Silviu, That fixed it. I had assumed removing the .pem file ( /etc/puppet/ssl/certs/client.hostname.pem ) would be enough but removing the whole directory was the answer
Thanks very much Paul 2009/12/15 Silviu Paragina <sil...@paragina.ro> > This looks a lot like this problem: > http://projects.reductivelabs.com/issues/2890 > Have you tried rm -rf /etc/puppet/ssl on the client? Or you are avoiding > exactly that? > In 0.25.1 puppet seems to force the usage of the cached certificates > despite the fact that some of the data may be wrong, so you should try > to clean the ca certificate (in case the ca certificate changed), the > certificate request and as a last resort the private key. All this is > done by the above rm. (not sure if you knew all that so that's why I'm > mentioning). > > > > Silviu > > paul matthews wrote: > > After further investigation it seems the problem exists with new > > 0.25.1 clients > > > > On the server I run:- > > puppetca --clean client.hostname > > > > On the client I run :- > > rm /etc/puppet/ssl/certs/client.hostname.pem > > > > Followed by the command that brings up the error > > > > # /opt/csw/bin/puppetd --trace --debug --test --factsync --server > > server.hostname.com <http://server.hostname.com> > > > > debug: Failed to load library 'shadow' for feature 'libshadow' > > debug: Puppet::Type::User::ProviderDirectoryservice: file > > /usr/bin/dscl does not exist > > debug: Puppet::Type::User::ProviderPw: file pw does not exist > > debug: Failed to load library 'ldap' for feature 'ldap' > > debug: Puppet::Type::User::ProviderLdap: feature ldap is missing > > debug: /File[/var/puppet/run/puppetd.pid]: Autorequiring > > File[/var/puppet/run] > > debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring > > File[/etc/puppet/ssl] > > debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring > > File[/etc/puppet/ssl] > > debug: /File[/var/puppet/lib]: Autorequiring File[/var/puppet] > > debug: /File[/etc/puppet/ssl/private]: Autorequiring > File[/etc/puppet/ssl] > > debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring > > File[/etc/puppet/ssl] > > debug: /File[/var/puppet/clientbucket]: Autorequiring File[/var/puppet] > > debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet] > > debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring > > File[/etc/puppet/ssl/certs] > > debug: /File[/var/puppet/run]: Autorequiring File[/var/puppet] > > debug: /File[/var/puppet/log]: Autorequiring File[/var/puppet] > > debug: /File[/etc/puppet/ssl/private_keys/client.hostname.com.pem]: > > Autorequiring File[/etc/puppet/ssl/private_keys] > > debug: /File[/var/puppet/state/graphs]: Autorequiring > > File[/var/puppet/state] > > debug: /File[/var/puppet/state]: Autorequiring File[/var/puppet] > > debug: /File[/var/puppet/facts]: Autorequiring File[/var/puppet] > > debug: /File[/var/puppet/client_yaml]: Autorequiring File[/var/puppet] > > debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/ssl] > > debug: /File[/etc/puppet/ssl/public_keys/client.hostname.com.pem]: > > Autorequiring File[/etc/puppet/ssl/public_keys] > > debug: Finishing transaction 75308830 with 0 changes > > debug: Using cached certificate for ca > > warning: peer certificate won't be verified in this SSL session > > debug: Using cached certificate_request for client.hostname.com > > <http://client.hostname.com> > > debug: Using cached certificate for ca > > warning: peer certificate won't be verified in this SSL session > > debug: Using cached certificate for ca > > warning: peer certificate won't be verified in this SSL session > > Exiting; no certificate found and waitforcert is disabled > > > > I'm afraid it has me really stumped for ideas though > > > > Paul > > > > 2009/12/14 paul matthews <paulsmatth...@googlemail.com > > <mailto:paulsmatth...@googlemail.com>> > > > > Thanks Ohad for pointing this out - schoolboy error on my part. > > Unfortunately, this has not fixed things - both server and client > > are running 25.1. > > Do you know of anything else that may be causing this > > > > Thanks > > Paul > > > > 2009/12/14 Ohad Levy <ohadl...@gmail.com <mailto:ohadl...@gmail.com > >> > > > > server must be newer or equal to the clients...... > > > > Ohad > > > > On Mon, Dec 14, 2009 at 7:36 PM, paul matthews > > <paulsmatth...@googlemail.com > > <mailto:paulsmatth...@googlemail.com>> wrote: > > > > Hi, > > I'm not too sure why this has cropped up after working > > fine for months but on new clients I get the following > > errors:- > > Thanks > > # puppetd --test > > warning: peer certificate won't be verified in this SSL > > session > > warning: peer certificate won't be verified in this SSL > > session > > warning: peer certificate won't be verified in this SSL > > session > > Exiting; no certificate found and waitforcert is disabled > > > > Most of the articles I've read suggest a much earlier bug. > > As it's a closed test environment I've set autosign = > > true in /etc/puppet.conf > > > > Does anyone know how I get round this. Clients are running > > 0.25.1, server = 0.24.8 > > > > Thanks > > Paul > > > > > > -- > > Paul Matthews > > > ---------------------------------------------------------------------- > > > > -- > > > > You received this message because you are subscribed to > > the Google Groups "Puppet Users" group. > > To post to this group, send email to > > puppet-users@googlegroups.com > > <mailto:puppet-users@googlegroups.com>. > > To unsubscribe from this group, send email to > > > > puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com> > > > > <mailto:puppet-users%2bunsubscr...@googlegroups.com<puppet-users%252bunsubscr...@googlegroups.com> > >. > > For more options, visit this group at > > http://groups.google.com/group/puppet-users?hl=en. > > > > > > -- > > > > You received this message because you are subscribed to the > > Google Groups "Puppet Users" group. > > To post to this group, send email to > > puppet-users@googlegroups.com > > <mailto:puppet-users@googlegroups.com>. > > To unsubscribe from this group, send email to > > > > puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com> > > > > <mailto:puppet-users%2bunsubscr...@googlegroups.com<puppet-users%252bunsubscr...@googlegroups.com> > >. > > For more options, visit this group at > > http://groups.google.com/group/puppet-users?hl=en. > > > > > > > > > > -- > > Paul Matthews > > > ---------------------------------------------------------------------- > > > > > > > > > > -- > > Paul Matthews > > ---------------------------------------------------------------------- > > > > -- > > > > You received this message because you are subscribed to the Google > > Groups "Puppet Users" group. > > To post to this group, send email to puppet-us...@googlegroups.com. > > To unsubscribe from this group, send email to > > puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com> > . > > For more options, visit this group at > > http://groups.google.com/group/puppet-users?hl=en. > > -- > > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > > -- Paul Matthews ---------------------------------------------------------------------- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
