Steve, Do you, perchance, have multiple puppet masters in play?
On Wed, Mar 19, 2014 at 9:58 AM, jcbollinger <[email protected]> wrote: > > > On Tuesday, March 18, 2014 10:25:02 AM UTC-5, [email protected] wrote: >> >> These are not new nodes but not old either, only a few months. The >> date/time is correct. The DNS is correct. I have not manually set >> certificate lifetimes to be shorter than the default. However sometimes >> these nodes might not check in for a few days. >> >> This was recently a big problem as the cert for the puppetdb server was >> revoked. >> >> How can I get more information about the revocation? >> > > > You could start by giving us more information. Specifically, the actual > messages that lead you to conclude that certificates have been revoked. > > You could also look at the Puppet CA's data files in /var/lib/puppet/ssl/ca, > or something like that. The inventory of current certificates and the CRL > should both be there. > > > Is there any chance that your nodes' timekeeping is inconsistent? That can > happen with VMs, for instance. If your nodes do not agree fairly closely > with the master with respect to the current date and time of day then that > can prevent successful SSL handshaking. > > > John > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/40e1eea2-50c5-435a-adcd-b6d6b3ce1912%40googlegroups.com. > > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMM%2BeSUCa5ioWc9HCVijNg3pp6K-agQW6hpvDjsCfrKgeChT3g%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
