> I still say the problem is more likely with the master than with the > agent. My working hypothesis is that when you upgraded the master to v3.2 > you broke its certificate-signing functionality. Supposing that the > master's CA certificate was carried over during the upgrade, clients that > already have certificates don't need new certs, so they continue to work. > (And if the CA cert had not been carried over then all existing clients > would have needed new certs.) New clients do need signed certs before they > can retrieve catalogs, however, so the clients you are trying to deploy now > do not work. By this logic, no new client deployment will work against > this master, whether it's Puppet3/Cent6, Puppet2/Cent5, or even > Puppet3/Cent5. It is therefore irrelevant how similar your new client > systems are to the ones already in operation. >
Curious, how could I break the CA certificate-signing functionality by upgrading? Wouldn't that be a bug in the upgrade process? I can install a fresh version of Puppet and see if that works - but, I have too many nodes and thus I need to retain the current certificates that are signed. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
