Here's the trace: puppetd -t --trace --debug debug: Failed to load library 'selinux' for feature 'selinux' debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does not exist debug: Puppet::Type::User::ProviderLdap: true value when expecting false debug: Puppet::Type::User::ProviderPw: file pw does not exist debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/ dscl does not exist debug: Failed to load library 'ldap' for feature 'ldap' debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/ ssl] debug: /File[/var/puppet/run]: Autorequiring File[/var/puppet] debug: /File[/var/puppet/facts]: Autorequiring File[/var/puppet] debug: /File[/var/puppet/state/state.yaml]: Autorequiring File[/var/ puppet/state] debug: /File[/var/puppet/client_yaml]: Autorequiring File[/var/puppet] debug: /File[/var/puppet/state/graphs]: Autorequiring File[/var/puppet/ state] debug: /File[/var/puppet/lib]: Autorequiring File[/var/puppet] debug: /File[/etc/puppet/ssl/certs/client.dev.domain.com.pem]: Autorequiring File[/etc/puppet/ssl/certs] debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet] debug: /File[/var/puppet/run/puppetd.pid]: Autorequiring File[/var/ puppet/run] debug: /File[/etc/puppet/ssl/private_keys/client.dev.domain.com.pem]: Autorequiring File[/etc/puppet/ssl/private_keys] debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring File[/etc/puppet/ssl] debug: /File[/var/puppet/clientbucket]: Autorequiring File[/var/ puppet] debug: /File[/var/puppet/state]: Autorequiring File[/var/puppet] debug: /File[/var/puppet/log]: Autorequiring File[/var/puppet] debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/ ssl] debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet] debug: /File[/var/puppet/state/classes.txt]: Autorequiring File[/var/ puppet/state] debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring File[/etc/ puppet/ssl] debug: /File[/etc/puppet/ssl/public_keys/client.dev.domain.com.pem]: Autorequiring File[/etc/puppet/ssl/public_keys] debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring File[/etc/ puppet/ssl] debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring File[/etc/ puppet/ssl/certs] debug: Finishing transaction -608390318 with 0 changes debug: Using cached certificate for ca, good until Fri Jul 24 15:20:05 UTC 2015 debug: Using cached certificate for client.dev.domain.com, good until Fri Jul 24 15:21:11 UTC 2015 debug: Loaded state in 1.08 seconds debug: Using cached certificate for ca, good until Fri Jul 24 15:20:05 UTC 2015 debug: Using cached certificate for client.dev.domain.com, good until Fri Jul 24 15:21:11 UTC 2015 /usr/lib/ruby/1.8/net/http.rb:586:in `connect' /usr/lib/ruby/1.8/net/http.rb:586:in `connect' /usr/lib/ruby/1.8/net/http.rb:553:in `do_start' /usr/lib/ruby/1.8/net/http.rb:542:in `start' /usr/lib/ruby/1.8/net/http.rb:1035:in `request' /usr/lib/ruby/1.8/net/http.rb:772:in `get' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:69:in `find' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:195:in `find' /usr/lib/ruby/site_ruby/1.8/puppet/indirector.rb:51:in `find' /usr/lib/ruby/site_ruby/1.8/puppet/ssl/host.rb:208:in `ssl_store' /usr/lib/ruby/site_ruby/1.8/puppet/network/http_pool.rb:56:in `cert_setup' /usr/lib/ruby/site_ruby/1.8/puppet/network/http_pool.rb:100:in `http_instance' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:65:in `network' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:69:in `find' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:195:in `find' /usr/lib/ruby/site_ruby/1.8/puppet/indirector.rb:51:in `find' /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:106:in `retrieve_catalog' /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:418:in `thinmark' /usr/lib/ruby/gems/1.8/gems/activesupport-2.3.2/lib/active_support/ core_ext/benchmark.rb:10:in `realtime' /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:417:in `thinmark' /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:105:in `retrieve_catalog' /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:162:in `run' /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:53:in `run' /usr/lib/ruby/site_ruby/1.8/puppet/agent/locker.rb:21:in `lock' /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:53:in `run' /usr/lib/ruby/1.8/sync.rb:230:in `synchronize' /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:53:in `run' /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:134:in `with_client' /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:51:in `run' /usr/lib/ruby/site_ruby/1.8/puppet/application/puppetd.rb:103:in `onetime' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in `send' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in `run_command' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in `run' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:306:in `exit_on_fail' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in `run' /usr/sbin/puppetd:159 err: Could not retrieve catalog from remote server: certificate verify failed warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run
