• 4
name

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191

Backtrace:

File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

name Punditsdkoslkdosdkoskdo

SSL issues with puppet agent at openSUSE

I have a master running at my vps, and it has a simple helloworld manifest which works fine with any ubuntu machine I have. It connects, exchanges keys and creates test file allright, so I'm sure it's not server issue.

The agent which is running at a virtual machine with openSUSE says:

err: Could not request certificate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed.  This is often because the time is out of sync on the server or client

I believe it's probably a broken or missing lib, since the package is not built very accurately - it wouldn't start out of the box because of wrong path to lockfile, for example. So how do I figure out what exactly is wrong here?

The time is allright, I've checked it.

I probably could do without SSL if it's possible, since that SUSE machines are just for training, but it's the last opportunity.

      • 1
    • I set up three, one on local machine, ubuntu, one on vps, ubuntu and one on another virtual machine, opensuse. No avail.
      • 2
    • Right - what I'm getting at is that your OpenSUSE client only trusts the first puppet master that it connected to, which might not be this one. Try deleting /var/lib/puppet/ssl (or whatever your puppet.conf uses for ssldir) and try again.
      • 2
    • root@Ubuntu-1110:~# date --utc Sat Dec 15 07:26:19 UTC 2012 linux-fjmb:~ # date --utc Sat Dec 15 07:26:20 UTC 2012

A couple things to check.

First, there's apparently known SSL validation issues when you're running different ruby versions between agents and masters; see here. Make sure your master is running 1.9.x (I don't think Ubuntu 11.10 would by default).

Second, SSL validation is based around hostnames; your puppet agent is configured to point to a hostname of puppet, which the certificate that the puppet master doesn't have as its CN or an alt name - validation should fail. Change the agent's config to point to one of the names that's in the cert, like puppet.cloudcabin.org.

  • 1
Reply Report
      • 2
    • It's a part of the answer in my case. What worked for me is ruby 1.9 at both client and server and puppet 3 on both client and server. In ubuntu ruby 1.9.1 is in the repos but should be chosen explicitly, the package name is ruby1.9.1, and puppet 3 can be installed from puppetlabs' repo. In suse, ruby 1.9 is default, and the package for puppet 3 can be found here: download.opensuse.org/repositories/systemsmanagement:/puppet/… Thanks a lot for your patience.

Trending Tags