I have the same exact problem over and over and over, so I gave up on Puppet. But maybe you can try resolve this by checking if times are in sync? try ntpdate on master and slave. check date on both machines very quickly to see the time sync
On Thursday, November 29, 2012 4:52:42 PM UTC-5, shoerner wrote: > > Hello everyone, > > Just getting my first puppet master set up and I am having a problem that > I just do not know how to get past. For some reason, my certificate store > keeps getting corrupted. Basically what happens is that the server will > issue itself a valid certificate (after removing the 'bad' cert) and will > run just fine. When I start puppetDB (I am pretty sure it happens around > here) on the system though, running the command 'puppet ca list --all' on > the PuppetMaster, I get the following: > > Error: The certificate retrieved from the master does not match the > agent's private key. > Certificate fingerprint: *<fingerprint removed>* > To fix this, remove the certificate from both the master and the agent and > then start a puppet run, which will automatically regenerate a certficate. > On the master: > puppet cert clean puppetmaster.site > On the agent: > rm -f /var/lib/puppet/ssl/certs/puppetmaster.site.pem > puppet agent -t > > Error: Try 'puppet help ca list' for usage > > I have tried following said instructions which did not work at all. > Eventually I was able to build it down to the following steps to regenerate > the certificate store: > # service puppetmaster stop > # service puppetdb stop > # service puppet stop > # find $(puppet master --configprint ssldir) -name "$(puppet master > --configprint certname).pem" -delete > # rm -rf /var/lib/puppet/ssl > # puppet master --no-daemonize --debug --verbose --trace (kill it when it > says "starting puppet") > # /usr/sbin/puppetdb-ssl-setup > # service puppetmaster start > # puppet ca list --all (lists the certs installed) > # service puppetdb start > # puppet ca list --all (prints error message above with new fingerprint) > > The master is running Fedora 16 with Puppet 3.0.1 (along with PuppetDB > 1.0.2 and Puppet Dashboard). I realize that the solution is only made more > difficult by the inclusion of db and dashboard, but the project scope grew > too quickly and resulted in attempts to combine services. I am out of ideas > save for re-installing the service; after messing with this install for so > long, I doubt many people here will want to support this decision. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/TAiF-VnimOgJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
