Nevermind... figured it out... shot myself in the foot big time.
I have a centralized puppet.conf file that I distribute. That's a good thing. Unfortunately in my haste I made a big time mistake and all of the puppet.conf files are pointing to a set of cert files for the repository (puppet master) and not themselves. DOH!! On Jun 29, 2:39 pm, [email protected] wrote: > OK... > > I started seeing some issues with the certificates between my clients and > the puppetmaster. So I went ahead and removed puppet from the clients and > cleaned up /var/lib/puppet and /etc/puppet. Then I reinstalled puppet, > signed the new cert and things seemed to go OK after that. > > Then the shocker the second run started to fail and i have this message: > > [r...@atlcnag0 ~]# puppetd --test > err: Could not request certificate: Retrieved certificate does not match > private key; please remove certificate from server and regenerate it with > the current key > Exiting; failed to retrieve certificate and waitforcert is disabled > [r...@atlcnag0 ~]# puppetd --test --waitforcert 5 > err: Could not request certificate: Retrieved certificate does not match > private key; please remove certificate from server and regenerate it with > the current key > notice: Run of Puppet configuration client already in progress; skipping > > Now... the one thing I can think of that might contribute to this could be > the fact of how I set up my systems. This is going to take some explaining: > > the hostname (in this case) for the cilent is atlcnag0. It's DNS entry (for > its main interface) is atlcnag0-eth0 and there is a CNAME pointing back to > its hostname (later there may well be more than one IP address associated > with that name) which I didn't think should cause problems, but maybe it is. > > Any thoughts? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
