preflight --debug certificate error

31 views
Skip to first unread message

bre...@plangrid.com

unread,
Oct 11, 2017, 8:36:00 PM10/11/17
to Simian Discuss
We have been trying to figure out how to fix this error when we run:

sudo /usr/local/munki/preflight --debug


We are seeing this error:

WARNING:root:Skipping cert mmini-serv01.local.pem, unknown issuer

WARNING:root:Expected: "CN=foreman.xxxxx.xxxxx.com" Received: "CN=Puppet CA: foreman.xxxxx.xxxxx.com"


For the life of us we can figure out why CN=foreman.xxxxx.xxxxx.com, instead of CN=Puppet CA: foreman.xxxxx.xxxxx.com is being expected. Where should we check?

Full debug:


mmini-serv01:simian admin$ sudo /usr/local/munki/preflight --debug


Password:


DEBUG:root:Executing: ['/usr/local/bin/simianfacter', '-j']


DEBUG:root:Executing: ['/usr/bin/last', '-100']


DEBUG:root:Executing: system_profiler SPHardwareDataType


DEBUG:root:Executing: ['/usr/bin/last', '-100']


DEBUG:root:Executing: system_profiler SPHardwareDataType


DEBUG:root:SimianClient.__init__(https://xxxxx.appspot.com [default=False], 443, True)


DEBUG:root:LoadHost(https://xxxxx.appspot.com, 443)


DEBUG:root:LoadHost(): hostname = xxxxx.appspot.com, port = None, use_https = True


DEBUG:root:_LoadRootCertChain()


DEBUG:root:_Get(root_ca_cert_chain_pem_path)


DEBUG:root:_GetExternalValue(root_ca_cert_chain_pem_path)


DEBUG:root:_GetExternalConfiguration(settings)


WARNING:root:Root CA Cert Chain was EMPTY!


DEBUG:root:GetSystemRootCACertChain: Executing ['/usr/bin/security', 'find-certificate', '-a', '-p', '/System/Library/Keychains/SystemRootCertificates.keychain']


DEBUG:root:GetSystemRootCACertChain: returning 270213 bytes


DEBUG:root:LoadCaParameters


DEBUG:root:_Get(ca_id)


DEBUG:root:_GetExternalValue(ca_id)


DEBUG:root:_GetExternalConfiguration(settings)


DEBUG:root:_Get(ca_public_cert_pem)


DEBUG:root:_GetExternalPem(ca_public_cert_pem)


DEBUG:root:_GetExternalConfiguration(ca_public_cert.pem)


DEBUG:root:_Get(server_public_cert_pem)


DEBUG:root:_GetExternalPem(server_public_cert_pem)


DEBUG:root:_GetExternalConfiguration(server_public_cert.pem)


DEBUG:root:_Get(required_issuer)


DEBUG:root:_GetExternalValue(required_issuer)


DEBUG:root:Loaded ca_params


DEBUG:root:SimianAuthClient._GetPuppetSslDetails


INFO:root:GetFacter: facter cache file does not exist.


DEBUG:root:Certname from facter: "None"


WARNING:root:Certname was not found in facter!


DEBUG:root:_GetPuppetSslDetails(None.pem)


DEBUG:root:_ValidatePuppetSslCert: required_issuer CN=foreman.xxxxx.xxxxx.com


DEBUG:root:_ValidatePuppetSslCert: /etc/puppetlabs/puppet/ssl/certs/None.pem


DEBUG:root:Skipped cert None.pem, IO Error [Errno 2] No such file or directory: '/etc/puppetlabs/puppet/ssl/certs/None.pem'


ERROR:root:Failed to harvest Puppet SSL cert facter specified.


DEBUG:root:_GetNewestPuppetSslCert found certs ca.pem mmini-serv01.local.pem


DEBUG:root:_ValidatePuppetSslCert: required_issuer CN=foreman.xxxxx.xxxxx.com


DEBUG:root:_ValidatePuppetSslCert: /etc/puppetlabs/puppet/ssl/certs/mmini-serv01.local.pem


DEBUG:root:Looking at issuer CN=Puppet CA: foreman.xxxxx.xxxxx.com


WARNING:root:Skipping cert mmini-serv01.local.pem, unknown issuer


WARNING:root:Expected: "CN=foreman.xxxxx.xxxxx.com" Received: "CN=Puppet CA: foreman.xxxxx.xxxxx.com"


Traceback (most recent call last):


  File "/usr/local/munki/simian_client.py", line 87, in <module>


    sys.exit(main(sys.argv[1:]))


  File "/usr/local/munki/simian_client.py", line 73, in main


    preflight.RunPreflight(runtype, server_url=server_url)


  File "/usr/local/munki/simian/lib/python2.7/site-packages/simian-2.5-py2.7.egg/simian/mac/client/preflight.py", line 373, in RunPreflight


    secure_config, client_id, user_settings, client_exit)


  File "/usr/local/munki/simian/lib/python2.7/site-packages/simian-2.5-py2.7.egg/simian/mac/client/preflight.py", line 141, in LoginToServer


    token = client.GetAuthToken()


  File "/usr/local/munki/simian/lib/python2.7/site-packages/simian-2.5-py2.7.egg/simian/client/client.py", line 1475, in GetAuthToken


    self.DoSimianAuth()


  File "/usr/local/munki/simian/lib/python2.7/site-packages/simian-2.5-py2.7.egg/simian/client/client.py", line 1176, in DoSimianAuth


    self._InitializeAuthClass(interactive_user)


  File "/usr/local/munki/simian/lib/python2.7/site-packages/simian-2.5-py2.7.egg/simian/client/client.py", line 1151, in _InitializeAuthClass


    raise SimianClientError('Could not obtain SSL details')


simian.client.client.SimianClientError: Could not obtain SSL details






Reply all
Reply to author
Forward
0 new messages