Hi Bhathiya, Please check if the hostname(hostname command) is correctly set in puppet master. Also, after the certificate clearance, remember to restart puppet master.
Thanks. On Tue, Feb 23, 2016 at 12:34 AM, Sajith Kariyawasam <[email protected]> wrote: > Hi Bhathiya, > > Did you delete old certs in puppet master as explained in [1] ? From the > commands you have listed, it seems you have deleted the certs in agent side > only. > [2] too provides some tips related to a similar issue. > Also, if you are testing in an IaaS, please make sure all the necessary > ports in puppet master instance are accessible from puppet agent instance. > > > [1] > http://serverfault.com/questions/515296/puppet-agent-certificate-verify-failure > [2] > http://stackoverflow.com/questions/4528101/ssl-connect-returned-1-errno-0-state-sslv3-read-server-certificate-b-certificat > > Thanks, > Sajith > > On Tue, Feb 23, 2016 at 12:02 AM, Bhathiya Jayasekara <[email protected]> > wrote: > >> Thanks for the prompt response Pubudu. I already tried that and got below. >> >> root@apim-2:/opt# find /var/lib/puppet/ssl -name '*.pem' -exec rm {} \; >> root@apim-2:/opt# puppet agent -t >> Info: Creating a new SSL key for apim-2.openstacklocal >> Info: Caching certificate for ca >> Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml >> Info: Creating a new SSL certificate request for apim-2.openstacklocal >> Info: Certificate Request fingerprint (SHA256): >> 74:F4:B5:D3:39:02:0F:D7:6D:88:0C:06:4B:55:1C:08:7C:B8:C9:3E:91:0F:B1:C9:1B:07:DE:27:BB:D1:D5:55 >> Info: Caching certificate for apim-2.openstacklocal >> Info: Caching certificate_revocation_list for ca >> Error: Could not request certificate: SSL_connect returned=1 errno=0 >> state=SSLv3 read server certificate B: certificate verify failed: >> [certificate revoked for /CN=apim-2.openstacklocal] >> >> Thanks, >> Bhathiya >> >> On Mon, Feb 22, 2016 at 11:52 PM, Pubudu Gunatilaka <[email protected]> >> wrote: >> >>> Hi Bhathiya, >>> >>> Could you please check with this [1] ? I think you are having Error 4. >>> >>> [1] - >>> http://suhan-opensource.blogspot.com/2014/10/puppet-master-agent-communication-errors.html >>> >>> Thank you! >>> >>> On Mon, Feb 22, 2016 at 11:47 PM, Bhathiya Jayasekara <[email protected] >>> > wrote: >>> >>>> Hi all, >>>> >>>> I followed all the steps in [1]. But at the end I'm getting below cert >>>> error. Can someone please help me to understand what's wrong? >>>> >>>> root@apim-2:/opt# ./setup.sh >>>> ##################################################### >>>> Starting cleanup >>>> ##################################################### >>>> ##################################################### >>>> Setting up environment >>>> ##################################################### >>>> ##################################################### >>>> Installing >>>> ##################################################### >>>> Warning: Unable to fetch my node definition, but the agent run will >>>> continue: >>>> Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server >>>> certificate B: certificate verify failed: [certificate revoked for >>>> /CN=apim-2.openstacklocal] >>>> Info: Retrieving plugin >>>> Error: /File[/var/lib/puppet/lib]: Failed to generate additional >>>> resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 >>>> read server certificate B: certificate verify failed: [certificate revoked >>>> for /CN=apim-2.openstacklocal] >>>> Error: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect >>>> returned=1 errno=0 state=SSLv3 read server certificate B: certificate >>>> verify failed: [certificate revoked for /CN=apim-2.openstacklocal] Could >>>> not retrieve file metadata for puppet://puppet/plugins: SSL_connect >>>> returned=1 errno=0 state=SSLv3 read server certificate B: certificate >>>> verify failed: [certificate revoked for /CN=apim-2.openstacklocal] >>>> Error: Could not retrieve catalog from remote server: SSL_connect >>>> returned=1 errno=0 state=SSLv3 read server certificate B: certificate >>>> verify failed: [certificate revoked for /CN=apim-2.openstacklocal] >>>> Warning: Not using cache on failed catalog >>>> Error: Could not retrieve catalog; skipping run >>>> Error: Could not send report: SSL_connect returned=1 errno=0 >>>> state=SSLv3 read server certificate B: certificate verify failed: >>>> [certificate revoked for /CN=apim-2.openstacklocal] >>>> >>>> [1] >>>> https://github.com/wso2/puppet-modules/wiki/Use-WSO2-Puppet-Modules-in-puppet-master-agent-Environment >>>> >>>> Thanks, >>>> >>>> -- >>>> *Bhathiya Jayasekara* >>>> *Senior Software Engineer,* >>>> *WSO2 inc., http://wso2.com <http://wso2.com>* >>>> >>>> *Phone: +94715478185 <%2B94715478185>* >>>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >>>> <http://www.linkedin.com/in/bhathiyaj>* >>>> *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* >>>> *Blog: http://movingaheadblog.blogspot.com >>>> <http://movingaheadblog.blogspot.com/>* >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> [email protected] >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> *Pubudu Gunatilaka* >>> Committer and PMC Member - Apache Stratos >>> Software Engineer >>> WSO2, Inc.: http://wso2.com >>> mobile : +94774079049 <%2B94772207163> >>> >>> >> >> >> -- >> *Bhathiya Jayasekara* >> *Senior Software Engineer,* >> *WSO2 inc., http://wso2.com <http://wso2.com>* >> >> *Phone: +94715478185 <%2B94715478185>* >> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >> <http://www.linkedin.com/in/bhathiyaj>* >> *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* >> *Blog: http://movingaheadblog.blogspot.com >> <http://movingaheadblog.blogspot.com/>* >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Sajith Kariyawasam > *Committer and PMC member, Apache Stratos, * > *WSO2 Inc.; http://wso2.com <http://wso2.com>* > *Mobile: 0772269575 <0772269575>* > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- -- Lahiru Sandaruwan Committer and PMC member, Apache Stratos, Senior Software Engineer, WSO2 Inc., http://wso2.com lean.enterprise.middleware phone: +94773325954 email: [email protected] blog: http://lahiruwrites.blogspot.com/ linked-in: http://lk.linkedin.com/pub/lahiru-sandaruwan/16/153/146
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
