Kaya, Did you clean out:
- /var/lib/puppet - /etc/puppet/ssl before you re-ran? The error you are seeing indicates there is a mismatch between hostname is associated with the server's certificate and what notion the client has for the server's name. Do you have DNS configured on the client (and server) and what does your resolv.conf have in it? That could effect what the client sees as its own name as well as the server's name. If you do not have DNS configured on the client then there are other things to look at. What do you see if you run the command ping puppet -c 1 This should answer a lot.. On Wed, Apr 11, 2012 at 5:03 AM, Kaya Saman <kayasa...@gmail.com> wrote: > Ok no joy :-( > > > On client: > > [root@pc puppet]# puppetd --server ps.jabber.com --waitforcert 60 --test > warning: peer certificate won't be verified in this SSL session > info: Caching certificate for pc.jabber.com > err: Could not retrieve catalog from remote server: hostname was not > match with the server certificate > warning: Not using cache on failed catalog > err: Could not retrieve catalog; skipping run > err: Could not send report: hostname was not match with the server > certificate > > > On server: > > > [root@ps var]# /opt/puppet/sbin/puppetca --list > pc.jabber.com (D2:66:2E:65:3B:DA:D0:C2:CA:12:42:8E:69:12:00:98) > puppet-test-client (5C:C4:3F:94:02:C3:D0:BD:F1:EB:F2:BB:A2:37:FD:3A) > [root@ps var]# /opt/puppet/sbin/puppetca --sign pc.jabber.com > notice: Signed certificate request for pc.jabber.com > notice: Removing file Puppet::SSL::CertificateRequest pc.jabber.com at > '/etc/puppetlabs/puppet/ssl/ca/requests/pc.jabber.com.pem' > > > > What happens if I use my FreeBSD "clean" install and transfer the > config over from the PuppetLabs image?? > > I mean is it the server or client that's not wanting to cooperate? > > > Regards, > > > Kaya > > > > On Tue, Apr 10, 2012 at 6:45 PM, <kayasa...@gmail.com> wrote: > > Thanks. > > > > Am currently on bus going home but will get back asap tomorrow morning > once > > I get back into the office :-) > > > > I appreciate everybodies input! > > Sent from my BlackBerry® wireless device > > ________________________________ > > From: Peter Berghold <salty.cowd...@gmail.com> > > Sender: puppet-users@googlegroups.com > > Date: Tue, 10 Apr 2012 13:40:29 -0400 > > To: <puppet-users@googlegroups.com> > > ReplyTo: puppet-users@googlegroups.com > > Subject: Re: [Puppet Users] Puppet not creating manifest file? > > > > What Ashish recommends may be a bit extreme, but I've had to at the very > > least clean up /var/lib/puppet on particularly recalcitrant clients. So > it > > is not out of the bounds of being reasonable. > > > > > > On Tue, Apr 10, 2012 at 1:33 PM, Ashish Jaiswal <ashish1...@gmail.com> > > wrote: > >> > >> Here is what I would suggest. > >> > >> Clean the /var/lib/puppet directory on both server as well as client. > >> And then restart puppetmaster on the server. > >> > >> # puppetd --server your.servername.com --waitforcert 60 --test > >> > >> Then check on server > >> > >> # puppetca --list > >> > >> You can see the list of the client > >> > >> # puppetca --sign client-name.fqdn > >> > >> Then run this command on client > >> > >> # puppet agent --test > >> > >> I know you have did the same for n times and another thing is that check > >> both the date and time whether it is proper or not on both server and > >> client while performing the above test. > >> > >> if any error let me know. > >> > >> > >> On Tuesday 10 April 2012 10:51:00 PM IST, Peter Berghold wrote: > >>> > >>> OK > >>> > >>> This is why I took you down the path I did. Essentially what you > >>> want to have happen is the client should generate its own cert and > >>> during its first interaction with the master get it signed by the > master. > >>> > >>> On Tue, Apr 10, 2012 at 12:17 PM, Kaya Saman <kayasa...