Issue #14246 has been updated by David Schmitt.
Daniel, is there any movement on this case? I've experienced the same problem with 2.7.14: re-use of hostnames on the agent-side leads to certificate error although allow_duplicate_certs is true on the master. ---------------------------------------- Bug #14246: allow duplicate certs does not work with agent/master https://projects.puppetlabs.com/issues/14246#change-66886 Author: Dan Bode Status: Accepted Priority: Normal Assignee: Daniel Pittman Category: sites Target version: Affected Puppet version: Keywords: Branch: On my master, I set: [main] allow_deplicate_certs = true on the master, I regenerate a private key, I get the failure: <pre> root@cygnet-2:~# puppet agent -t --ssldir=/tmp/ info: Creating a new SSL key for cygnet-2.cygnet.lab warning: peer certificate won't be verified in this SSL session info: Caching certificate for ca warning: peer certificate won't be verified in this SSL session info: Caching certificate for cygnet-2.cygnet.lab err: Could not request certificate: The certificate retrieved from the master does not match the agent's private key. Certificate fingerprint: B5:FE:4C:B6:D8:75:2C:8D:FD:05:48:53:43:DC:B4:10 To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate. On the master: puppet cert clean cygnet-2.cygnet.lab On the agent: rm -f /tmp/certs/cygnet-2.cygnet.lab.pem puppet agent -t </pre> It appears that the agent does not actually resend its cert req if one already exists, meaning that allow duplicate certs does not work with puppet agent. This issue was observed with Puppet 2.7.12, but I do not believe it is a regression. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
