I can think of two things - date/time mismatch at server & client. And why aren't the certificates in /var/lib/puppet (for puppetmaster) ?
On Mon, Jul 26, 2010 at 7:30 PM, CraftyTech <[email protected]> wrote: > Hello All, > > So it turns out that after the upgrade and subsequent rollback > from 2.6, I can't get clients to connect to puppetserver anymore. > Something got broken with the ssl and I'm having a tough time > identifying the problem. So far, I've tried puppetca --clean all (and > hostname specific), I even deleted the /etc/puppet/ssl on both client > and server, and still verified failed. These are the steps that I > follow, in order to test: > On server: puppetca --clean hostname > On client: puppetd -t --waitforcert 20 > On server: puppetca -l (it shows the client's FQDN) > On server: puppetca -s "client's FQDN" > On client: certificate verified failed !! > > Here's a sample trace/debug: > > puppetd -t --trace --debug > debug: Failed to load library 'selinux' for feature 'selinux' > debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does > not exist > debug: Puppet::Type::User::ProviderLdap: true value when expecting > false > debug: Puppet::Type::User::ProviderPw: file pw does not exist > debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/ > dscl does not exist > debug: Failed to load library 'ldap' for feature 'ldap' > debug: /File[/var/puppet/run/puppetd.pid]: Autorequiring File[/var/ > puppet/run] > debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring File[/etc/ > puppet/ssl] > debug: /File[/var/puppet/state/classes.txt]: Autorequiring File[/var/ > puppet/state] > debug: /File[/var/puppet/log]: Autorequiring File[/var/puppet] > debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet] > debug: /File[/var/puppet/state/state.yaml]: Autorequiring File[/var/ > puppet/state] > debug: /File[/var/puppet/client_yaml]: Autorequiring File[/var/puppet] > debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring File[/etc/ > puppet/ssl/certs] > debug: /File[/etc/puppet/ssl/public_keys/ > henry_medina.dev.instinet.com.pem]: Autorequiring File[/etc/ > puppet/ ssl/ > public_keys] > debug: /File[/var/puppet/run]: Autorequiring File[/var/puppet] > debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/ > ssl] > debug: /File[/var/puppet/state/graphs]: Autorequiring File[/var/puppet/ > state] > debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet] > debug: /File[/var/puppet/state]: Autorequiring File[/var/puppet] > debug: /File[/var/puppet/facts]: Autorequiring File[/var/puppet] > debug: /File[/var/puppet/lib]: Autorequiring File[/var/puppet] > debug: /File[/var/puppet/clientbucket]: Autorequiring File[/var/ > puppet] > debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring File[/etc/ > puppet/ssl] > debug: /File[/etc/puppet/ssl/private_keys/ > henry_medina.dev.instinet.com.pem]: Autorequiring File[/etc/ > puppet /ssl/ > private_keys] > debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring > File[/etc/puppet/ssl] > debug: /File[/etc/puppet/ssl/certs/henry_medina.dev.instinet.com.pem]: > Autorequiring File[/etc/puppet/ssl/ > ce rts] > debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/ > ssl] > debug: Finishing transaction -608024118 with 0 changes > debug: Using cached certificate for ca, good until Fri Jul 24 13:14:41 > UTC 2015 > debug: Using cached certificate for henry_medina.dev.instinet.com, > good until Fri Jul 24 13:39:58 UTC 2015 > notice: Ignoring --listen on onetime run > debug: Loaded state in 0.68 seconds > debug: Using cached certificate for ca, good until Fri Jul 24 13:14:41 > UTC 2015 > debug: Using cached certificate for henry_medina.dev.instinet.com, > good until Fri Jul 24 13:39:58 UTC 2015 > /usr/lib/ruby/1.8/net/http.rb:586:in `connect' > /usr/lib/ruby/1.8/net/http.rb:586:in `connect' > /usr/lib/ruby/1.8/net/http.rb:553:in `do_start' > /usr/lib/ruby/1.8/net/http.rb:542:in `start' > /usr/lib/ruby/1.8/net/http.rb:1035:in `request' > /usr/lib/ruby/1.8/net/http.rb:772:in `get' > /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:69:in `find' > /usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:195:in > `find' > /usr/lib/ruby/site_ruby/1.8/puppet/indirector.rb:51:in `find' > /usr/lib/ruby/site_ruby/1.8/puppet/ssl/host.rb:208:in `ssl_store' > /usr/lib/ruby/site_ruby/1.8/puppet/network/http_pool.rb:56:in > `cert_setup' > /usr/lib/ruby/site_ruby/1.8/puppet/network/http_pool.rb:100:in > `http_instance' > /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:65:in `network' > /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:69:in `find' > /usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:195:in > `find' > /usr/lib/ruby/site_ruby/1.8/puppet/indirector.rb:51:in `find' > /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:106:in > `retrieve_catalog' > /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:418:in `thinmark' > /usr/lib/ruby/gems/1.8/gems/activesupport-2.3.2/lib/active_support/ > core_ext/benchmark.rb:10:in `realtime' > /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:417:in `thinmark' > /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:105:in > `retrieve_catalog' > /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:162:in `run' > /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:53:in `run' > /usr/lib/ruby/site_ruby/1.8/puppet/agent/locker.rb:21:in `lock' > /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:53:in `run' > /usr/lib/ruby/1.8/sync.rb:230:in `synchronize' > /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:53:in `run' > /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:134:in `with_client' > /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:51:in `run' > /usr/lib/ruby/site_ruby/1.8/puppet/application/puppetd.rb:103:in > `onetime' > /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in `send' > /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in `run_command' > /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in `run' > /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:306:in > `exit_on_fail' > /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in `run' > /usr/sbin/puppetd:159 > err: Could not retrieve catalog from remote server: certificate verify > failed > warning: Not using cache on failed catalog > err: Could not retrieve catalog; skipping run > > > Any ideas guys? > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<puppet-users%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
