What Ashish recommends may be a bit extreme, but I've had to at the very least clean up /var/lib/puppet on particularly recalcitrant clients. So it is not out of the bounds of being reasonable.
On Tue, Apr 10, 2012 at 1:33 PM, Ashish Jaiswal <ashish1...@gmail.com>wrote: > Here is what I would suggest. > > Clean the /var/lib/puppet directory on both server as well as client. > And then restart puppetmaster on the server. > > # puppetd --server your.servername.com --waitforcert 60 --test > > Then check on server > > # puppetca --list > > You can see the list of the client > > # puppetca --sign client-name.fqdn > > Then run this command on client > > # puppet agent --test > > I know you have did the same for n times and another thing is that check > both the date and time whether it is proper or not on both server and > client while performing the above test. > > if any error let me know. > > > On Tuesday 10 April 2012 10:51:00 PM IST, Peter Berghold wrote: > >> OK >> >> This is why I took you down the path I did. Essentially what you >> want to have happen is the client should generate its own cert and >> during its first interaction with the master get it signed by the master. >> >> On Tue, Apr 10, 2012 at 12:17 PM, Kaya Saman <kayasa...@gmail.com >> <mailto:kayasa...@gmail.com>> wrote: >> >> Again more weirdness as running: >> >> puppetca --clean pc.jabber.com <http://pc.jabber.com> on server >> >> yields client to respond with: >> >> [root@pc puppet]# puppet agent --waitforcert=1 >> >> >> Forgot the --test invocation. What that command line does is start >> the agent as a daemon and wait for the master to sign its cert. >> >> Kill off the agent : >> >> ps -ef | grep agent >> <note the pid> >> kill -9 <pid> >> >> clean out the ssl dirs that exist on the client >> >> kill off the cert on the master >> >> puppet agent --test --waitforcert=1 >> >> That should get it for you... >> >> [root@pc puppet]# puppet agent --test >> err: Could not request certificate: Retrieved certificate does not >> match private key; please remove certificate from server and >> regenerate it with the current key >> Exiting; failed to retrieve certificate and waitforcert is disabled >> >> ?? >> >> How do I regenerate the certificate with the current key? >> >> >> puppet -t creates a new cert but how does that function with key? >> >> >> >> Regards >> >> >> On Tue, Apr 10, 2012 at 4:37 PM, Kaya Saman <kayasa...@gmail.com >> <mailto:kayasa...@gmail.com>> wrote: >> > It's the Puppet OVF learn.localdomain Puppet image I downloaded from >> > the puppetlabs website! >> > >> > Here is URL: >> > >> > >> http://docs.puppetlabs.com/**learning/<http://docs.puppetlabs.com/learning/> >> > >> > >> > >> http://info.puppetlabs.com/**download-learning-puppet-VM.**html<http://info.puppetlabs.com/download-learning-puppet-VM.html> >> > >> > >> > It's a CentOS based system but stores Puppet in /opt/puppet rather >> > then your typical local install. >> > >> > I've got a FreeBSD clean Puppet server too which is unconfigured >> as of >> > yet so just waiting to get this running before I move on to >> something >> > more complex. >> > >> > >> > Regards, >> > >> > >> > Kaya >> > >> > >> > On Tue, Apr 10, 2012 at 4:34 PM, Peter Berghold >> <salty.cowd...@gmail.com >> <mailto:salty.cowdawg@gmail.**com<salty.cowd...@gmail.com>>> >> wrote: >> >> Eh? What platform are you running on and why /etc/puppetlabs? >> >> >> >> >> >> >> >> >> >> On Tue, Apr 10, 2012 at 11:31 AM, Kaya Saman >> <kayasa...@gmail.com <mailto:kayasa...@gmail.com>> wrote: >> >>> >> >>> Ok quick update... turns out the signed dir was in a different >> location: >> >>> >> >>> /etc/puppetlabs/puppet/ssl/ca/**signed >> >>> >> >>> >> >>> I rectified that part but now a bit lost! >> >>> >> >>> >> >>> On Tue, Apr 10, 2012 at 4:25 PM, Kaya Saman >> <kayasa...@gmail.com <mailto:kayasa...