puppetserver (ver 4) initial set up
22 views
Skip to first unread message
dkoleary
May 18, 2016, 12:10:26 PM5/18/16
to Puppet Users
Hey;
I'm trying to figure out puppet ver 4 after a long absence from puppet - in fact, I missed pretty much all of ver 3.
The recommendation everywhere is basically don't use the same name for the puppet server as the node on which it's running. Short way of saying that from one book is: The server is not the node.
So, I have puppet resolving in DNS as a cname for the node on which my puppetserver will be running:
# host puppet
puppet.olearycomputers.com is an alias for pm.olearycomputers.com.
pm.olearycomputers.com has address 192.168.122.2
The initial run of the puppet server generates the host key and what not:
# puppet cert list --all
+ "pm.olearycomputers.com" (SHA256) 3E:48:31:69:42:D9:F1:9D:85:E2:CF:D2:A9:95:6C:54:24:9A:DF:CF:44:07:F1:E8:AB:7F:5C:79:78:51:CE:93 (alt names: "DNS:puppet", "DNS:pm.olearycomputers.com")
The CA is pointing to pm from what I see:
# puppet ca list --all
+ pm.olearycomputers.com (SHA256) 3E:48:31:69:42:D9:F1:9D:85:E2:CF:D2:A9:95:6C:54:24:9A:DF:CF:44:07:F1:E8:AB:7F:5C:79:78:51:CE:93
Yet, when I try to run the puppet agent on the puppet server, I'm getting the certificate error:
# puppet agent -t
Error: Could not request certificate: The certificate retrieved from the master does not match the agent's private key.
Certificate fingerprint: 2B:DD:26:A3:DE:E4:52:A4:51:91:55:25:17:90:08:6E:A5:62:31:0F:59:A2:D7:DC:B3:A9:84:53:E5:19:EB:61
[[snip]]
I'm betting I missed something very basic; but, if someone could point it out to me, I'd appreciate it.
BTW, I have had success configuring the server *as* pm; however, that breaks the rule 'the server is not the node'.
BTW, I have had success configuring the server *as* pm; however, that breaks the rule 'the server is not the node'.
Thanks
Doug O'Leary
dkoleary
May 18, 2016, 12:40:29 PM5/18/16
to Puppet Users
Hey;
Never mind, I got it. Based on advice from a knowledgeable source, I changed the 'volatile' file directory in the puppetserver configs. I had to have the [agent] stanza pointing to the same location. Once done, 'puppet agent -t' works as expected.
Amazing how many times the answer comes to me after I post a question about it.
Hope this helps someone else.
Doug
Reply all
Reply to author
Forward
0 new messages