On Jul 26, 11:31 am, CraftyTech <[email protected]> wrote: > The times are in Sync via NTP. The SSL are in default location as I > didn't define it in puppet.conf. I basically deleted /etc/puppet/ > ssl, /var/lib/puppet/ssl, Did: puppetca --revoke --all, puppetca -- > clean --all... and still "certificate verify failed" !!. At this > point, I'm willing to start from scratch. Is there anything else I > can do to reset my ssl config? This is what's running now on > puppetmaster: > puppetmasterd --genconfig | grep ssl > # ldapssl = false > ssl_client_header = SSL_CLIENT_S_DN > ssl_client_verify_header = SSL_CLIENT_VERIFY > # The default value is '$confdir/ssl'. > ssldir = /etc/puppet/ssl > # The default value is '$ssldir/private_keys'. > privatekeydir = /etc/puppet/ssl/private_keys > # The default value is '$ssldir/csr_$certname.pem'. > hostcsr = /etc/puppet/ssl/csr_hostname.dev.hostname-fqdn.com.pem > hostpubkey = /etc/puppet/ssl/public_keys/hostname.dev.hostname- > fqdn.com.pem > # The default value is '$ssldir/public_keys'. > publickeydir = /etc/puppet/ssl/public_keys > # The default value is '$ssldir/private'. > privatedir = /etc/puppet/ssl/private > hostcert = /etc/puppet/ssl/certs/hostname.dev.hostname- > fqdn.com.pem > localcacert = /etc/puppet/ssl/certs/ca.pem > # The default value is '$ssldir/certs'. > certdir = /etc/puppet/ssl/certs > # The default value is '$ssldir/certificate_requests'. > requestdir = /etc/puppet/ssl/certificate_requests > passfile = /etc/puppet/ssl/private/password > hostprivkey = /etc/puppet/ssl/private_keys/hostname-FQDN.com.pem > # The default value is '$ssldir/crl.pem'. > hostcrl = /etc/puppet/ssl/crl.pem > capass = /etc/puppet/ssl/ca/private/ca.pass > # The default value is '$ssldir/ca'. > cadir = /etc/puppet/ssl/ca > capub = /etc/puppet/ssl/ca/ca_pub.pem > csrdir = /etc/puppet/ssl/ca/requests > serial = /etc/puppet/ssl/ca/serial > cacert = /etc/puppet/ssl/ca/ca_crt.pem > cacrl = /etc/puppet/ssl/ca/ca_crl.pem > signeddir = /etc/puppet/ssl/ca/signed > cert_inventory = /etc/puppet/ssl/ca/inventory.txt > cakey = /etc/puppet/ssl/ca/ca_key.pem > caprivatedir = /etc/puppet/ssl/ca/private > > Thanks, > > HEnry > > On Jul 26, 10:11 am, mohit chawla <[email protected]> > wrote: > > > > > I can think of two things - date/time mismatch at server & client. And why > > aren't the certificates in /var/lib/puppet (for puppetmaster) ? > > > On Mon, Jul 26, 2010 at 7:30 PM, CraftyTech <[email protected]> wrote: > > > Hello All, > > > > So it turns out that after the upgrade and subsequent rollback > > > from 2.6, I can't get clients to connect to puppetserver anymore. > > > Something got broken with the ssl and I'm having a tough time > > > identifying the problem. So far, I've tried puppetca --clean all (and > > > hostname specific), I even deleted the /etc/puppet/ssl on both client > > > and server, and still verified failed. These are the steps that I > > > follow, in order to test: > > > On server: puppetca --clean hostname > > > On client: puppetd -t --waitforcert 20 > > > On server: puppetca -l (it shows the client's FQDN) > > > On server: puppetca -s "client's FQDN" > > > On client: certificate verified failed !! > > > > Here's a sample trace/debug: > > > > puppetd -t --trace --debug > > > debug: Failed to load library 'selinux' for feature 'selinux' > > > debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does > > > not exist > > > debug: Puppet::Type::User::ProviderLdap: true value when expecting > > > false > > > debug: Puppet::Type::User::ProviderPw: file pw does not exist > > > debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/ > > > dscl does not exist > > > debug: Failed to load library 'ldap' for feature 'ldap' > > > debug: /File[/var/puppet/run/puppetd.pid]: Autorequiring File[/var/ > > > puppet/run] > > > debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring File[/etc/ > > > puppet/ssl] > > > debug: /File[/var/puppet/state/classes.txt]: Autorequiring File[/var/ > > > puppet/state] > > > debug: /File[/var/puppet/log]: Autorequiring File[/var/puppet] > > > debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet] > > > debug: /File[/var/puppet/state/state.yaml]: Autorequiring File[/var/ > > > puppet/state] > > > debug: /File[/var/puppet/client_yaml]: Autorequiring File[/var/puppet] > > > debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring File[/etc/ > > > puppet/ssl/certs] > > > debug: /File[/etc/puppet/ssl/public_keys/ > > > henry_medina.dev.instinet.com.pem]: Autorequiring File[/etc/ > > > puppet/ ssl/ > > > public_keys] > > > debug: /File[/var/puppet/run]: Autorequiring File[/var/puppet] > > > debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/ > > > ssl] > > > debug: /File[/var/puppet/state/graphs]: Autorequiring File[/var/puppet/ > > > state] > > > debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet] > > > debug: /File[/var/puppet/state]: Autorequiring File[/var/puppet] > > > debug: /File[/var/puppet/facts]: Autorequiring File[/var/puppet] > > > debug: /File[/var/puppet/lib]: Autorequiring File[/var/puppet] > > > debug: /File[/var/puppet/clientbucket]: Autorequiring File[/var/ > > > puppet] > > > debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring File[/etc/ > > > puppet/ssl] > > > debug: /File[/etc/puppet/ssl/private_keys/ > > > henry_medina.dev.instinet.com.pem]: Autorequiring File[/etc/ > > > puppet /ssl/ > > > private_keys] > > > debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring > > > File[/etc/puppet/ssl] > > > debug: /File[/etc/puppet/ssl/certs/henry_medina.dev.instinet.com.pem]: > > > Autorequiring File[/etc/puppet/ssl/ > > > ce rts] > > > debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/ > > > ssl] > > > debug: Finishing transaction -608024118 with 0 changes > > > debug: Using cached certificate for ca, good until Fri Jul 24 13:14:41 > > > UTC 2015 > > > debug: Using cached certificate for henry_medina.dev.instinet.com, > > > good until Fri Jul 24 13:39:58 UTC 2015 > > > notice: Ignoring --listen on onetime run > > > debug: Loaded state in 0.68 seconds > > > debug: Using cached certificate for ca, good until Fri Jul 24 13:14:41 > > > UTC 2015 > > > debug: Using cached certificate for henry_medina.dev.instinet.com, > > > good until Fri Jul 24 13:39:58 UTC 2015 > > > /usr/lib/ruby/1.8/net/http.rb:586:in `connect' > > > /usr/lib/ruby/1.8/net/http.rb:586:in `connect' > > > /usr/lib/ruby/1.8/net/http.rb:553:in `do_start' > > > /usr/lib/ruby/1.8/net/http.rb:542:in `start' > > > /usr/lib/ruby/1.8/net/http.rb:1035:in `request' > > > /usr/lib/ruby/1.8/net/http.rb:772:in `get' > > > /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:69:in `find' > > > /usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:195:in > > > `find' > > > /usr/lib/ruby/site_ruby/1.8/puppet/indirector.rb:51:in `find' > > > /usr/lib/ruby/site_ruby/1.8/puppet/ssl/host.rb:208:in `ssl_store' > > > /usr/lib/ruby/site_ruby/1.8/puppet/network/http_pool.rb:56:in > > > `cert_setup' > > > /usr/lib/ruby/site_ruby/1.8/puppet/network/http_pool.rb:100:in > > > `http_instance' > > > /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:65:in `network' > > > /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:69:in `find' > > > /usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:195:in > > > `find' > > > /usr/lib/ruby/site_ruby/1.8/puppet/indirector.rb:51:in `find' > > > /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:106:in > > > `retrieve_catalog' > > > /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:418:in `thinmark' > > > /usr/lib/ruby/gems/1.8/gems/activesupport-2.3.2/lib/active_support/ > > > core_ext/benchmark.rb:10:in `realtime' > > > /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:417:in `thinmark' > > > /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:105:in > > > `retrieve_catalog' > > > /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:162:in `run' > > > /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:53:in `run' > > > /usr/lib/ruby/site_ruby/1.8/puppet/agent/locker.rb:21:in `lock' > > > /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:53:in `run' > > > /usr/lib/ruby/1.8/sync.rb:230:in `synchronize' > > > /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:53:in `run' > > > /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:134:in `with_client' > > > /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:51:in `run' > > > /usr/lib/ruby/site_ruby/1.8/puppet/application/puppetd.rb:103:in > > > `onetime' > > > /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in `send' > > > /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in `run_command' > > > /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in `run' > > > /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:306:in > > > `exit_on_fail' > > > /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in `run' > > > /usr/sbin/puppetd:159 > > > err: Could not retrieve catalog from remote server: certificate verify > > > failed > > > warning: Not using cache on failed catalog > > > err: Could not retrieve catalog; skipping run > > > > Any ideas guys? > > > > -- > > > You received this message because you are subscribed to the Google Groups > > > "Puppet Users" group. > > > To post to this group, send email to [email protected]. > > > To unsubscribe from this group, send email to > > > [email protected]<puppet-users%2bunsubscr...@google > > > groups.com> > > > . > > > For more options, visit this group at > > >http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