@gmail.com > >>> <mailto:kayasa...@gmail.com>> wrote: > >>> > >>> Again more weirdness as running: > >>> > >>> puppetca --clean pc.jabber.com <http://pc.jabber.com> on server > >>> > >>> yields client to respond with: > >>> > >>> [root@pc puppet]# puppet agent --waitforcert=1 > >>> > >>> > >>> Forgot the --test invocation. What that command line does is start > >>> the agent as a daemon and wait for the master to sign its cert. > >>> > >>> Kill off the agent : > >>> > >>> ps -ef | grep agent > >>> <note the pid> > >>> kill -9 <pid> > >>> > >>> clean out the ssl dirs that exist on the client > >>> > >>> kill off the cert on the master > >>> > >>> puppet agent --test --waitforcert=1 > >>> > >>> That should get it for you... > >>> > >>> [root@pc puppet]# puppet agent --test > >>> err: Could not request certificate: Retrieved certificate does not > >>> match private key; please remove certificate from server and > >>> regenerate it with the current key > >>> Exiting; failed to retrieve certificate and waitforcert is disabled > >>> > >>> ?? > >>> > >>> How do I regenerate the certificate with the current key? > >>> > >>> > >>> puppet -t creates a new cert but how does that function with key? > >>> > >>> > >>> > >>> Regards > >>> > >>> > >>> On Tue, Apr 10, 2012 at 4:37 PM, Kaya Saman <kayasa...@gmail.com > >>> <mailto:kayasa...@gmail.com>> wrote: > >>> > It's the Puppet OVF learn.localdomain Puppet image I downloaded > from > >>> > the puppetlabs website! > >>> > > >>> > Here is URL: > >>> > > >>> > http://docs.puppetlabs.com/learning/ > >>> > > >>> > > >>> > http://info.puppetlabs.com/download-learning-puppet-VM.html > >>> > > >>> > > >>> > It's a CentOS based system but stores Puppet in /opt/puppet rather > >>> > then your typical local install. > >>> > > >>> > I've got a FreeBSD clean Puppet server too which is unconfigured > >>> as of > >>> > yet so just waiting to get this running before I move on to > >>> something > >>> > more complex. > >>> > > >>> > > >>> > Regards, > >>> > > >>> > > >>> > Kaya > >>> > > >>> > > >>> > On Tue, Apr 10, 2012 at 4:34 PM, Peter Berghold > >>> <salty.cowd...@gmail.com <mailto:salty.cowd...@gmail.com>> wrote: > >>> >> Eh? What platform are you running on and why /etc/puppetlabs? > >>> >> > >>> >> > >>> >> > >>> >> > >>> >> On Tue, Apr 10, 2012 at 11:31 AM, Kaya Saman > >>> <kayasa...@gmail.com <mailto:kayasa...@gmail.com>> wrote: > >>> >>> > >>> >>> Ok quick update... turns out the signed dir was in a different > >>> location: > >>> >>> > >>> >>> /etc/puppetlabs/puppet/ssl/ca/signed > >>> >>> > >>> >>> > >>> >>> I rectified that part but now a bit lost! > >>> >>> > >>> >>> > >>> >>> On Tue, Apr 10, 2012 at 4:25 PM, Kaya Saman > >>> <kayasa...@gmail.com <mailto:kayasa...@gmail.com>> wrote: > >>> >>> > On the server I get this error: > >>> >>> > > >>> >>> > cd /etc/puppet/ssl/ca/signed > >>> >>> > -bash: cd: /etc/puppet/ssl/ca/signed: No such file or > directory > >>> >>> > > >>> >>> > > >>> >>> > The output of puppet agent --waitforcert=1 > >>> >>> > > >>> >>> > > >>> >>> > [root@pc puppet]# puppet agent --waitforcert=1 > >>> >>> > [root@pc puppet]# > >>> >>> > > >>> >>> > > >>> >>> > Is this correct? > >>> >>> > > >>> >>> > > >>> >>> > On Tue, Apr 10, 2012 at 4:15 PM, Peter Berghold > >>> >>> > <salty.cowd...@gmail.com <mailto:salty.cowd...