Ok no joy :-(
On client: [root@pc puppet]# puppetd --server ps.jabber.com --waitforcert 60 --test warning: peer certificate won't be verified in this SSL session info: Caching certificate for pc.jabber.com err: Could not retrieve catalog from remote server: hostname was not match with the server certificate warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run err: Could not send report: hostname was not match with the server certificate On server: [root@ps var]# /opt/puppet/sbin/puppetca --list pc.jabber.com (D2:66:2E:65:3B:DA:D0:C2:CA:12:42:8E:69:12:00:98) puppet-test-client (5C:C4:3F:94:02:C3:D0:BD:F1:EB:F2:BB:A2:37:FD:3A) [root@ps var]# /opt/puppet/sbin/puppetca --sign pc.jabber.com notice: Signed certificate request for pc.jabber.com notice: Removing file Puppet::SSL::CertificateRequest pc.jabber.com at '/etc/puppetlabs/puppet/ssl/ca/requests/pc.jabber.com.pem' What happens if I use my FreeBSD "clean" install and transfer the config over from the PuppetLabs image?? I mean is it the server or client that's not wanting to cooperate? Regards, Kaya On Tue, Apr 10, 2012 at 6:45 PM, <kayasa...@gmail.com> wrote: > Thanks. > > Am currently on bus going home but will get back asap tomorrow morning once > I get back into the office :-) > > I appreciate everybodies input! > Sent from my BlackBerry® wireless device > ________________________________ > From: Peter Berghold <salty.cowd...@gmail.com> > Sender: puppet-users@googlegroups.com > Date: Tue, 10 Apr 2012 13:40:29 -0400 > To: <puppet-users@googlegroups.com> > ReplyTo: puppet-users@googlegroups.com > Subject: Re: [Puppet Users] Puppet not creating manifest file? > > What Ashish recommends may be a bit extreme, but I've had to at the very > least clean up /var/lib/puppet on particularly recalcitrant clients. So it > is not out of the bounds of being reasonable. > > > On Tue, Apr 10, 2012 at 1:33 PM, Ashish Jaiswal <ashish1...@gmail.com> > wrote: >> >> Here is what I would suggest. >> >> Clean the /var/lib/puppet directory on both server as well as client. >> And then restart puppetmaster on the server. >> >> # puppetd --server your.servername.com --waitforcert 60 --test >> >> Then check on server >> >> # puppetca --list >> >> You can see the list of the client >> >> # puppetca --sign client-name.fqdn >> >> Then run this command on client >> >> # puppet agent --test >> >> I know you have did the same for n times and another thing is that check >> both the date and time whether it is proper or not on both server and >> client while performing the above test. >> >> if any error let me know. >> >> >> On Tuesday 10 April 2012 10:51:00 PM IST, Peter Berghold wrote: >>> >>> OK >>> >>> This is why I took you down the path I did. Essentially what you >>> want to have happen is the client should generate its own cert and >>> during its first interaction with the master get it signed by the master. >>> >>> On Tue, Apr 10, 2012 at 12:17 PM, Kaya Saman <kayasa...@gmail.com >>> <mailto:kayasa...@gmail.com>> wrote: >>> >>> Again more weirdness as running: >>> >>> puppetca --clean pc.jabber.com <http://pc.jabber.com> on server >>> >>> yields client to respond with: >>> >>> [root@pc puppet]# puppet agent --waitforcert=1 >>> >>> >>> Forgot the --test invocation. What that command line does is start >>> the agent as a daemon and wait for the master to sign its cert. >>> >>> Kill off the agent : >>> >>> ps -ef | grep agent >>> <note the pid> >>> kill -9 <pid> >>> >>> clean out the ssl dirs that exist on the client >>> >>> kill off the cert on the master >>> >>> puppet agent --test --waitforcert=1 >>> >>> That should get it for you... >>> >>> [root@pc puppet]# puppet agent --test >>> err: Could not request certificate: Retrieved certificate does not >>> match private key; please remove certificate from server and >>> regenerate it with the current key >>> Exiting; failed to retrieve certificate and waitforcert is disabled >>> >>> ?? >>> >>> How do I regenerate the certificate with the current key? >>> >>> >>> puppet -t creates a new cert but how does that function with key? >>> >>> >>> >>> Regards >>> >>> >>> On Tue, Apr 10, 2012 at 4:37 PM, Kaya Saman <kayasa...