I see this error all the time when I forget to sudo a puppet run. My only guess is that puppet agent is being run twice, once as root and once as ubuntu, and you're seeing the results of the second run. I'm not familiar with the node_aws stuff however, I've worked up userdata profiles to do the same bootstrapping that is done with that facility.
On Wednesday, December 12, 2012 8:56:26 PM UTC-5, jblaine wrote: > > Any light someone can shed sure would be appreciated. > > I start with 1 cert -- the master's, where I am running this: > > jblaine@ip-10-191-115-140:~$ sudo puppet cert list --all > + "ip-10-191-115-140.ec2.internal" > (74:8B:7B:EF:41:E6:F9:98:93:15:42:6A:4C:2F:28:CC) (alt names: > "DNS:ip-10-191-115-140.ec2.internal", "DNS:puppet", "DNS:puppet.ec2.internal") > > jblaine@ip-10-191-115-140:~$ > > > I have quadruple-confirmed that is the only certificate in existence in > /var/lib/puppet/ssl. > > > I create a brand new EC2 instance and bootstrap it with the Cloud Provisioner: > > > jblaine@ip-10-191-115-140:~$ puppet node_aws bootstrap --group=hadoop-nodes \ > > --keyname=jblaine --image=ami-82fa58eb --type=t1.micro \ > > --puppet-version=2.7.20 --login=ubuntu \ > > --keyfile=~/.ssh/jblaine-bld.pem \ > > --server=ip-10-191-115-140.ec2.internal --verbose > > ... > notice: Waiting for SSH response ... Done > info: Executing remote command ... > info: Executing remote command ... Done > notice: Installing Puppet ... > info: Executing remote command ... > info: Executing remote command ... Done > info: Executing remote command ... > info: Executing remote command ... Done > notice: Puppet is now installed on: ec2-23-21-34-131.compute-1.amazonaws.com > notice: No classification method selected > notice: Signing certificate ... > err: Signing certificate ... Failed > err: Signing certificate error: Could not render to pson: The certificate > retrieved from the master does not match the agent's private key. > Certificate fingerprint: E2:B3:43:ED:74:80:F7:6E:C0:3F:68:C2:95:74:40:AA > > > Say what? > > > jblaine@ip-10-191-115-140:~$ sudo puppet cert list > > jblaine@ip-10-191-115-140:~$ sudo puppet cert list --all > + > "ec2-23-21-34-131.compute-1.amazonaws.com-fc73179f-951d-88dc-9477-d4dcddc6f585" > (01:FD:22:FA:90:76:78:AF:91:90:77:69:1A:7A:41:95) > + "ip-10-191-115-140.ec2.internal" > (74:8B:7B:EF:41:E6:F9:98:93:15:42:6A:4C:2F:28:CC) (alt names: > "DNS:ip-10-191-115-140.ec2.internal", "DNS:puppet", "DNS:puppet.ec2.internal") > jblaine@ip-10-191-115-140:~$ > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