@gmail.com>> > >>> > >>> wrote: > >>> >>> >> Try the following: > >>> >>> >> > >>> >>> >> On the puppet master host: > >>> >>> >> > >>> >>> >> cd /etc/puppet/ssl/ca/signed and remove the signed cert you > >>> generated > >>> >>> >> before. > >>> >>> >> > >>> >>> >> On the client host (where you're running the agent) > >>> >>> >> > >>> >>> >> cd /var/lib/puppet and remove any ssl directory you find > >>> there. > >>> >>> >> cd /etc/puppet and remove any ssl directory you see there. > >>> >>> >> run puppet agent --waitforcert=1 > >>> >>> >> > >>> >>> >> > >>> >>> >> On the puppet master host puppetca --sign pc.jabber.com > >>> <http://pc.jabber.com> > >>> > >>> >>> >> > >>> >>> >> Puppet's built in SSL can be a bit fussy... > >>> >>> >> > >>> >>> >> > >>> >>> >> > >>> >>> >> On Tue, Apr 10, 2012 at 11:09 AM, Kaya Saman > >>> <kayasa...@gmail.com <mailto:kayasa...@gmail.com>> > >>> > >>> >>> >> wrote: > >>> >>> >>> > >>> >>> >>> This is the output of all host based commands: > >>> >>> >>> > >>> >>> >>> [root@pc ~]# uname -a > >>> >>> >>> Linux pc.jabber.com <http://pc.jabber.com> > >>> > >>> 3.3.0-4.fc16.x86_64 #1 SMP Tue Mar 20 18:05:40 UTC > >>> >>> >>> 2012 x86_64 x86_64 x86_64 GNU/Linux > >>> >>> >>> > >>> >>> >>> [root@pc ~]# hostname -a > >>> >>> >>> pc > >>> >>> >>> > >>> >>> >>> [root@pc ~]# facter fqdn > >>> >>> >>> pc.jabber.com <http://pc.jabber.com> > >>> > >>> >>> >>> > >>> >>> >>> > >>> >>> >>> Regards, > >>> >>> >>> > >>> >>> >>> Kaya > >>> >>> >>> > >>> >>> >>> > >>> >>> >>> > >>> >>> >>> On Tue, Apr 10, 2012 at 4:01 PM, Peter Berghold > >>> >>> >>> <salty.cowd...@gmail.com <mailto:salty.cowd...@gmail.com>> > >>> > >>> >>> >>> wrote: > >>> >>> >>> > > >>> >>> >>> > > >>> >>> >>> > On Tue, Apr 10, 2012 at 10:19 AM, Kaya Saman > >>> <kayasa...@gmail.com <mailto:kayasa...@gmail.com>> > >>> > >>> >>> >>> > wrote: > >>> >>> >>> >> > >>> >>> >>> >> > >>> >>> >>> >> err: Could not send report: hostname was not match with > >>> the server > >>> >>> >>> >> certificate > >>> >>> >>> >> > >>> >>> >>> >> > >>> >>> >>> > > >>> >>> >>> > > >>> >>> >>> > on the client run the command > >>> >>> >>> > > >>> >>> >>> > facter fqdn > >>> >>> >>> > > >>> >>> >>> > what does the host think its name is? > >>> >>> >>> > > >>> >>> >>> > > >>> >>> >>> > > >>> >>> >>> > > >>> >>> >>> > > >>> >>> >>> > -- > >>> >>> >>> > Peter L. Berghold > >>> >>> >>> > Owner, Shark River Technical Solutions LLC > >>> >>> >>> > > >>> >>> >>> > -- > >>> >>> >>> > You received this message because you are subscribed to > >>> the Google > >>> >>> >>> > Groups > >>> >>> >>> > "Puppet Users" group. > >>> >>> >>> > To post to this group, send email to > >>> puppet-users@googlegroups.com <mailto:puppet-users@googlegroups.com > >. > >>> > >>> >>> >>> > To unsubscribe from this group, send email to > >>> >>> >>> > puppet-users+unsubscr...@googlegroups.com > >>> <mailto:puppet-users%2bunsubscr...@googlegroups.com>. > >>> > >>> >>> >>> > For more options, visit this group at > >>> >>> >>> > http://groups.google.com/group/puppet-users?hl=en. > >>> >>> >>> > >>> >>> >>> -- > >>> >>> >>> You received this message because you are subscribed to > >>> the Google > >>> >>> >>> Groups > >>> >>> >>> "Puppet Users" group. > >>> >>> >>> To post to this group, send email to > >>> puppet-users@googlegroups.com <mailto:puppet-users@googlegroups.com > >. > >>> > >>> >>> >>> To unsubscribe from this group, send email to > >>> >>> >>> puppet-users+unsubscr...@googlegroups.com > >>> <mailto:puppet-users%2bunsubscr...@googlegroups.com>. > >>> > >>> >>> >>> For more options, visit this group at > >>> >>> >>> http://groups.google.com/group/puppet-users?hl=en. > >>> >>> >>> > >>> >>> >> > >>> >>> >> > >>> >>> >> > >>> >>> >> -- > >>> >>> >> Peter L. Berghold > >>> >>> >> Owner, Shark River Technical Solutions LLC > >>> >>> >> > >>> >>> >> -- > >>> >>> >> You received this message because you are subscribed to the > >>> Google > >>> >>> >> Groups > >>> >>> >> "Puppet Users" group. > >>> >>> >> To post to this group, send email to > >>> puppet-users@googlegroups.com <mailto:puppet-users@googlegroups.com > >. > >>> > >>> >>> >> To unsubscribe from this group, send email to > >>> >>> >> puppet-users+unsubscr...