@gmail.com>> wrote: >> >>> > On the server I get this error: >> >>> > >> >>> > cd /etc/puppet/ssl/ca/signed >> >>> > -bash: cd: /etc/puppet/ssl/ca/signed: No such file or directory >> >>> > >> >>> > >> >>> > The output of puppet agent --waitforcert=1 >> >>> > >> >>> > >> >>> > [root@pc puppet]# puppet agent --waitforcert=1 >> >>> > [root@pc puppet]# >> >>> > >> >>> > >> >>> > Is this correct? >> >>> > >> >>> > >> >>> > On Tue, Apr 10, 2012 at 4:15 PM, Peter Berghold >> >>> > <salty.cowd...@gmail.com >> <mailto:salty.cowdawg@gmail.**com<salty.cowd...@gmail.com> >> >> >> >> wrote: >> >>> >> Try the following: >> >>> >> >> >>> >> On the puppet master host: >> >>> >> >> >>> >> cd /etc/puppet/ssl/ca/signed and remove the signed cert you >> generated >> >>> >> before. >> >>> >> >> >>> >> On the client host (where you're running the agent) >> >>> >> >> >>> >> cd /var/lib/puppet and remove any ssl directory you find >> there. >> >>> >> cd /etc/puppet and remove any ssl directory you see there. >> >>> >> run puppet agent --waitforcert=1 >> >>> >> >> >>> >> >> >>> >> On the puppet master host puppetca --sign pc.jabber.com >> <http://pc.jabber.com> >> >> >>> >> >> >>> >> Puppet's built in SSL can be a bit fussy... >> >>> >> >> >>> >> >> >>> >> >> >>> >> On Tue, Apr 10, 2012 at 11:09 AM, Kaya Saman >> <kayasa...@gmail.com <mailto:kayasa...@gmail.com>> >> >> >>> >> wrote: >> >>> >>> >> >>> >>> This is the output of all host based commands: >> >>> >>> >> >>> >>> [root@pc ~]# uname -a >> >>> >>> Linux pc.jabber.com <http://pc.jabber.com> >> >> 3.3.0-4.fc16.x86_64 #1 SMP Tue Mar 20 18:05:40 UTC >> >>> >>> 2012 x86_64 x86_64 x86_64 GNU/Linux >> >>> >>> >> >>> >>> [root@pc ~]# hostname -a >> >>> >>> pc >> >>> >>> >> >>> >>> [root@pc ~]# facter fqdn >> >>> >>> pc.jabber.com <http://pc.jabber.com> >> >> >>> >>> >> >>> >>> >> >>> >>> Regards, >> >>> >>> >> >>> >>> Kaya >> >>> >>> >> >>> >>> >> >>> >>> >> >>> >>> On Tue, Apr 10, 2012 at 4:01 PM, Peter Berghold >> >>> >>> <salty.cowd...@gmail.com >> <mailto:salty.cowdawg@gmail.**com<salty.cowd...@gmail.com> >> >> >> >> >>> >>> wrote: >> >>> >>> > >> >>> >>> > >> >>> >>> > On Tue, Apr 10, 2012 at 10:19 AM, Kaya Saman >> <kayasa...@gmail.com <mailto:kayasa...@gmail.com>> >> >> >>> >>> > wrote: >> >>> >>> >> >> >>> >>> >> >> >>> >>> >> err: Could not send report: hostname was not match with >> the server >> >>> >>> >> certificate >> >>> >>> >> >> >>> >>> >> >> >>> >>> > >> >>> >>> > >> >>> >>> > on the client run the command >> >>> >>> > >> >>> >>> > facter fqdn >> >>> >>> > >> >>> >>> > what does the host think its name is? >> >>> >>> > >> >>> >>> > >> >>> >>> > >> >>> >>> > >> >>> >>> > >> >>> >>> > -- >> >>> >>> > Peter L. Berghold >> >>> >>> > Owner, Shark River Technical Solutions LLC >> >>> >>> > >> >>> >>> > -- >> >>> >>> > You received this message because you are subscribed to >> the Google >> >>> >>> > Groups >> >>> >>> > "Puppet Users" group. >> >>> >>> > To post to this group, send email to >> puppet-users@googlegroups.com >> <mailto:puppet-users@**googlegroups.com<puppet-users@googlegroups.com> >> >. >> >> >>> >>> > To unsubscribe from this group, send email to >> >>> >>> > >> puppet-users+unsubscribe@**googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com> >> >> <mailto:puppet-users%**2bunsubscr...@googlegroups.com<puppet-users%252bunsubscr...@googlegroups.com> >> **>. >> >> >>> >>> > For more options, visit this group at >> >>> >>> > >> http://groups.google.com/**group/puppet-users?hl=en<http://groups.google.com/group/puppet-users?hl=en> >> . >> >>> >>> >> >>> >>> -- >> >>> >>> You received this message because you are subscribed to >> the Google >> >>> >>> Groups >> >>> >>> "Puppet Users" group. >> >>> >>> To post to this group, send email to >> puppet-users@googlegroups.com >> <mailto:puppet-users@**googlegroups.com<puppet-users@googlegroups.com> >> >. >> >> >>> >>> To unsubscribe from this group, send email to >> >>> >>> >> puppet-users+unsubscribe@**googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com> >> >> <mailto:puppet-users%**2bunsubscr...@googlegroups.com<puppet-users%252bunsubscr...