A weird one - Could not obtain SSL details

75 views
Skip to first unread message

Chris Whittle

unread,
Apr 16, 2015, 9:18:45 AM4/16/15
to simian-...@googlegroups.com
I have a machine that when I install simian/munki and the certificates (just like I have on others that work) it won't work.
I get the following errors

simianauth

/usr/local/munki/simian/lib/python2.6/site-packages/simian-2.3-py2.6.egg/simian/client/gae_client.zip/google/appengine/tools/dev_appserver_login.py:33: DeprecationWarning: the md5 module is deprecated; use hashlib instead

/usr/local/munki/simian/lib/python2.6/site-packages/tlslite-0.3.8-py2.6.egg/tlslite/utils/cryptomath.py:9: DeprecationWarning: the sha module is deprecated; use the hashlib module instead


/usr/local/munki/simian/lib/python2.6/site-packages/simian-2.3-py2.6.egg/simian/client/gae_client.zip/google/appengine/tools/dev_appserver_login.py:33: DeprecationWarning: the md5 module is deprecated; use hashlib instead


/usr/local/munki/simian/lib/python2.6/site-packages/tlslite-0.3.8-py2.6.egg/tlslite/utils/cryptomath.py:9: DeprecationWarning: the sha module is deprecated; use the hashlib module instead


WARNING:root:Root CA Cert Chain was EMPTY!


ERROR:root:Configuration not found: server_private_key.pem


ERROR:root:Configuration not found: server_private_key.pem


ERROR:root:Failed to harvest Puppet SSL cert facter specified.


Error: Could not obtain SSL details


I've doubled and tripled checked and the certs are all in the right places and I even regenerated the certs...  
Here is where it gets even weirder.

If I do simianfacter I get this

certname => foo-cert-name
primary_user => foouser
sp_local_host_name => foohost
configtrack => stable
simiantrack => stable
site => MTV
location => US-MTV-FOO
applesus => True


So it's not even returning the serial of the computer (which normally happens on a default install)

I've wiped and reinstalled the OS brand new updated Yosemite 10.10 (14A389) and it still doesn't fix it...
I've opened up permissions on the /etc/simian/ssl folder to 777 just in case but it doesn't fix it.

Any ideas?  

Thanks,
Chris

Justin McWilliams

unread,
Apr 16, 2015, 9:24:48 AM4/16/15
to simian-...@googlegroups.com
If you hardcode the certname in settings.cfg, does simianauth then find the cert?  Rather than chmod 777 on the SSL dir, you should run simianauth with sudo.

--
You received this message because you are subscribed to the Google Groups "Simian Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to simian-discus...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Chris Whittle

unread,
Apr 16, 2015, 9:33:16 AM4/16/15
to simian-...@googlegroups.com
just tried another complete removal of /etc/simian and reinstall - no dice
also tried hard coding the certname (double checking my names) and it failed with the same error too...

This is just weird

sudo simianauth

/usr/local/munki/simian/lib/python2.6/site-packages/simian-2.3-py2.6.egg/simian/client/gae_client.zip/google/appengine/tools/dev_appserver_login.py:33: DeprecationWarning: the md5 module is deprecated; use hashlib instead

/usr/local/munki/simian/lib/python2.6/site-packages/tlslite-0.3.8-py2.6.egg/tlslite/utils/cryptomath.py:9: DeprecationWarning: the sha module is deprecated; use the hashlib module instead

/usr/local/munki/simian/lib/python2.6/site-packages/simian-2.3-py2.6.egg/simian/client/gae_client.zip/google/appengine/tools/dev_appserver_login.py:33: DeprecationWarning: the md5 module is deprecated; use hashlib instead

/usr/local/munki/simian/lib/python2.6/site-packages/tlslite-0.3.8-py2.6.egg/tlslite/utils/cryptomath.py:9: DeprecationWarning: the sha module is deprecated; use the hashlib module instead

WARNING:root:Root CA Cert Chain was EMPTY!

ERROR:root:Configuration not found: server_private_key.pem

ERROR:root:Configuration not found: server_private_key.pem

ERROR:root:Failed to harvest Puppet SSL cert facter specified.

Error: Could not obtain SSL details

--
You received this message because you are subscribed to a topic in the Google Groups "Simian Discuss" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/simian-discuss/o7nK7OstEGo/unsubscribe.
To unsubscribe from this group and all its topics, send an email to simian-discus...@googlegroups.com.

Justin McWilliams

unread,
Apr 16, 2015, 9:37:23 AM4/16/15
to simian-...@googlegroups.com
simianauth --debug may be insightful, as it'll provide more detail of what it did find, but beware what you post (as you know).   

Chris Whittle

unread,
Apr 16, 2015, 9:57:01 AM4/16/15
to simian-...@googlegroups.com
dang it, was a bad PEM.... It has been already added and I forgot to remove it so it was generating a empty PEM

Thanks Justin

Kevin Murimi

unread,
Apr 26, 2017, 5:18:29 AM4/26/17
to Simian Discuss, chrisw...@collectivebias.com
For guys that check this thread later and the given solution doesn't work for you just try checking if you have added the ca_public_cert and server_public_cert on your Simian server :)
Reply all
Reply to author
Forward
0 new messages