@gmail.com >>> <mailto:kayasa...@gmail.com>> wrote: >>> > It's the Puppet OVF learn.localdomain Puppet image I downloaded from >>> > the puppetlabs website! >>> > >>> > Here is URL: >>> > >>> > http://docs.puppetlabs.com/learning/ >>> > >>> > >>> > http://info.puppetlabs.com/download-learning-puppet-VM.html >>> > >>> > >>> > It's a CentOS based system but stores Puppet in /opt/puppet rather >>> > then your typical local install. >>> > >>> > I've got a FreeBSD clean Puppet server too which is unconfigured >>> as of >>> > yet so just waiting to get this running before I move on to >>> something >>> > more complex. >>> > >>> > >>> > Regards, >>> > >>> > >>> > Kaya >>> > >>> > >>> > On Tue, Apr 10, 2012 at 4:34 PM, Peter Berghold >>> <salty.cowd...@gmail.com <mailto:salty.cowd...@gmail.com>> wrote: >>> >> Eh? What platform are you running on and why /etc/puppetlabs? >>> >> >>> >> >>> >> >>> >> >>> >> On Tue, Apr 10, 2012 at 11:31 AM, Kaya Saman >>> <kayasa...@gmail.com <mailto:kayasa...@gmail.com>> wrote: >>> >>> >>> >>> Ok quick update... turns out the signed dir was in a different >>> location: >>> >>> >>> >>> /etc/puppetlabs/puppet/ssl/ca/signed >>> >>> >>> >>> >>> >>> I rectified that part but now a bit lost! >>> >>> >>> >>> >>> >>> On Tue, Apr 10, 2012 at 4:25 PM, Kaya Saman >>> <kayasa...@gmail.com <mailto:kayasa...@gmail.com>> wrote: >>> >>> > On the server I get this error: >>> >>> > >>> >>> > cd /etc/puppet/ssl/ca/signed >>> >>> > -bash: cd: /etc/puppet/ssl/ca/signed: No such file or directory >>> >>> > >>> >>> > >>> >>> > The output of puppet agent --waitforcert=1 >>> >>> > >>> >>> > >>> >>> > [root@pc puppet]# puppet agent --waitforcert=1 >>> >>> > [root@pc puppet]# >>> >>> > >>> >>> > >>> >>> > Is this correct? >>> >>> > >>> >>> > >>> >>> > On Tue, Apr 10, 2012 at 4:15 PM, Peter Berghold >>> >>> > <salty.cowd...@gmail.com <mailto:salty.cowd...@gmail.com>> >>> >>> wrote: >>> >>> >> Try the following: >>> >>> >> >>> >>> >> On the puppet master host: >>> >>> >> >>> >>> >> cd /etc/puppet/ssl/ca/signed and remove the signed cert you >>> generated >>> >>> >> before. >>> >>> >> >>> >>> >> On the client host (where you're running the agent) >>> >>> >> >>> >>> >> cd /var/lib/puppet and remove any ssl directory you find >>> there. >>> >>> >> cd /etc/puppet and remove any ssl directory you see there. >>> >>> >> run puppet agent --waitforcert=1 >>> >>> >> >>> >>> >> >>> >>> >> On the puppet master host puppetca --sign pc.jabber.com >>> <http://pc.jabber.com> >>> >>> >>> >> >>> >>> >> Puppet's built in SSL can be a bit fussy... >>> >>> >> >>> >>> >> >>> >>> >> >>> >>> >> On Tue, Apr 10, 2012 at 11:09 AM, Kaya Saman >>> <kayasa...@gmail.com <mailto:kayasa...@gmail.com>> >>> >>> >>> >> wrote: >>> >>> >>> >>> >>> >>> This is the output of all host based commands: >>> >>> >>> >>> >>> >>> [root@pc ~]# uname -a >>> >>> >>> Linux pc.jabber.com <http://pc.jabber.com> >>> >>> 3.3.0-4.fc16.x86_64 #1 SMP Tue Mar 20 18:05:40 UTC >>> >>> >>> 2012 x86_64 x86_64 x86_64 GNU/Linux >>> >>> >>> >>> >>> >>> [root@pc ~]# hostname -a >>> >>> >>> pc >>> >>> >>> >>> >>> >>> [root@pc ~]# facter fqdn >>> >>> >>> pc.jabber.com <http://pc.jabber.com> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> Regards, >>> >>> >>> >>> >>> >>> Kaya >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> On Tue, Apr 10, 2012 at 4:01 PM, Peter Berghold >>> >>> >>> <salty.cowd...@gmail.com <mailto:salty.cowd...@gmail.com>> >>> >>> >>> >>> wrote: >>> >>> >>> > >>> >>> >>> > >>> >>> >>> > On Tue, Apr 10, 2012 at 10:19 AM, Kaya Saman >>> <kayasa...@gmail.com <mailto:kayasa...@gmail.com>> >>> >>> >>> >>> > wrote: >>> >>> >>> >> >>> >>> >>> >> >>> >>> >>> >> err: Could not send report: hostname was not match with >>> the server >>> >>> >>> >> certificate >>> >>> >>> >> >>> >>> >>> >> >>> >>> >>> > >>> >>> >>> > >>> >>> >>> > on the client run the command >>> >>> >>> > >>> >>> >>> > facter fqdn >>> >>> >>> > >>> >>> >>> > what does the host think its name is? >>> >>> >>> > >>> >>> >>> > >>> >>> >>> > >>> >>> >>> > >>> >>> >>> > >>> >>> >>> > -- >>> >>> >>> > Peter L. Berghold >>> >>> >>> > Owner, Shark River Technical Solutions LLC >>> >>> >>> > >>> >>> >>> > -- >>> >>> >>> > You received this message because you are subscribed to >>> the Google >>> >>> >>> > Groups >>> >>> >>> > "Puppet Users" group. >>> >>> >>> > To post to this group, send email to >>> puppet-users@googlegroups.com <mailto:puppet-users@googlegroups.com>. >>> >>> >>> >>> > To unsubscribe from this group, send email to >>> >>> >>> > puppet-users+unsubscr...