Here is what I would suggest.
Clean the /var/lib/puppet directory on both server as well as client.
And then restart puppetmaster on the server.
# puppetd --server your.servername.com --waitforcert 60 --test
Then check on server
# puppetca --list
You can see the list of the client
# puppetca --sign client-name.fqdn
Then run this command on client
# puppet agent --test
I know you have did the same for n times and another thing is that
check both the date and time whether it is proper or not on both
server and client while performing the above test.
if any error let me know.
On Tuesday 10 April 2012 10:51:00 PM IST, Peter Berghold wrote:
OK
This is why I took you down the path I did. Essentially what you
want to have happen is the client should generate its own cert and
during its first interaction with the master get it signed by the master.
On Tue, Apr 10, 2012 at 12:17 PM, Kaya Saman <kayasa...@gmail.com
<mailto:kayasa...@gmail.com>> wrote:
Again more weirdness as running:
puppetca --clean pc.jabber.com <http://pc.jabber.com> on server
yields client to respond with:
[root@pc puppet]# puppet agent --waitforcert=1
Forgot the --test invocation. What that command line does is start
the agent as a daemon and wait for the master to sign its cert.
Kill off the agent :
ps -ef | grep agent
<note the pid>
kill -9 <pid>
clean out the ssl dirs that exist on the client
kill off the cert on the master
puppet agent --test --waitforcert=1
That should get it for you...
[root@pc puppet]# puppet agent --test
err: Could not request certificate: Retrieved certificate does not
match private key; please remove certificate from server and
regenerate it with the current key
Exiting; failed to retrieve certificate and waitforcert is disabled
??
How do I regenerate the certificate with the current key?
puppet -t creates a new cert but how does that function with key?
Regards
On Tue, Apr 10, 2012 at 4:37 PM, Kaya Saman <kayasa...@gmail.com
<mailto:kayasa...@gmail.com>> wrote:
> It's the Puppet OVF learn.localdomain Puppet image I downloaded from
> the puppetlabs website!
>
> Here is URL:
>
> http://docs.puppetlabs.com/learning/
>
>
> http://info.puppetlabs.com/download-learning-puppet-VM.html
>
>
> It's a CentOS based system but stores Puppet in /opt/puppet rather
> then your typical local install.
>
> I've got a FreeBSD clean Puppet server too which is unconfigured
as of
> yet so just waiting to get this running before I move on to
something
> more complex.
>
>
> Regards,
>
>
> Kaya
>
>
> On Tue, Apr 10, 2012 at 4:34 PM, Peter Berghold
<salty.cowd...@gmail.com <mailto:salty.cowd...@gmail.com>> wrote:
>> Eh? What platform are you running on and why /etc/puppetlabs?
>>
>>
>>
>>
>> On Tue, Apr 10, 2012 at 11:31 AM, Kaya Saman
<kayasa...@gmail.com <mailto:kayasa...@gmail.com>> wrote:
>>>
>>> Ok quick update... turns out the signed dir was in a different
location:
>>>
>>> /etc/puppetlabs/puppet/ssl/ca/signed
>>>
>>>
>>> I rectified that part but now a bit lost!
>>>
>>>
>>> On Tue, Apr 10, 2012 at 4:25 PM, Kaya Saman
<kayasa...@gmail.com <mailto:kayasa...@gmail.com>> wrote:
>>> > On the server I get this error:
>>> >
>>> > cd /etc/puppet/ssl/ca/signed
>>> > -bash: cd: /etc/puppet/ssl/ca/signed: No such file or directory
>>> >
>>> >
>>> > The output of puppet agent --waitforcert=1
>>> >
>>> >
>>> > [root@pc puppet]# puppet agent --waitforcert=1
>>> > [root@pc puppet]#
>>> >
>>> >
>>> > Is this correct?
>>> >
>>> >
>>> > On Tue, Apr 10, 2012 at 4:15 PM, Peter Berghold
>>> > <salty.cowd...@gmail.com <mailto:salty.cowd...@gmail.com>>
wrote:
>>> >> Try the following:
>>> >>
>>> >> On the puppet master host:
>>> >>
>>> >> cd /etc/puppet/ssl/ca/signed and remove the signed cert you
generated
>>> >> before.
>>> >>
>>> >> On the client host (where you're running the agent)
>>> >>
>>> >> cd /var/lib/puppet and remove any ssl directory you find
there.
>>> >> cd /etc/puppet and remove any ssl directory you see there.
>>> >> run puppet agent --waitforcert=1
>>> >>
>>> >>
>>> >> On the puppet master host puppetca --sign pc.jabber.com
<http://pc.jabber.com>
>>> >>
>>> >> Puppet's built in SSL can be a bit fussy...
