Ubuntu
puppet package

  1. Bug #722594
  2. Comment #0

Comment 0 for bug 722594

Revision history for this message
TomDV (penumbra) wrote :

Binary package hint: puppet

There is a bug in the default apache puppetmaster vhost that's included in the package.

# puppetd --server puppet.fqdn --waitforcert 60 --no-usecacheonfailure
err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: tlsv1 alert decrypt error
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
#

This is easily fixed but it should be changed in the package too:

# mkdir /var/lib/puppet/ssl/ca/crl
# chown -R puppet:puppet /var/lib/puppet/ssl/ca/crl
# grep -i SSLCARevocation /etc/apache2/sites-enabled/puppetmaster
        # default: SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
        SSLCARevocationPath /var/lib/puppet/ssl/ca/crl