Per the mcollective deploy docs, I'm trying to use 'puppet certificate generate' to send a csr for one user. Puppet tries to generate a csr for the host as well as the user. There are tickets.
https://tickets.puppetlabs.com/browse/PUP-2018 https://tickets.puppetlabs.com/browse/PUP-3178 Has anybody managed to work around this with the command line tools? I could probably manually copy the csr around and have it work but I would prefer something a bit more automated. More details, same as tickets (xarg is the fake username in question, same result if I use $USER): $ puppet certificate generate --ssldir .n --ca-location remote --ca_server puppetmaster1.mycompany.com xarg Error: The certificate retrieved from the master does not match the agent's private key. Certificate fingerprint: 01:0A:B5:D7:88:B2:81:A0:49:66:29:DC:1C:50:61:86:FA:28:A9:48:0B:87:84:E1:9A:5D:B1:1C:A1:CF:58:55 To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate. On the master: puppet cert clean myhost.mycompany.com On the agent: rm -f /home/cwood/.n/certs/myhost.mycompany.com.pem puppet agent -t Error: Try 'puppet help certificate generate' for usage $ find .n -type f | sort .n/certs/ca.pem .n/certs/myhost.mycompany.com.pem .n/private_keys/myhost.mycompany.com.pem .n/private_keys/xarg.pem .n/public_keys/myhost.mycompany.com.pem .n/public_keys/xarg.pem The command line probably worked for the author of this document, and the prompt indicates a non-root user: https://docs.puppetlabs.com/mcollective/deploy/standard.html#example-client-onboarding-process I tried the node* parameters here, but they didn't change the result: https://docs.puppetlabs.com/references/stable/configuration.html -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20140924151055.GA28345%40iniquitous.heresiarch.ca. For more options, visit https://groups.google.com/d/optout.
