[Pkg-puppet-devel] autopkgtest issues in Ubuntu

Apollon Oikonomopoulos apoikos at debian.org
Fri Feb 24 20:26:34 UTC 2017 

On 11:54 Fri 24 Feb     , Nish Aravamudan wrote:
> So I just did a quick test in a LXD of 17.04 after installing
> puppet-master and ruby-serverspec.
> 
> # ps aux | grep puppet
> puppet    4421  0.0  0.2 216624 45424 ?        Ssl  19:52   0:00 /usr/bin/ruby /usr/bin/puppet master
> 
> # find /var/lib/puppet/ssl/
> /var/lib/puppet/ssl/
> /var/lib/puppet/ssl/certificate_requests
> /var/lib/puppet/ssl/public_keys
> /var/lib/puppet/ssl/public_keys/oriented-squirrel.lxd.pem
> /var/lib/puppet/ssl/certs
> /var/lib/puppet/ssl/certs/ca.pem
> /var/lib/puppet/ssl/certs/oriented-squirrel.lxd.pem
> /var/lib/puppet/ssl/private_keys
> /var/lib/puppet/ssl/private_keys/oriented-squirrel.lxd.pem
> /var/lib/puppet/ssl/ca
> /var/lib/puppet/ssl/ca/ca_key.pem
> /var/lib/puppet/ssl/ca/requests
> /var/lib/puppet/ssl/ca/ca_crt.pem
> /var/lib/puppet/ssl/ca/ca_pub.pem
> /var/lib/puppet/ssl/ca/ca_crl.pem
> /var/lib/puppet/ssl/ca/signed
> /var/lib/puppet/ssl/ca/signed/oriented-squirrel.lxd.pem
> /var/lib/puppet/ssl/ca/inventory.txt
> /var/lib/puppet/ssl/ca/serial
> /var/lib/puppet/ssl/ca/private
> /var/lib/puppet/ssl/ca/private/ca.pass
> /var/lib/puppet/ssl/crl.pem
> /var/lib/puppet/ssl/private
> 
> # find /var/cache/puppet/ssl/
> find: ‘/var/cache/puppet/ssl/’: No such file or directory
> 
> # puppet cert print $(hostname --fqdn)
> Error: Could not find certificate for oriented-squirrel
> 
> So is the puppet certificate generation supposed to be from the puppet
> upstream (master process) or from the debian package installation? As I
> mentioned earlier, puppet-master-passenger's postinst seems to ensure
> the hostcert exists, but I don't see anything corresponding for
> puppet-master.

The puppet master will always generate the certificate if it's missing.  
However, the reason we pre-generate this in puppet-master-passenger is 
that the certificate has to exist before apache starts (as stated in the 
relevant comment).

What is odd here is that the master has somehow picked up 
oriented-squirrel.lxd as the FQDN (`certname' in puppet talk), but 
hostname --fqdn only returns oriented-squirrel, without the .lxd suffix.

Looking at the code, Puppet initializes the certname from the `hostname' 
and `domain' facts. Could you also run `facter' in LXD to see what's 
going on? Additionally, the contents of /etc/hostname, /etc/hosts and 
/etc/nsswitch.conf might help.

Regards,
Apollon

More information about the Pkg-puppet-devel mailing list