I saw this feature became available in 2.7.0rc1 and wanted to try it out. I entered 'allow_duplicate_certs = true' on both my master and agent systems in the puppet.conf (not sure if its need in both, saw it in genconf for puppetd and puppetmasterd though ...). I also have autosign.conf configured to allow autosigning for our domain (*.domain.com). I had my agent register with the master for the first time, works good (always has ;). Now on my agent I removed the ssl directory. Do another test run, it generates new certs on the agent system and tries to communicate with the master. I then receive the following error on the agent:
info: /User[puppet]: Provider useradd does not support features manages_aix_lam; not managing attribute ia_load_module info: /File[/etc/puppet/ssl]: Scheduling refresh of (completed_/etc/ puppet/ssl) notice: /Whit[completed_/etc/puppet/ssl]: Triggered 'refresh' from 1 events info: /File[/etc/puppet/ssl/private]: Scheduling refresh of (completed_/etc/puppet/ssl/private) notice: /Whit[completed_/etc/puppet/ssl/private]: Triggered 'refresh' from 1 events info: /File[/etc/puppet/ssl/certs]: Scheduling refresh of (completed_/ etc/puppet/ssl/certs) info: /File[/etc/puppet/ssl/certificate_requests]: Scheduling refresh of (completed_/etc/puppet/ssl/certificate_requests) notice: /Whit[completed_/etc/puppet/ssl/certificate_requests]: Triggered 'refresh' from 1 events info: /File[/etc/puppet/ssl/private_keys]: Scheduling refresh of (completed_/etc/puppet/ssl/private_keys) notice: /Whit[completed_/etc/puppet/ssl/private_keys]: Triggered 'refresh' from 1 events info: /File[/etc/puppet/ssl/public_keys]: Scheduling refresh of (completed_/etc/puppet/ssl/public_keys) notice: /Whit[completed_/etc/puppet/ssl/public_keys]: Triggered 'refresh' from 1 events notice: /Whit[completed_/etc/puppet/ssl/certs]: Triggered 'refresh' from 1 events info: Creating a new SSL key for XXX warning: peer certificate won't be verified in this SSL session info: Caching certificate for ca warning: peer certificate won't be verified in this SSL session info: Caching certificate for XXX err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key Exiting; failed to retrieve certificate and waitforcert is disabled I guess I was expecting for this to work fine when 'allow_duplicate_certs = true'. Maybe I misconfigured something? Maybe I'm misunderstanding how allow_duplicate_certs behaves? Thanks! Jake -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.