I have created a shell script to autosign Puppet certificate requests at /etc/puppet/autosign.sh and have configured this path in the puppet master's configuration.
autosign = /etc/puppet/autosign.sh
For now, I have given all users read and execute permissions on this script. However, when a test client tries to request a certificate, I get the following notification on the client (which is cloud based).
Exiting; no certificate found and waitforcert is disabled
And the following in the server logs:
puppet-master[465]: Could not resolve xx.xx.xx.xx: no name for xx.xx.xx.xx
puppet-master[465]: Could not resolve xx.xx.xx.xx: no name for xx.xx.xx.xx
puppet puppet-master[465]: www.test.com has a waiting certificate request
puppet puppet-master[465]: Could not resolve xx.xx.xx.xx: no name for xx.xx.xx.xx
I have put an entry for this IP and host in /etc/hosts and have checked that I can do forward and reverse lookups for this host. I don't know why the puppet-master can't resolve this address or why it isn't auto-signing the request. I have written the autosign script to write to a logfile, and nothing gets written to it. When I execute the autosign script manually, it writes to the logfile correctly.
I'm on centos 7.2, running puppet 3.8.7. I'm also running this under foreman v1.11.
Manually signing the certificate request allows the puppet agent to execute as normal.
How can I fix this error?
0 Answers