>>> >>
>>> >>
>>> >>
>>> >> On Tue, Apr 10, 2012 at 11:09 AM, Kaya Saman
<kayasa...@gmail.com <mailto:kayasa...@gmail.com>>
>>> >> wrote:
>>> >>>
>>> >>> This is the output of all host based commands:
>>> >>>
>>> >>> [root@pc ~]# uname -a
>>> >>> Linux pc.jabber.com <http://pc.jabber.com>
3.3.0-4.fc16.x86_64 #1 SMP Tue Mar 20 18:05:40 UTC
>>> >>> 2012 x86_64 x86_64 x86_64 GNU/Linux
>>> >>>
>>> >>> [root@pc ~]# hostname -a
>>> >>> pc
>>> >>>
>>> >>> [root@pc ~]# facter fqdn
>>> >>> pc.jabber.com <http://pc.jabber.com>
>>> >>>
>>> >>>
>>> >>> Regards,
>>> >>>
>>> >>> Kaya
>>> >>>
>>> >>>
>>> >>>
>>> >>> On Tue, Apr 10, 2012 at 4:01 PM, Peter Berghold
>>> >>> <salty.cowd...@gmail.com <mailto:salty.cowd...@gmail.com>>
>>> >>> wrote:
>>> >>> >
>>> >>> >
>>> >>> > On Tue, Apr 10, 2012 at 10:19 AM, Kaya Saman
<kayasa...@gmail.com <mailto:kayasa...@gmail.com>>
>>> >>> > wrote:
>>> >>> >>
>>> >>> >>
>>> >>> >> err: Could not send report: hostname was not match with
the server
>>> >>> >> certificate
>>> >>> >>
>>> >>> >>
>>> >>> >
>>> >>> >
>>> >>> > on the client run the command
>>> >>> >
>>> >>> > facter fqdn
>>> >>> >
>>> >>> > what does the host think its name is?
>>> >>> >
>>> >>> >
>>> >>> >
>>> >>> >
>>> >>> >
>>> >>> > --
>>> >>> > Peter L. Berghold
>>> >>> > Owner, Shark River Technical Solutions LLC
>>> >>> >
>>> >>> > --
>>> >>> > You received this message because you are subscribed to
the Google
>>> >>> > Groups
>>> >>> > "Puppet Users" group.
>>> >>> > To post to this group, send email to
puppet-users@googlegroups.com <mailto:puppet-users@googlegroups.com>.
>>> >>> > To unsubscribe from this group, send email to
>>> >>> > puppet-users+unsubscr...@googlegroups.com
<mailto:puppet-users%2bunsubscr...@googlegroups.com>.
>>> >>> > For more options, visit this group at
>>> >>> > http://groups.google.com/group/puppet-users?hl=en.
>>> >>>
>>> >>> --
>>> >>> You received this message because you are subscribed to
the Google
>>> >>> Groups
>>> >>> "Puppet Users" group.
>>> >>> To post to this group, send email to
puppet-users@googlegroups.com <mailto:puppet-users@googlegroups.com>.
>>> >>> To unsubscribe from this group, send email to
>>> >>> puppet-users+unsubscr...@googlegroups.com
<mailto:puppet-users%2bunsubscr...@googlegroups.com>.
>>> >>> For more options, visit this group at
>>> >>> http://groups.google.com/group/puppet-users?hl=en.
>>> >>>
>>> >>
>>> >>
>>> >>
>>> >> --
>>> >> Peter L. Berghold
>>> >> Owner, Shark River Technical Solutions LLC
>>> >>
>>> >> --
>>> >> You received this message because you are subscribed to the
Google
>>> >> Groups
>>> >> "Puppet Users" group.
>>> >> To post to this group, send email to
puppet-users@googlegroups.com <mailto:puppet-users@googlegroups.com>.
>>> >> To unsubscribe from this group, send email to
>>> >> puppet-users+unsubscr...@googlegroups.com
<mailto:puppet-users%2bunsubscr...@googlegroups.com>.
>>> >> For more options, visit this group at
>>> >> http://groups.google.com/group/puppet-users?hl=en.
>>>
>>> --
>>> You received this message because you are subscribed to the
Google Groups
>>> "Puppet Users" group.
>>> To post to this group, send email to
puppet-users@googlegroups.com <mailto:puppet-users@googlegroups.com>.
>>> To unsubscribe from this group, send email to
>>> puppet-users+unsubscr...@googlegroups.com
<mailto:puppet-users%2bunsubscr...@googlegroups.com>.
>>> For more options, visit this group at
>>> http://groups.google.com/group/puppet-users?hl=en.
>>>
>>
>>
>>
>> --
>> Peter L. Berghold
>> Owner, Shark River Technical Solutions LLC
>>
>> --
>> You received this message because you are subscribed to the
Google Groups
>> "Puppet Users" group.
>> To post to this group, send email to
puppet-users@googlegroups.com <mailto:puppet-users@googlegroups.com>.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscr...@googlegroups.com
<mailto:puppet-users%2bunsubscr...@googlegroups.com>.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
<mailto:puppet-users@googlegroups.com>.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
<mailto:puppet-users%2bunsubscr...@googlegroups.com>.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
Peter L. Berghold
Owner, Shark River Technical Solutions LLC
--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
Regards,
Ashish Jaiswal
System Admin
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
