SSL_connect?? Because of master is not running?

61 views
Skip to first unread message

tas

unread,
Jun 30, 2012, 12:30:06 AM6/30/12
to puppet...@googlegroups.com
My master is running 12.04
Version: 2.7.11-1ubuntu2
Depends: ruby1.8, puppetmaster-common (= 2.7.11-1ubuntu2)

My client is 10.04
Version: 2.6.3-0ubuntu1~lucid1
Depends: puppet-common (= 2.6.3-0ubuntu1~lucid1), ruby1.8

I followed this tutorial to install Puppet on the client: http://shapeshed.com/setting-up-puppet-on-ubuntu-10-04/   (I didn't need that tar ball because the "best practice" structure is already built into the puppet release)
I also followed this tutorial to connect Puppetmaster and Puppet:  http://shapeshed.com/connecting-clients-to-a-puppet-master/

The first time I tried to connect master to client failed with SSL_connect error. So I did rm -rf /etc/puppet/ssl/  to remove all the keys inside ssl folders.

It worked..

client# puppet agent --server puppet --waitforce 60 --test
/usr/lib/ruby/1.8/facter/util/resolution.rb:46: warning: Insecure world writable dir /etc/condor in PATH, mode 040777
/usr/lib/ruby/1.8/puppet/defaults.rb:67: warning: Insecure world writable dir /etc/condor in PATH, mode 040777
info: Creating a new SSL key for giab10
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for giab10
info: Certificate Request fingerprint (md5): XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session

warning: peer certificate won't be verified in this SSL session
info: Caching certificate for giab10
err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
warning: Not using cache on failed catalog

It cached but then it couldn't retrieve it.

I don't want to proceed anything so I don't have to do things over again. But on master...
service puppetmaster status
 * master is not running

WoW.... ???

master# service puppetmaster start
* Starting puppet master    [OK]
master# service puppetmaster status
 * master is not running

It still said not running.... What is going on? is time sync? I think they are. I did date on both servers many times, and they seem to be okay. I can't do auto sync because they are behind firewall and blocked some of the ports.

Any help is appreciated. Thanks!


jcbollinger

unread,
Jul 2, 2012, 8:55:21 AM7/2/12
to puppet...@googlegroups.com


On Friday, June 29, 2012 11:30:06 PM UTC-5, tas wrote:
My master is running 12.04
Version: 2.7.11-1ubuntu2
Depends: ruby1.8, puppetmaster-common (= 2.7.11-1ubuntu2)

My client is 10.04
Version: 2.6.3-0ubuntu1~lucid1
Depends: puppet-common (= 2.6.3-0ubuntu1~lucid1), ruby1.8

I followed this tutorial to install Puppet on the client: http://shapeshed.com/setting-up-puppet-on-ubuntu-10-04/   (I didn't need that tar ball because the "best practice" structure is already built into the puppet release)
I also followed this tutorial to connect Puppetmaster and Puppet:  http://shapeshed.com/connecting-clients-to-a-puppet-master/

The first time I tried to connect master to client failed with SSL_connect error. So I did rm -rf /etc/puppet/ssl/  to remove all the keys inside ssl folders.


Both on the master and on the agent?  And did you restart the master afterwards, before attempting to connect to it with the client?
 

It worked..

client# puppet agent --server puppet --waitforce 60 --test
/usr/lib/ruby/1.8/facter/util/resolution.rb:46: warning: Insecure world writable dir /etc/condor in PATH, mode 040777
/usr/lib/ruby/1.8/puppet/defaults.rb:67: warning: Insecure world writable dir /etc/condor in PATH, mode 040777
info: Creating a new SSL key for giab10
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for giab10
info: Certificate Request fingerprint (md5): XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session

warning: peer certificate won't be verified in this SSL session
info: Caching certificate for giab10
err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
warning: Not using cache on failed catalog

It cached but then it couldn't retrieve it.


Does anything useful appear in the master's logs?
 

I don't want to proceed anything so I don't have to do things over again. But on master...
service puppetmaster status
 * master is not running


Well is it running or not?  Do you see it in the process table?

 

WoW.... ???

master# service puppetmaster start
* Starting puppet master    [OK]
master# service puppetmaster status
 * master is not running


I'd get this one sorted out first.  Again, is the master actually running or not?


John

Reply all
Reply to author
Forward
0 new messages