here is more info: puppet master config /etc/puppet/puppet [main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/templates
[master] # These are needed when the puppetmaster is run by passenger # and can safely be removed if webrick is used. ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY node_terminus = exec external_nodes = /usr/bin/env PUPPET_DASHBOARD_URL=http://localhost: 8141/dashboard /usr/share/puppet-dashboard/bin/external_node reports = store, http reporturl = http://netadmin.domain.tld:8141/reports/upload steps to reproduce on master: root@netadmin:/var/lib/puppet/ssl# puppet cert clean --all root@netadmin:/var/lib/puppet/ssl# puppet master --no-daemonize -- verbose ......... puppetmaster startup ............ Ctrl-C to stop root@netadmin:/var/lib/puppet/ssl# puppet ca list --all + netadmin.domain.tld (SHA256) 57:9D: 95:66:0C:B3:37:7C:F1:7D:B2:41:35:47:08:9F:D9:1B:9F:2C:57:F9:D1:20:3B: 1B:FE:27:37:16:87:ED root@netadmin:/var/lib/puppet/ssl# service apache2 start Starting web server: apache2. -------master end-------- -------client--------- root@ns3:~# cd /var/lib/puppet/ssl/ root@ns3:/var/lib/puppet/ssl# find -name *domain.tld* -delete root@ns3:/var/lib/puppet/ssl# puppet agent -t -d --waitforcert 60 -------client end----- -------master---------- root@netadmin:/var/lib/puppet/ssl# puppet ca list --all + netadmin.domain.tld (SHA256) 57:9D: 95:66:0C:B3:37:7C:F1:7D:B2:41:35:47:08:9F:D9:1B:9F:2C:57:F9:D1:20:3B: 1B:FE:27:37:16:87:ED root@netadmin:/var/lib/puppet/ssl# puppet ca list ns3.domain.tld (SHA256) 26:72:D4:3A:9C:EE:8B:73:25:1B: 0C:EC:FB:BB:C9:DA:D9:FE:74:35:B5:F5:35:43:F5:91:82:FB:98:E7:3F:D8 root@netadmin:/var/lib/puppet/ssl/ca# puppet ca sign ns3.domain.tld Signed certificate request for ns3.domain.tld Removing file Puppet::SSL::CertificateRequest ns3.domain.tld at '/var/ lib/puppet/ssl/ca/requests/ns3.domain.tld.pem' "-----BEGIN CERTIFICATE----- \nMIIFYTCCA0mgAwIBAgIBCjANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDDCJQdXBw \nZXQgQ0E6IG5ldGFkbWluLm1vbC1zZXJ2ZXJzLmRlMB4XDTEyMTAxNDA5MjAzN1oX \nDTE3MTAxNDA5MjAzN1owHTEbMBkGA1UEAwwSbnMzLm1vbC1zZXJ2ZXJzLmRlMIIC \nIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAu6x+f9jbOHZVb6rXyymVpxPY \n92wFIl+5FmKfQ+LhXM3CrrQURc/pDlBeqVyVEwo584c4szcS1pqQ4mv4oLla4g+P \npuQTG9fWILTXOs59dSH6hH3Vk8nrvcQoyffs3yJsjLrJEkTQO+TCSDBVDka2RCWe \nFKZhsQHwSMiriCrN43MqSgoLCX4BaVIryCQ03M6KCNvfkCo02Mme7GhOElnHSRAM \nictGHeM8wjogz+WUF1V+Ox2ixucI6Oc4nSzzJ05l3hxRrTaL+u4MLRDpQjFgCDje \nFDJB2cupwELoGvbXQollRJVIIWtpRYRb6KgOmyQq2oAzOBNruziGNLflkA5PnL0C \nlsNBmYnTRU1sklz5Z9uxQqOfU7af0I6toXUOLI81BiaLkqfyp8gWvHWOgCt9xjOz \nxvzv2MyfhXtJY+YkSGKartdGnqVECiUej9QdrF2fvl7mrWD76D +yauiQtTg8zdn2\nfU0lZBQ6IKHhK7XK00c98/AcIVBrTBspnWgwWPoLJ +mP8hsTK95azlbojpN1EHlh\nfHYR+tRcwR9c6edLpnWdJAzRtdjB5/ wOrYMuIgJXggMC7wr6vk98PFc4bvOoVt0e \nH0inF9p217DiNhzunZKgtfrCWymKdxpCZAAceKb6Ngaj391TdleU9g8WVsoxPT99\ng +vyKBISING84xPPAnkCAwEAAaOBmzCBmDAMBgNVHRMBAf8EAjAAMDcGCWCGSAGG\n +EIBDQQqFihQdXBwZXQgUnVieS9PcGVuU1NMIEludGVybmFsIENlcnRpZmljYXRl \nMA4GA1UdDwEB/wQEAwIFoDAdBgNVHQ4EFgQUcZmVS/ERSxDb8J6RSqUjs65x8tww \nIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUA \nA4ICAQBjjU+xRQVbY7p4atH8n2Vper7JSaS72DMc5nhLFmALG05S6S61aIjJTfSl \nQT8h/Prm6HaltGYOV/YsRZZO2MCNdkNx0aSnuMl +UNU1V0cWcypG7dYaODgXFPD6\nZj0/u6WnJWtbAvtrogXjkbm6XIg35rJswKx7CTJ/ hlsXhEfD8uqX88Wf6omRkL8g\nt/ IfUWmlrShjToi5CggGIderIgykHsbrsIwcXby6ab7q0hlLycPU6gtzy8xOTelW \neXe3WSiRWUTzljVXEwp428N2QXRE+rf5LB5WZ3xl/4eCIUbGj4GbMo2xSx7lzKQG \ng7H6w6RLVFz9SdwGffwrNNS9qMrbLv85Ism+Jh2rW1VStJu2ygi1rX47aC/o/UZa \npWHpXMzRL922p7r9Q5N/B+EdL1U8aQvf+gZ0YAuGlRxpn0cJGmsjb24TJtEmYxBZ \nzTGWqOraH9FAPd3aBklUw/l3SQ1Z4mfLAWIc89fnIsej1Rm7hkqOU0+jCUochFxu \nSmHXNWmMc2P8pjjor+vhPhuN8f1x1qw8Qqhhwi4e8VnUnFD1G03d9E8Ybg8Id3sR \nY3GDcYjgFRZsXUm8IWnz46NykE+V/zoBvGDzYpgwM0WgDORJD1DBweuP3xfTj+cJ\n/ 6pUfiSQcC+ofoklbnIZ57Inc4k8xqHGc+JaxRx1Fd7VrjIktQ==\n-----END CERTIFICATE-----\n" root@netadmin:/var/lib/puppet/ssl/ca# puppet ca list --all Error: The certificate retrieved from the master does not match the agent's private key. Certificate fingerprint: 57:9D: 95:66:0C:B3:37:7C:F1:7D:B2:41:35:47:08:9F:D9:1B:9F:2C:57:F9:D1:20:3B: 1B:FE:27:37:16:87:ED To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate. On the master: puppet cert clean netadmin.domain.tld On the agent: rm -f /var/lib/puppet/ssl/certs/netadmin.domain.tld.pem puppet agent -t Error: Try 'puppet help ca list' for usage -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