@googlegroups.com >>> <mailto:puppet-users%2bunsubscr...@googlegroups.com>. >>> >>> >>> >>> > For more options, visit this group at >>> >>> >>> > http://groups.google.com/group/puppet-users?hl=en. >>> >>> >>> >>> >>> >>> -- >>> >>> >>> You received this message because you are subscribed to >>> the Google >>> >>> >>> Groups >>> >>> >>> "Puppet Users" group. >>> >>> >>> To post to this group, send email to >>> puppet-users@googlegroups.com <mailto:puppet-users@googlegroups.com>. >>> >>> >>> >>> To unsubscribe from this group, send email to >>> >>> >>> puppet-users+unsubscr...@googlegroups.com >>> <mailto:puppet-users%2bunsubscr...@googlegroups.com>. >>> >>> >>> >>> For more options, visit this group at >>> >>> >>> http://groups.google.com/group/puppet-users?hl=en. >>> >>> >>> >>> >>> >> >>> >>> >> >>> >>> >> >>> >>> >> -- >>> >>> >> Peter L. Berghold >>> >>> >> Owner, Shark River Technical Solutions LLC >>> >>> >> >>> >>> >> -- >>> >>> >> You received this message because you are subscribed to the >>> Google >>> >>> >> Groups >>> >>> >> "Puppet Users" group. >>> >>> >> To post to this group, send email to >>> puppet-users@googlegroups.com <mailto:puppet-users@googlegroups.com>. >>> >>> >>> >> To unsubscribe from this group, send email to >>> >>> >> puppet-users+unsubscr...@googlegroups.com >>> <mailto:puppet-users%2bunsubscr...@googlegroups.com>. >>> >>> >>> >> For more options, visit this group at >>> >>> >> http://groups.google.com/group/puppet-users?hl=en. >>> >>> >>> >>> -- >>> >>> You received this message because you are subscribed to the >>> Google Groups >>> >>> "Puppet Users" group. >>> >>> To post to this group, send email to >>> puppet-users@googlegroups.com <mailto:puppet-users@googlegroups.com>. >>> >>> >>> To unsubscribe from this group, send email to >>> >>> puppet-users+unsubscr...@googlegroups.com >>> <mailto:puppet-users%2bunsubscr...@googlegroups.com>. >>> >>> >>> For more options, visit this group at >>> >>> http://groups.google.com/group/puppet-users?hl=en. >>> >>> >>> >> >>> >> >>> >> >>> >> -- >>> >> Peter L. Berghold >>> >> Owner, Shark River Technical Solutions LLC >>> >> >>> >> -- >>> >> You received this message because you are subscribed to the >>> Google Groups >>> >> "Puppet Users" group. >>> >> To post to this group, send email to >>> puppet-users@googlegroups.com <mailto:puppet-users@googlegroups.com>. >>> >>> >> To unsubscribe from this group, send email to >>> >> puppet-users+unsubscr...@googlegroups.com >>> <mailto:puppet-users%2bunsubscr...@googlegroups.com>. >>> >>> >> For more options, visit this group at >>> >> http://groups.google.com/group/puppet-users?hl=en. >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Puppet Users" group. >>> To post to this group, send email to puppet-users@googlegroups.com >>> <mailto:puppet-users@googlegroups.com>. >>> >>> To unsubscribe from this group, send email to >>> puppet-users+unsubscr...@googlegroups.com >>> <mailto:puppet-users%2bunsubscr...@googlegroups.com>. >>> >>> For more options, visit this group at >>> http://groups.google.com/group/puppet-users?hl=en. >>> >>> >>> >>> >>> -- >>> Peter L. Berghold >>> Owner, Shark River Technical Solutions LLC >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Puppet Users" group. >>> To post to this group, send email to puppet-users@googlegroups.com. >>> To unsubscribe from this group, send email to >>> puppet-users+unsubscr...@googlegroups.com. >>> For more options, visit this group at >>> http://groups.google.com/group/puppet-users?hl=en. >> >> >> -- >> Regards, >> Ashish Jaiswal >> System Admin >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> > > > > -- > Peter L. Berghold > Owner, Shark River Technical Solutions LLC > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
