OK This is why I took you down the path I did. Essentially what you want to have happen is the client should generate its own cert and during its first interaction with the master get it signed by the master.
On Tue, Apr 10, 2012 at 12:17 PM, Kaya Saman <kayasa...@gmail.com> wrote: > Again more weirdness as running: > > puppetca --clean pc.jabber.com on server yields client to respond with: > > [root@pc puppet]# puppet agent --waitforcert=1 > Forgot the --test invocation. What that command line does is start the agent as a daemon and wait for the master to sign its cert. Kill off the agent : ps -ef | grep agent <note the pid> kill -9 <pid> clean out the ssl dirs that exist on the client kill off the cert on the master puppet agent --test --waitforcert=1 That should get it for you... [root@pc puppet]# puppet agent --test > err: Could not request certificate: Retrieved certificate does not > match private key; please remove certificate from server and > regenerate it with the current key > Exiting; failed to retrieve certificate and waitforcert is disabled > > ?? > > How do I regenerate the certificate with the current key? > > > puppet -t creates a new cert but how does that function with key? > > > > Regards > > > On Tue, Apr 10, 2012 at 4:37 PM, Kaya Saman <kayasa...@gmail.com> wrote: > > It's the Puppet OVF learn.localdomain Puppet image I downloaded from > > the puppetlabs website! > > > > Here is URL: > > > > http://docs.puppetlabs.com/learning/ > > > > > > http://info.puppetlabs.com/download-learning-puppet-VM.html > > > > > > It's a CentOS based system but stores Puppet in /opt/puppet rather > > then your typical local install. > > > > I've got a FreeBSD clean Puppet server too which is unconfigured as of > > yet so just waiting to get this running before I move on to something > > more complex. > > > > > > Regards, > > > > > > Kaya > > > > > > On Tue, Apr 10, 2012 at 4:34 PM, Peter Berghold <salty.cowd...@gmail.com> > wrote: > >> Eh? What platform are you running on and why /etc/puppetlabs? > >> > >> > >> > >> > >> On Tue, Apr 10, 2012 at 11:31 AM, Kaya Saman <kayasa...@gmail.com> > wrote: > >>> > >>> Ok quick update... turns out the signed dir was in a different > location: > >>> > >>> /etc/puppetlabs/puppet/ssl/ca/signed > >>> > >>> > >>> I rectified that part but now a bit lost! > >>> > >>> > >>> On Tue, Apr 10, 2012 at 4:25 PM, Kaya Saman <kayasa...@gmail.com> > wrote: > >>> > On the server I get this error: > >>> > > >>> > cd /etc/puppet/ssl/ca/signed > >>> > -bash: cd: /etc/puppet/ssl/ca/signed: No such file or directory > >>> > > >>> > > >>> > The output of puppet agent --waitforcert=1 > >>> > > >>> > > >>> > [root@pc puppet]# puppet agent --waitforcert=1 > >>> > [root@pc puppet]# > >>> > > >>> > > >>> > Is this correct? > >>> > > >>> > > >>> > On Tue, Apr 10, 2012 at 4:15 PM, Peter Berghold > >>> > <salty.cowd...@gmail.com> wrote: > >>> >> Try the following: > >>> >> > >>> >> On the puppet master host: > >>> >> > >>> >> cd /etc/puppet/ssl/ca/signed and remove the signed cert you > generated > >>> >> before. > >>> >> > >>> >> On the client host (where you're running the agent) > >>> >> > >>> >> cd /var/lib/puppet and remove any ssl directory you find there. > >>> >> cd /etc/puppet and remove any ssl directory you see there. > >>> >> run puppet agent --waitforcert=1 > >>> >> > >>> >> > >>> >> On the puppet master host puppetca --sign pc.jabber.com > >>> >> > >>> >> Puppet's built in SSL can be a bit fussy... > >>> >> > >>> >> > >>> >> > >>> >> On Tue, Apr 10, 2012 at 11:09 AM, Kaya Saman <kayasa...