On Jun 2, 2011, at 9:32 AM, John Kennedy wrote: > Replies inline > > On Wed, Jun 1, 2011 at 17:55, Patrick <kc7...@gmail.com> wrote: > > On Jun 1, 2011, at 8:05 AM, John Kennedy wrote: > >> I have several servers being hosted on Amazon Web Services. They have all >> been build from the same manifest so apart from the hostnames, IP, etc they >> are all identical. >> >> All but 3 of the boxes can connect to the puppetmaster. When kicked from the >> puppetmaster two give: >> Host host.example.com failed: Connection refused - connect(2) >> >> one gives: >> >> Host host.example.com failed: SSL_connect returned=1 errno=0 state=SSLv3 >> read server certificate B: certificate verify failed >> >> All then give an exit code of 2 >> >> I have deleted /etc/puppet/ssl on the node and revoked the certs on the >> puppet master (puppetca -c host.example.com) with the same results on all 3 >> boxes. >> >> I know it is not my laptop's fault but I am about to throw it out the >> window... >> >> Please save the poor thing and give me a hint as to what else I can do... >> >> Thanks, > > What version of puppet is running on the clients? What version on the server? > > Client is 2.6.7 > Server is 2.6.4 > > > Did you forget "listen=true" on the ones that say "connection refused"? > > No They are all the same... > > > Is "host.example.com" the master or the client you're kicking? > > host.example.com is the client I am trying to kick > > > On the client and the server, try this command: > md5sum /var/lib/puppet/ssl/ca/ca_crt.pem > > On the server try this command: > md5sum /var/lib/puppet/ssl/certs/ca.pem > > Do all 3 certs match? > None of the files exist. (our puppet config files are in /etc)
Hmm. I'd guess puppet's storing the ssl config in a different location from where puppet stores them on my system. To get the of those files for you run as root: puppetd --genconfig | grep 'localcacert = ' " on the client to find the client's ssl cert location. CA's cert path (run as root): puppet master --genconfig | grep ' cacert = ' Then check if the md5sums of those files match between the server and the client that gives the SSL Verify error. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.