@googlegroups.com> >> **>. >> >> >>> >>> For more options, visit this group at >> >>> >>> >> http://groups.google.com/**group/puppet-users?hl=en<http://groups.google.com/group/puppet-users?hl=en> >> . >> >>> >>> >> >>> >> >> >>> >> >> >>> >> >> >>> >> -- >> >>> >> Peter L. Berghold >> >>> >> Owner, Shark River Technical Solutions LLC >> >>> >> >> >>> >> -- >> >>> >> You received this message because you are subscribed to the >> Google >> >>> >> Groups >> >>> >> "Puppet Users" group. >> >>> >> To post to this group, send email to >> puppet-users@googlegroups.com >> <mailto:puppet-users@**googlegroups.com<puppet-users@googlegroups.com> >> >. >> >> >>> >> To unsubscribe from this group, send email to >> >>> >> >> puppet-users+unsubscribe@**googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com> >> >> <mailto:puppet-users%**2bunsubscr...@googlegroups.com<puppet-users%252bunsubscr...@googlegroups.com> >> **>. >> >> >>> >> For more options, visit this group at >> >>> >> >> http://groups.google.com/**group/puppet-users?hl=en<http://groups.google.com/group/puppet-users?hl=en> >> . >> >>> >> >>> -- >> >>> You received this message because you are subscribed to the >> Google Groups >> >>> "Puppet Users" group. >> >>> To post to this group, send email to >> puppet-users@googlegroups.com >> <mailto:puppet-users@**googlegroups.com<puppet-users@googlegroups.com> >> >. >> >> >>> To unsubscribe from this group, send email to >> >>> >> puppet-users+unsubscribe@**googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com> >> >> <mailto:puppet-users%**2bunsubscr...@googlegroups.com<puppet-users%252bunsubscr...@googlegroups.com> >> **>. >> >> >>> For more options, visit this group at >> >>> >> http://groups.google.com/**group/puppet-users?hl=en<http://groups.google.com/group/puppet-users?hl=en> >> . >> >>> >> >> >> >> >> >> >> >> -- >> >> Peter L. Berghold >> >> Owner, Shark River Technical Solutions LLC >> >> >> >> -- >> >> You received this message because you are subscribed to the >> Google Groups >> >> "Puppet Users" group. >> >> To post to this group, send email to >> puppet-users@googlegroups.com >> <mailto:puppet-users@**googlegroups.com<puppet-users@googlegroups.com> >> >. >> >> >> To unsubscribe from this group, send email to >> >> >> puppet-users+unsubscribe@**googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com> >> >> <mailto:puppet-users%**2bunsubscr...@googlegroups.com<puppet-users%252bunsubscr...@googlegroups.com> >> **>. >> >> >> For more options, visit this group at >> >> >> http://groups.google.com/**group/puppet-users?hl=en<http://groups.google.com/group/puppet-users?hl=en> >> . >> >> -- >> You received this message because you are subscribed to the Google >> Groups "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com >> <mailto:puppet-users@**googlegroups.com<puppet-users@googlegroups.com> >> >. >> >> To unsubscribe from this group, send email to >> >> puppet-users+unsubscribe@**googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com> >> >> <mailto:puppet-users%**2bunsubscr...@googlegroups.com<puppet-users%252bunsubscr...@googlegroups.com> >> **>. >> >> For more options, visit this group at >> >> http://groups.google.com/**group/puppet-users?hl=en<http://groups.google.com/group/puppet-users?hl=en> >> . >> >> >> >> >> -- >> Peter L. Berghold >> Owner, Shark River Technical Solutions LLC >> >> -- >> You received this message because you are subscribed to the Google >> Groups "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscribe@**googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com> >> . >> For more options, visit this group at >> http://groups.google.com/**group/puppet-users?hl=en<http://groups.google.com/group/puppet-users?hl=en> >> . >> > > -- > Regards, > Ashish Jaiswal > System Admin > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@** > googlegroups.com <puppet-users%2bunsubscr...@googlegroups.com>. > For more options, visit this group at http://groups.google.com/** > group/puppet-users?hl=en<http://groups.google.com/group/puppet-users?hl=en> > . > > -- Peter L. Berghold Owner, Shark River Technical Solutions LLC -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
