Puppet 0.25 vs 0.24
Puppet Client 0.25 présent sur Ubuntu Lucid 10.4 n’est pas compatible avec un Puppet master en version 0.24 présent sur Ubuntu Karmic 9.4.
Le symptôme est le suivant : le puppet master semble ne jamais recevoir la demande de certificat. Coté client cela donne
sudo puppetd --waitforcert 60 --test info: Creating a new SSL key for h3-desktop warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session info: Creating a new SSL certificate request for h3-desktop warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session notice: Did not receive certificate warning: peer certificate won't be verified in this SSL session notice: Did not receive certificate
Sur le serveur cela donne
sudo puppetca --list No certificates to sign
L’avertissement était clair
Dans la Release Notes l’avertissement était clair :
Newer clients may not work with older servers and vice-versa. Where possible backwards-compatibility is maintained but it’s not always totally successful. The best approach is to ensure your master and clients are the same version. When upgrading it is also recommended that you upgrade your master first.
Solution, backport
Dans /etc/apt/source.list on ajoute
deb http://ubuntu.mirror.rafal.ca/ubuntu/ karmic-security main restricted deb-src http://ubuntu.mirror.rafal.ca/ubuntu/ karmic-security main restricted deb http://ubuntu.mirror.rafal.ca/ubuntu/ karmic-security universe deb-src http://ubuntu.mirror.rafal.ca/ubuntu/ karmic-security universe deb http://ubuntu.mirror.rafal.ca/ubuntu/ karmic-security multiverse deb-src http://ubuntu.mirror.rafal.ca/ubuntu/ karmic-security multiverse
Et puis zou
apt-get update aptitude -t karmic install puppet
Juste faire attention à pas tout péter à la prochaine mise à jour