@gmail.com> > >>> >> wrote: > >>> >>> > >>> >>> This is the output of all host based commands: > >>> >>> > >>> >>> [root@pc ~]# uname -a > >>> >>> Linux pc.jabber.com 3.3.0-4.fc16.x86_64 #1 SMP Tue Mar 20 > 18:05:40 UTC > >>> >>> 2012 x86_64 x86_64 x86_64 GNU/Linux > >>> >>> > >>> >>> [root@pc ~]# hostname -a > >>> >>> pc > >>> >>> > >>> >>> [root@pc ~]# facter fqdn > >>> >>> pc.jabber.com > >>> >>> > >>> >>> > >>> >>> Regards, > >>> >>> > >>> >>> Kaya > >>> >>> > >>> >>> > >>> >>> > >>> >>> On Tue, Apr 10, 2012 at 4:01 PM, Peter Berghold > >>> >>> <salty.cowd...@gmail.com> > >>> >>> wrote: > >>> >>> > > >>> >>> > > >>> >>> > On Tue, Apr 10, 2012 at 10:19 AM, Kaya Saman < > kayasa...@gmail.com> > >>> >>> > wrote: > >>> >>> >> > >>> >>> >> > >>> >>> >> err: Could not send report: hostname was not match with the > server > >>> >>> >> certificate > >>> >>> >> > >>> >>> >> > >>> >>> > > >>> >>> > > >>> >>> > on the client run the command > >>> >>> > > >>> >>> > facter fqdn > >>> >>> > > >>> >>> > what does the host think its name is? > >>> >>> > > >>> >>> > > >>> >>> > > >>> >>> > > >>> >>> > > >>> >>> > -- > >>> >>> > Peter L. Berghold > >>> >>> > Owner, Shark River Technical Solutions LLC > >>> >>> > > >>> >>> > -- > >>> >>> > You received this message because you are subscribed to the > Google > >>> >>> > Groups > >>> >>> > "Puppet Users" group. > >>> >>> > To post to this group, send email to > puppet-users@googlegroups.com. > >>> >>> > To unsubscribe from this group, send email to > >>> >>> > puppet-users+unsubscr...@googlegroups.com. > >>> >>> > For more options, visit this group at > >>> >>> > http://groups.google.com/group/puppet-users?hl=en. > >>> >>> > >>> >>> -- > >>> >>> You received this message because you are subscribed to the Google > >>> >>> Groups > >>> >>> "Puppet Users" group. > >>> >>> To post to this group, send email to puppet-users@googlegroups.com > . > >>> >>> To unsubscribe from this group, send email to > >>> >>> puppet-users+unsubscr...@googlegroups.com. > >>> >>> For more options, visit this group at > >>> >>> http://groups.google.com/group/puppet-users?hl=en. > >>> >>> > >>> >> > >>> >> > >>> >> > >>> >> -- > >>> >> Peter L. Berghold > >>> >> Owner, Shark River Technical Solutions LLC > >>> >> > >>> >> -- > >>> >> You received this message because you are subscribed to the Google > >>> >> Groups > >>> >> "Puppet Users" group. > >>> >> To post to this group, send email to puppet-users@googlegroups.com. > >>> >> To unsubscribe from this group, send email to > >>> >> puppet-users+unsubscr...@googlegroups.com. > >>> >> For more options, visit this group at > >>> >> http://groups.google.com/group/puppet-users?hl=en. > >>> > >>> -- > >>> You received this message because you are subscribed to the Google > Groups > >>> "Puppet Users" group. > >>> To post to this group, send email to puppet-users@googlegroups.com. > >>> To unsubscribe from this group, send email to > >>> puppet-users+unsubscr...@googlegroups.com. > >>> For more options, visit this group at > >>> http://groups.google.com/group/puppet-users?hl=en. > >>> > >> > >> > >> > >> -- > >> Peter L. Berghold > >> Owner, Shark River Technical Solutions LLC > >> > >> -- > >> You received this message because you are subscribed to the Google > Groups > >> "Puppet Users" group. > >> To post to this group, send email to puppet-users@googlegroups.com. > >> To unsubscribe from this group, send email to > >> puppet-users+unsubscr...@googlegroups.com. > >> For more options, visit this group at > >> http://groups.google.com/group/puppet-users?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- Peter L. Berghold Owner, Shark River Technical Solutions LLC -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
