puppet hostname problem
I searched online and I see a few other people have had this issue on other lists/boards. When I run sudo puppetd --waitforcert 60 --test for the 2nd time after signing the cert on the master server I get this error-
notice: Got signed certificate
warning: Certificate validation failed; considering using the certname configuration option
err: /File[/var/lib/puppet/lib]: Failed to generate additional resources during transaction: Certificates were not trusted: hostname was not match with the server certificate
I'm not sure I understand what the problem or how to fix it. So that is why I ask.
I'm setting puppet up on two servers on my LAN. The puppetmaster is named 'puppet' and the other server is named 'puppetclient'. I put puppet into /etc/hosts on puppetclient.
running hostname -f will display puppet and pupperclient on the respective servers. I'm not sure what else to try. Does anyone have any insight?
Solution 1:
Sounds like the puppetmaster certificate was created when the host was named something other than "puppet". Recreate the certificate and you should be good.
The name stored in the certificate has to match what you configured your client to connect to (exactly). For instance, if you configure your client to connect to "puppet.domain.com", you'll get an error if the certificate is named "puppet" and vice versa.
Solution 2:
If you want to use DNS CNAME for your puppetmaster, you can start the puppetmaster using:
puppetmaster --certname cname.domain.org
which will make puppetmaster use cname.domain.org
instead of the default fully qualified domain name.
Solution 3:
The --certname cname.domain.org
flag option seemed to have done the trick for me (on Amazon EC2)