debiansystem.info
`. `'`   http://people.debian.org/~madduck    http://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature (see http://martin-krafft.net/gpg/)
Url : http://lists.alioth.debian.org/pipermail/pkg-puppet-devel/attachments/20090208/d6a580c0/attachment.pgp

More information about the Pkg-puppet-devel mailing list