ugh… disregard the above. i blew away the /etc/puppet and /var/lib/puppet directories on the client, regenerated certs again on the server, and they're talking again. thanks, all.
On Sep 4, 11:11 pm, nate <[email protected]> wrote: > quick followup… > > i've wiped /etc/puppet/ssl and /var/lib/puppet/ssl on the server. > firing up puppetmasterd properly signs its own cert. that should give > me a clean slate there, correct? > > on the client, i did the same. requesting a cert with puppetd -d -v -- > no-daemonize --test --waitforcert 60 produces the following: > > err: Could not retrieve catalog from remote server: Retrieved > certificate does not match private key; please remove certificate from > server and regenerate it with the current key > warning: Not using cache on failed catalog > err: Could not retrieve catalog; skipping run > > so… what's cached here, and where do i resolve this? how do i > regenerate the cert with the current key, and which key is it talking > about here? > > On Sep 4, 10:55 pm, nate <[email protected]> wrote: > > > > > i'm testing things here and had to change the hostname of my > > puppetmaster VM. pointing a client to it generates "info: Could not > > find certificate for 'host.domain.com'" errors on the master and the > > following on the client: > > > debug: Using cached certificate for ca > > warning: peer certificate won't be verified in this SSL session > > > puppetmaster is running centos 5.4 with puppet 0.25.5. the client > > right now is os x running puppet 2.6, but i have the same issues with > > another centos VM and 0.25.5. > > > so i tarred up the /var/puppet directory on the client, recreated it, > > successfully requested a cert again, signed it on the master, then got > > the following from the client: > > > debug: OpenSSL: Error(19): self signed certificate in certificate > > chain > > debug: OpenSSL: Cert: /CN=ca > > /Library/Ruby/Site/1.8/puppet/network/http_pool.rb:68: [BUG] > > Segmentation fault > > ruby 1.8.7 (2009-06-12 patchlevel 174) [universal-darwin10.0] > > > on the master, i'm getting webrick errors like so: > > > [2010-09-04 22:51:07] DEBUG close: 10.11.10.99:50292 > > [2010-09-04 22:51:08] DEBUG accept: 10.11.10.99:50293 > > [2010-09-04 22:51:09] ERROR OpenSSL::SSL::SSLError: > > /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:44:in > > `accept' > > /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:44:in > > `listen' > > /usr/lib/ruby/1.8/webrick/server.rb:173:in `call' > > /usr/lib/ruby/1.8/webrick/server.rb:173:in `start_thread' > > /usr/lib/ruby/1.8/webrick/server.rb:162:in `start' > > /usr/lib/ruby/1.8/webrick/server.rb:162:in `start_thread' > > /usr/lib/ruby/1.8/webrick/server.rb:95:in `start' > > /usr/lib/ruby/1.8/webrick/server.rb:92:in `each' > > /usr/lib/ruby/1.8/webrick/server.rb:92:in `start' > > /usr/lib/ruby/1.8/webrick/server.rb:23:in `start' > > /usr/lib/ruby/1.8/webrick/server.rb:82:in `start' > > /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:42:in > > `listen' > > /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in > > `initialize' > > /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in > > `new' > > /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in > > `listen' > > /usr/lib/ruby/1.8/thread.rb:135:in `synchronize' > > /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:38:in > > `listen' > > /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:131:in `listen' > > /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:146:in `start' > > /usr/lib/ru > > > after the hostname change, what's the best way to wipe the slate > > clean? the setup has worked for me recently. i'd just like to get back > > to a working state. thanks for any help. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
