Hi all, Thanks for the replies. The problem was the hostname as Lahiru mentioned. I didn't restart the VM after changing /etc/hostname before. Just restarted the VM now and issue is solved. I think it's better to update the doc if a restart is required after changing hostname.
However I endedup in another error.. Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find data item classes in any Hiera data file and no default supplied at /etc/puppet/environments/production/manifests/site.pp:21 on node apim-node-1.openstacklocal Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run As mentioned in the doc, I have that site.pp in puppet master only. Do I need to have it in agent too? Thanks, Bhathiya On Tue, Feb 23, 2016 at 9:34 AM, Akila Ravihansa Perera <[email protected]> wrote: > Hi Bhathiya, > > Please try the following steps; > > 1. Delete all certificates in Puppet master (rm -rf /var/lib/puppet/ssl/*) > 2. Delete all certificates in Puppet agent (rm -rf /var/lib/puppet/ssl/*) > You may use `puppet cert clean --all` command as well > > 3. Check puppet.conf in both Puppet agent and master > Agent should point to master hostname > server = puppet.example.com > > This hostname must resolve to corresponding IP address via DNS or hosts > file mappings > > This hostname must be the Puppet master's system hostname. Or else it > should be added as a property to puppet.conf in Puppet master instance > > dns_alt_names=puppet.example.com > > 4. Auto-signing should be enabled in puppet.conf in Puppet master. Or all > the white-listed hostnames should be added to autosign.conf in Puppet > master. > autosign = true > > 5. Restart Puppet master service after modifying above config files. > > Thanks. > > On Tue, Feb 23, 2016 at 7:43 AM, Lahiru Sandaruwan <[email protected]> > wrote: > >> Hi Bhathiya, >> >> Please check if the hostname(hostname command) is correctly set in puppet >> master. Also, after the certificate clearance, remember to restart puppet >> master. >> >> Thanks. >> >> On Tue, Feb 23, 2016 at 12:34 AM, Sajith Kariyawasam <[email protected]> >> wrote: >> >>> Hi Bhathiya, >>> >>> Did you delete old certs in puppet master as explained in [1] ? From the >>> commands you have listed, it seems you have deleted the certs in agent side >>> only. >>> [2] too provides some tips related to a similar issue. >>> Also, if you are testing in an IaaS, please make sure all the necessary >>> ports in puppet master instance are accessible from puppet agent instance. >>> >>> >>> [1] >>> http://serverfault.com/questions/515296/puppet-agent-certificate-verify-failure >>> [2] >>> http://stackoverflow.com/questions/4528101/ssl-connect-returned-1-errno-0-state-sslv3-read-server-certificate-b-certificat >>> >>> Thanks, >>> Sajith >>> >>> On Tue, Feb 23, 2016 at 12:02 AM, Bhathiya Jayasekara <[email protected] >>> > wrote: >>> >>>> Thanks for the prompt response Pubudu. I already tried that and got >>>> below. >>>> >>>> root@apim-2:/opt# find /var/lib/puppet/ssl -name '*.pem' -exec rm {} \; >>>> root@apim-2:/opt# puppet agent -t >>>> Info: Creating a new SSL key for apim-2.openstacklocal >>>> Info: Caching certificate for ca >>>> Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml >>>> Info: Creating a new SSL certificate request for apim-2.openstacklocal >>>> Info: Certificate Request fingerprint (SHA256): >>>> 74:F4:B5:D3:39:02:0F:D7:6D:88:0C:06:4B:55:1C:08:7C:B8:C9:3E:91:0F:B1:C9:1B:07:DE:27:BB:D1:D5:55 >>>> Info: Caching certificate for apim-2.openstacklocal >>>> Info: Caching certificate_revocation_list for ca >>>> Error: Could not request certificate: SSL_connect returned=1 errno=0 >>>> state=SSLv3 read server certificate B: certificate verify failed: >>>> [certificate revoked for /CN=apim-2.openstacklocal] >>>> >>>> Thanks, >>>> Bhathiya >>>> >>>> On Mon, Feb 22, 2016 at 11:52 PM, Pubudu Gunatilaka <[email protected]> >>>> wrote: >>>> >>>>> Hi Bhathiya, >>>>> >>>>> Could you please check with this [1] ? I think you are having Error 4. >>>>> >>>>> [1] - >>>>> http://suhan-opensource.blogspot.com/2014/10/puppet-master-agent-communication-errors.html >>>>> >>>>> Thank you! >>>>> >>>>> On Mon, Feb 22, 2016 at 11:47 PM, Bhathiya Jayasekara < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi all, >>>>>> >>>>>> I followed all the steps in [1]. But at the end I'm getting below >>>>>> cert error. Can someone please help me to understand what's wrong? >>>>>> >>>>>> root@apim-2:/opt# ./setup.sh >>>>>> ##################################################### >>>>>> Starting cleanup >>>>>> ##################################################### >>>>>> ##################################################### >>>>>> Setting up environment >>>>>> ##################################################### >>>>>> ##################################################### >>>>>> Installing >>>>>> ##################################################### >>>>>> Warning: Unable to fetch my node definition, but the agent run will >>>>>> continue: >>>>>> Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server >>>>>> certificate B: certificate verify failed: [certificate revoked for >>>>>> /CN=apim-2.openstacklocal] >>>>>> Info: Retrieving plugin >>>>>> Error: /File[/var/lib/puppet/lib]: Failed to generate additional >>>>>> resources using 'eval_generate': SSL_connect returned=1 errno=0 >>>>>> state=SSLv3 >>>>>> read server certificate B: certificate verify failed: [certificate >>>>>> revoked >>>>>> for /CN=apim-2.openstacklocal] >>>>>> Error: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect >>>>>> returned=1 errno=0 state=SSLv3 read server certificate B: certificate >>>>>> verify failed: [certificate revoked for /CN=apim-2.openstacklocal] Could >>>>>> not retrieve file metadata for puppet://puppet/plugins: SSL_connect >>>>>> returned=1 errno=0 state=SSLv3 read server certificate B: certificate >>>>>> verify failed: [certificate revoked for /CN=apim-2.openstacklocal] >>>>>> Error: Could not retrieve catalog from remote server: SSL_connect >>>>>> returned=1 errno=0 state=SSLv3 read server certificate B: certificate >>>>>> verify failed: [certificate revoked for /CN=apim-2.openstacklocal] >>>>>> Warning: Not using cache on failed catalog >>>>>> Error: Could not retrieve catalog; skipping run >>>>>> Error: Could not send report: SSL_connect returned=1 errno=0 >>>>>> state=SSLv3 read server certificate B: certificate verify failed: >>>>>> [certificate revoked for /CN=apim-2.openstacklocal] >>>>>> >>>>>> [1] >>>>>> https://github.com/wso2/puppet-modules/wiki/Use-WSO2-Puppet-Modules-in-puppet-master-agent-Environment >>>>>> >>>>>> Thanks, >>>>>> >>>>>> -- >>>>>> *Bhathiya Jayasekara* >>>>>> *Senior Software Engineer,* >>>>>> *WSO2 inc., http://wso2.com <http://wso2.com>* >>>>>> >>>>>> *Phone: +94715478185 <%2B94715478185>* >>>>>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >>>>>> <http://www.linkedin.com/in/bhathiyaj>* >>>>>> *Twitter: https://twitter.com/bhathiyax >>>>>> <https://twitter.com/bhathiyax>* >>>>>> *Blog: http://movingaheadblog.blogspot.com >>>>>> <http://movingaheadblog.blogspot.com/>* >>>>>> >>>>>> _______________________________________________ >>>>>> Dev mailing list >>>>>> [email protected] >>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> *Pubudu Gunatilaka* >>>>> Committer and PMC Member - Apache Stratos >>>>> Software Engineer >>>>> WSO2, Inc.: http://wso2.com >>>>> mobile : +94774079049 <%2B94772207163> >>>>> >>>>> >>>> >>>> >>>> -- >>>> *Bhathiya Jayasekara* >>>> *Senior Software Engineer,* >>>> *WSO2 inc., http://wso2.com <http://wso2.com>* >>>> >>>> *Phone: +94715478185 <%2B94715478185>* >>>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >>>> <http://www.linkedin.com/in/bhathiyaj>* >>>> *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* >>>> *Blog: http://movingaheadblog.blogspot.com >>>> <http://movingaheadblog.blogspot.com/>* >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> [email protected] >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> Sajith Kariyawasam >>> *Committer and PMC member, Apache Stratos, * >>> *WSO2 Inc.; http://wso2.com <http://wso2.com>* >>> *Mobile: 0772269575 <0772269575>* >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> -- >> Lahiru Sandaruwan >> Committer and PMC member, Apache Stratos, >> Senior Software Engineer, >> WSO2 Inc., http://wso2.com >> lean.enterprise.middleware >> >> phone: +94773325954 >> email: [email protected] blog: http://lahiruwrites.blogspot.com/ >> linked-in: http://lk.linkedin.com/pub/lahiru-sandaruwan/16/153/146 >> >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Akila Ravihansa Perera > WSO2 Inc.; http://wso2.com/ > > Blog: http://ravihansa3000.blogspot.com > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- *Bhathiya Jayasekara* *Senior Software Engineer,* *WSO2 inc., http://wso2.com <http://wso2.com>* *Phone: +94715478185* *LinkedIn: http://www.linkedin.com/in/bhathiyaj <http://www.linkedin.com/in/bhathiyaj>* *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* *Blog: http://movingaheadblog.blogspot.com <http://movingaheadblog.blogspot.com/>*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
