I have a puppetmaster and a seperate puppetDB server. My pupetDB server also acts as my puppetDB's postgresql server.
By the way all my servers are actually AWS EC2 instances.
I used the main puppetdb puppet forge module to set up my puppetdb server.
When I then try to do puppet run on one of my agents, it fails, and when I check the puppet server logs, I found the following error message:
2016-04-26 13:12:47,338 ERROR [qtp396679072-65] [c.p.h.c.i.PersistentSyncHttpClient] Error executing http request
javax.net.ssl.SSLPeerUnverifiedException: Host name 'ip-10-0-101-39.eu-west-1.compute.internal' does not match the certificate subject provided by the peer (CN=puppetdb_preprod_i-075d0a8f)
Based on this message, I think it is failing because my puppetDB server's puppet.conf file contains a custom value for the certname:
$ cat /etc/puppetlabs/puppet/puppet.conf
[main]
dns_alt_names = ip-10-0-101-39.eu-west-1.compute.internal
[agent]
certname = puppetdb_preprod_i-075d0a8f
server = my_puppet_server.com
Note, I tried overcoming the problem by introducing the default certname value as 'dns_alt_names' as shown above, but that didn't work either.
I am using custom certname because it is more meaningful than the default which is "ip-10-0-101-39.eu-west-1.compute.internal".
Am I right in thinking that custom certname is causing this problem?
↧
