Make sure the time matches on master and agent. The issue CRL is not yet valid for indicates that the time between the Puppet-agent and the Puppetmaster is out of sync <https://www.jethrocarr.com/2013/10/20/puppet-crl-time-errors/>. Sync the time (NTP). Remove the certificate from the Puppet-agent and Puppetmaster as well and run Puppet on the agent.
On Friday, 10 February 2012 00:41:45 UTC-7, Romeo Theriault wrote: > > Hi Felix, thanks for your response to my question. It's taken me a > while to get back to this issue but I finally figured it out tonight. > I had a old puppetd process running in the background (I'd since moved > to using cron to call puppet) that must have been holding open it's > old cert files, etc... After I killed the old puppetd process > everyting is working as it should. (i.e. no more errors and the > correct puppet process is still running as it should). > > Thanks, > > Romeo > > On Mon, Jan 30, 2012 at 07:55, Felix Frank > <[email protected] <javascript:>> wrote: > > Hi, > > > > concerning your question why everything seems to work pretty well: > > > > On 01/27/2012 04:59 AM, Romeo Theriault wrote: > >> Jan 26 17:09:41 ppt01 puppet-agent[27357]: Using cached catalog > > > > Your agent is using a cached catalog. > > > > puppet agent --test should fail. Also, changing the manifest for this > > node should not have any effect until you resolve this problem. > > > > My guess is that the agent has an old master certificate stored or > > somesuch. For some reason it regards your current master cert as invalid. > > > > The simplest approach may be to scrutinize the local /var/lib/puppet/ssl > > for certificates that match your master's FQDN (perhaps "puppet"). If > > you find several, use "openssl x509" to find out how they differ. > > > > HTH, > > Felix > > > > -- > > You received this message because you are subscribed to the Google > Groups "Puppet Users" group. > > To post to this group, send email to [email protected] > <javascript:>. > > To unsubscribe from this group, send email to > [email protected] <javascript:>. > > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > > > -- > Romeo > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/ab696df4-33d5-4b79-920b-20d412cded62%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
