FWIW, the following seems to have fixed it: mv /var/lib/puppet/ssl /var/tmp mkdir /var/lib/puppet/ssl chmod 700 /var/lib/puppet/ssl /etc/init.d/puppetmaster start
I also had to move the ssl dir for all the clients, and resign things. -Robin On Wed, Aug 12, 2009 at 10:07:30AM -0700, Robin Lee Powell wrote: > > Everything I pasted was being run as root; I was logged in as root > at the time. > > Oh, and: it gets better. I stopped the puppetmaster, and now can't > start it: > > $ puppetca --clean chain.digitalkingdom.org > Removing /var/lib/puppet/ssl/ca/signed/chain.digitalkingdom.org.pem > Removing /var/lib/puppet/ssl/public_keys/chain.digitalkingdom.org.pem > Removing /var/lib/puppet/ssl/private_keys/chain.digitalkingdom.org.pem > $ puppetca --clean chain.digitalkingdom.org > Could not find client certificate or request for chain.digitalkingdom.org > $ /etc/init.d/puppetmaster start > Starting puppet configuration management tool master serverCertificate does > not match private key. Try 'puppetca --clean chain.digitalkingdom.org' on > the server. > failed! > $ puppetca --clean chain.digitalkingdom.org > Removing /var/lib/puppet/ssl/ca/signed/chain.digitalkingdom.org.pem > Removing /var/lib/puppet/ssl/public_keys/chain.digitalkingdom.org.pem > Removing /var/lib/puppet/ssl/private_keys/chain.digitalkingdom.org.pem > > -Robin > > On Wed, Aug 12, 2009 at 05:06:36PM +0300, Silviu Paragina wrote: > > > > > > This happens a lot for me. For the Ubuntu distro this happens when > > I don't run via root/puppet. Usualy it's beacause the current user > > doesn't have access to the certificates. Try a sudo puppetd --test > > or sudo puppetd -tv if you wish. I'm guessing that it's you case > > too. I get the same error when running without sudo (or init > > scripts), and thow I recreate the certificate nothing happens. > > > > > > > > Silviu > > > > On Wed, 12 Aug 2009 01:03:02 -0700, Robin Lee Powell > > <[email protected]> wrote: > > > This is me trying to get my puppetmaster to work also as a client. > > > I used to work, then I cleaned out all the certs by accident. -_- > > > > > > I can't find anything in the list about exactly this issue. Help, > > > please? > > > > > > $ puppetd -tv > > > warning: peer certificate won't be verified in this SSL session > > > err: Could not request certificate: Certificate does not match private > > key. > > > Try 'puppetca --clean chain.digitalkingdom.org' on the server. > > > $ puppetca --clean chain.digitalkingdom.org > > > Removing /var/lib/puppet/ssl/ca/signed/chain.digitalkingdom.org.pem > > > Removing /var/lib/puppet/ssl/public_keys/chain.digitalkingdom.org.pem > > > Removing /var/lib/puppet/ssl/private_keys/chain.digitalkingdom.org.pem > > > $ puppetca --list > > > No certificates to sign > > > $ puppetd -tv > > > warning: peer certificate won't be verified in this SSL session > > > notice: Did not receive certificate > > > notice: Set to run 'one time'; exiting with no certificate > > > $ puppetca --list > > > chain.digitalkingdom.org > > > $ puppetca --sign chain.digitalkingdom.org > > > Signed chain.digitalkingdom.org > > > $ puppetca --list > > > No certificates to sign > > > $ puppetd -tv > > > warning: peer certificate won't be verified in this SSL session > > > info: Creating a new SSL key at > > > /var/lib/puppet/ssl/private_keys/chain.digitalkingdom.org.pem > > > err: Could not request certificate: Certificate does not match private > > key. > > > Try 'puppetca --clean chain.digitalkingdom.org' on the server. > > > > > > -Robin > > > > > > > > > -- > They say: "The first AIs will be built by the military as weapons." > And I'm thinking: "Does it even occur to you to try for something > other than the default outcome?" See http://shrunklink.com/cdiz > http://www.digitalkingdom.org/~rlpowell/ *** http://www.lojban.org/ > > > > -- They say: "The first AIs will be built by the military as weapons." And I'm thinking: "Does it even occur to you to try for something other than the default outcome?" See http://shrunklink.com/cdiz http://www.digitalkingdom.org/~rlpowell/ *** http://www.lojban.org/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