@googlegroups.com > >>> <mailto:puppet-users%2bunsubscr...@googlegroups.com>. > >>> > >>> >>> >> For more options, visit this group at > >>> >>> >> http://groups.google.com/group/puppet-users?hl=en. > >>> >>> > >>> >>> -- > >>> >>> You received this message because you are subscribed to the > >>> Google Groups > >>> >>> "Puppet Users" group. > >>> >>> To post to this group, send email to > >>> puppet-users@googlegroups.com <mailto:puppet-users@googlegroups.com > >. > >>> > >>> >>> To unsubscribe from this group, send email to > >>> >>> puppet-users+unsubscr...@googlegroups.com > >>> <mailto:puppet-users%2bunsubscr...@googlegroups.com>. > >>> > >>> >>> For more options, visit this group at > >>> >>> http://groups.google.com/group/puppet-users?hl=en. > >>> >>> > >>> >> > >>> >> > >>> >> > >>> >> -- > >>> >> Peter L. Berghold > >>> >> Owner, Shark River Technical Solutions LLC > >>> >> > >>> >> -- > >>> >> You received this message because you are subscribed to the > >>> Google Groups > >>> >> "Puppet Users" group. > >>> >> To post to this group, send email to > >>> puppet-users@googlegroups.com <mailto:puppet-users@googlegroups.com > >. > >>> > >>> >> To unsubscribe from this group, send email to > >>> >> puppet-users+unsubscr...@googlegroups.com > >>> <mailto:puppet-users%2bunsubscr...@googlegroups.com>. > >>> > >>> >> For more options, visit this group at > >>> >> http://groups.google.com/group/puppet-users?hl=en. > >>> > >>> -- > >>> You received this message because you are subscribed to the Google > >>> Groups "Puppet Users" group. > >>> To post to this group, send email to puppet-users@googlegroups.com > >>> <mailto:puppet-users@googlegroups.com>. > >>> > >>> To unsubscribe from this group, send email to > >>> puppet-users+unsubscr...@googlegroups.com > >>> <mailto:puppet-users%2bunsubscr...@googlegroups.com>. > >>> > >>> For more options, visit this group at > >>> http://groups.google.com/group/puppet-users?hl=en. > >>> > >>> > >>> > >>> > >>> -- > >>> Peter L. Berghold > >>> Owner, Shark River Technical Solutions LLC > >>> > >>> -- > >>> You received this message because you are subscribed to the Google > >>> Groups "Puppet Users" group. > >>> To post to this group, send email to puppet-users@googlegroups.com. > >>> To unsubscribe from this group, send email to > >>> puppet-users+unsubscr...@googlegroups.com. > >>> For more options, visit this group at > >>> http://groups.google.com/group/puppet-users?hl=en. > >> > >> > >> -- > >> Regards, > >> Ashish Jaiswal > >> System Admin > >> > >> > >> -- > >> You received this message because you are subscribed to the Google > Groups > >> "Puppet Users" group. > >> To post to this group, send email to puppet-users@googlegroups.com. > >> To unsubscribe from this group, send email to > >> puppet-users+unsubscr...@googlegroups.com. > >> For more options, visit this group at > >> http://groups.google.com/group/puppet-users?hl=en. > >> > > > > > > > > -- > > Peter L. Berghold > > Owner, Shark River Technical Solutions LLC > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Puppet Users" group. > > To post to this group, send email to puppet-users@googlegroups.com. > > To unsubscribe from this group, send email to > > puppet-users+unsubscr...@googlegroups.com. > > For more options, visit this group at > > http://groups.google.com/group/puppet-users?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- Peter L. Berghold Owner, Shark River Technical Solutions LLC -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
