|
⇤ ← Revision 1 as of 2020-03-07 02:56:17
Size: 264
Comment: new buster test server
|
Size: 1358
Comment: finally realized why we have to add domain hcoop.net resolv.conf before installing
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 7: | Line 7: |
| === resolv.conf / initial puppet cert request === We can't really get around manually opening the firewall for the agent on the puppetmaster... at our scale this isn't a big deal anyway. Like others, had to set `domain hcoop.net` manually in the config. It looks like the only reason we need this is for the initial cert request. So I tried setting the agent config at `/etc/puppetlabs/puppet/puppet.conf` to: {{{ [main] server = puppet.hcoop.net }}} But the cert for the master only has the fqdn of its concrete hostname, and the alias `puppet` with no domain {{{ Error: Server hostname 'puppet.hcoop.net' did not match server certificate; expected one of gibran.hcoop.net, DNS:puppet, DNS:gibran.hcoop.net Error: Could not run: Server hostname 'puppet.hcoop.net' did not match server certificate; expected one of gibran.hcoop.net, DNS:puppet, DNS:gibran.hcoop.net }}} If we could regenerate this to also include `CN:puppet.hcoop.net`, the manual edit that needed to be done would at least be more related to the limitation in our infrastructure that mandates it... |
Server busted.hcoop.net is a virtual machine at DigitalOcean that was created to work on the Debian Stretch to Buster upgrade.
It's name is just an allusion to it being broken by design.
1. Setup Notes
1.1. resolv.conf / initial puppet cert request
We can't really get around manually opening the firewall for the agent on the puppetmaster... at our scale this isn't a big deal anyway.
Like others, had to set domain hcoop.net manually in the config. It looks like the only reason we need this is for the initial cert request. So I tried setting the agent config at /etc/puppetlabs/puppet/puppet.conf to:
[main] server = puppet.hcoop.net
But the cert for the master only has the fqdn of its concrete hostname, and the alias puppet with no domain
Error: Server hostname 'puppet.hcoop.net' did not match server certificate; expected one of gibran.hcoop.net, DNS:puppet, DNS:gibran.hcoop.net Error: Could not run: Server hostname 'puppet.hcoop.net' did not match server certificate; expected one of gibran.hcoop.net, DNS:puppet, DNS:gibran.hcoop.net
If we could regenerate this to also include CN:puppet.hcoop.net, the manual edit that needed to be done would at least be more related to the limitation in our infrastructure that mandates it...