Puppet 0.25 vs 0.24
Puppet Client 0.25 présent sur Ubuntu Lucid 10.4 n’est pas compatible avec un Puppet master en version 0.24 présent sur Ubuntu Karmic 9.4.
Le symptôme est le suivant : le puppet master semble ne jamais recevoir la demande de certificat. Coté client cela donne
<span style="color: #c20cb9; font-weight: bold;">sudo</span> puppetd --waitforcert <span style="color: #000000;">60</span> --<span style="color: #7a0874; font-weight: bold;">test</span> info: Creating a new SSL key <span style="color: #000000; font-weight: bold;">for</span> h3-desktop warning: peer certificate won<span style="color: #ff0000;">'t be verified in this SSL session warning: peer certificate won'</span>t be verified <span style="color: #000000; font-weight: bold;">in</span> this SSL session info: Creating a new SSL certificate request <span style="color: #000000; font-weight: bold;">for</span> h3-desktop warning: peer certificate won<span style="color: #ff0000;">'t be verified in this SSL session warning: peer certificate won'</span>t be verified <span style="color: #000000; font-weight: bold;">in</span> this SSL session warning: peer certificate won<span style="color: #ff0000;">'t be verified in this SSL session warning: peer certificate won'</span>t be verified <span style="color: #000000; font-weight: bold;">in</span> this SSL session notice: Did not receive certificate warning: peer certificate won<span style="color: #ff0000;">'t be verified in this SSL session notice: Did not receive certificate</span>
Sur le serveur cela donne
<span style="color: #c20cb9; font-weight: bold;">sudo</span> puppetca --list No certificates to sign
L’avertissement était clair
Dans la Release Notes l’avertissement était clair :
Newer clients may not work with older servers and vice-versa. Where possible backwards-compatibility is maintained but it’s not always totally successful. The best approach is to ensure your master and clients are the same version. When upgrading it is also recommended that you upgrade your master first.
Solution, backport
Dans /etc/apt/source.list on ajoute
deb http:<span style="color: #000000; font-weight: bold;">//</span>ubuntu.mirror.rafal.ca<span style="color: #000000; font-weight: bold;">/</span>ubuntu<span style="color: #000000; font-weight: bold;">/</span> karmic-security main restricted deb-src http:<span style="color: #000000; font-weight: bold;">//</span>ubuntu.mirror.rafal.ca<span style="color: #000000; font-weight: bold;">/</span>ubuntu<span style="color: #000000; font-weight: bold;">/</span> karmic-security main restricted deb http:<span style="color: #000000; font-weight: bold;">//</span>ubuntu.mirror.rafal.ca<span style="color: #000000; font-weight: bold;">/</span>ubuntu<span style="color: #000000; font-weight: bold;">/</span> karmic-security universe deb-src http:<span style="color: #000000; font-weight: bold;">//</span>ubuntu.mirror.rafal.ca<span style="color: #000000; font-weight: bold;">/</span>ubuntu<span style="color: #000000; font-weight: bold;">/</span> karmic-security universe deb http:<span style="color: #000000; font-weight: bold;">//</span>ubuntu.mirror.rafal.ca<span style="color: #000000; font-weight: bold;">/</span>ubuntu<span style="color: #000000; font-weight: bold;">/</span> karmic-security multiverse deb-src http:<span style="color: #000000; font-weight: bold;">//</span>ubuntu.mirror.rafal.ca<span style="color: #000000; font-weight: bold;">/</span>ubuntu<span style="color: #000000; font-weight: bold;">/</span> karmic-security multiverse
Et puis zou
apt-get update aptitude -t karmic <span style="color: #c20cb9; font-weight: bold;">install</span> puppet
Juste faire attention à pas tout péter à la prochaine mise à jour