Oops. Replying to my own post, after re-reading one of the messages in this group a few more times (http://groups.google.com/group/puppet- users/msg/559819ffc956337e) while waiting for my experiments to run I finally realised that it's relevant to my too.
It turned out that the $fileserver and $urlbase were still pointing to the other server (ds501). So I think what happened is that ds502 got the certificate request, I signed it, then the puppet clients accessed it, got hold of the manifests and even the templates, but they tried to fetch the files from ds501 (the "working" server) which didn't recognise the client certificate and refused access. Once we fixed $fileserver to point to the right server things started dancing again. TAKE AWAY from this (and other tackles by puppet problems): PLEASE make it clear in the log messages where they are coming from and what they complain about - is this error printed bythe puppet master? the puppet client? Which host name? What string did it see in the certificate vs. what did it expect? Thanks. --Amos --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
