Arrgh. The clock on the client was 24 hours slow. But... I wonder why
that happens when the certificate is valid from
Validity
Not Before: Jul 13 13:51:08 2010 GMT
Not After : Jul 12 13:51:08 2015 GMT
Doug.
On Tue, Aug 24, 2010 at 6:22 PM, Douglas Garstang
<doug.garst...@gmail.com> wrote:
> Oh my god.... what is this?
>
> Getting this on first boot of new client.
> Aug 24 01:11:09 app03 puppet-agent[5392]: Reopening log files
> Aug 24 01:11:09 app03 puppet-agent[5392]: Could not request
> certificate: Neither PUB key nor PRIV key:: header too long
>
> I stop the client, and remove the ssl directory on the client:
>
> [r...@app03 puppet]# service puppet stop
> Stopping puppet: [ OK ]
> [r...@app03 puppet]# rm -fR /var/lib/puppet/ssl
> [r...@app03 puppet]#
>
> I then go and clean the certificate on the server.
>
> prov01 ~:# puppetca --clean app03.pax.livegamer.com
> notice: Revoked certificate with serial 114
> notice: Removing file Puppet::SSL::Certificate app03.pax.livegamer.com
> at '/var/lib/puppet/ssl/ca/signed/app03.pax.livegamer.com.pem'
> notice: Removing file Puppet::SSL::Certificate app03.pax.livegamer.com
> at '/var/lib/puppet/ssl/certs/app03.pax.livegamer.com.pem'
>
> I then restart puppet on the client...
>
> [r...@app03 puppet]# service puppet start
> Starting puppet: [ OK ]
>
> I then look at the log files on the client. It indicates it is waiting
> for a certificate to be signed. Actually, this is really a bug. All it
> ever says is 'Reopening log files"
>
> Aug 24 01:19:38 app03 puppet-agent[6098]: Reopening log files
>
> Anyway, now I go back to the server, and yes, there's a request waiting...
>
> prov01 ~:# puppetca --list
> app03.pax.livegamer.com
>
> I sign it...
>
> prov01 ~:# puppetca --sign app03.pax.livegamer.com
> notice: Signed certificate request for app03.pax.livegamer.com
> notice: Removing file Puppet::SSL::CertificateRequest
> app03.pax.livegamer.com at
> '/var/lib/puppet/ssl/ca/requests/app03.pax.livegamer.com.pem'
>
> I then go back to the client and restart puppet:
>
> [r...@app03 puppet]# service puppet restart
> Stopping puppet: [ OK ]
> Starting puppet: [ OK ]
>
> and I look at my log files on the client again...
>
> Aug 24 01:21:50 app03 puppet-agent[6274]: Starting Puppet client version 2.6.1
> Aug 24 01:21:50 app03 puppet-agent[6274]: Could not retrieve catalog
> from remote server: certificate verify failed
> Aug 24 01:21:50 app03 puppet-agent[6274]: Not using cache on failed catalog
> Aug 24 01:21:50 app03 puppet-agent[6274]: Could not retrieve catalog;
> skipping run
>
> What the hell is wrong???? My god this is frustrating. I've
> reinstalled this server 4 times now and this is totally reproducable.
>
> Doug.
>
--
Regards,
Douglas Garstang
http://www.linkedin.com/in/garstang
Email: doug.garst...@gmail.com
Cell: +1-805-340-5627
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
