On Mar 9, 12:03 am, Denmat <tu2bg...@gmail.com> wrote: > Hi Russell, > > On the client, verify that the ssl dir is set to /etc/puppet/ssl (check > puppet.conf). Remove the ssl dir contents. > > On server, do a 'find' on the old/new hostname in the ssl dir. Remove any > file match. > > On the client, run puppet --waitforcert 60 --server .... > > Should clear those issues. Sounds like you might have ssl in the var lib dir > maybe? >
I had already done exactly that :) For the record what bit me this time was that I was not talking to the puppet server I thought I was. Sigh... so the third thing you need to do in this sort of situation is make sure you know which server is being addressed. The problem was in /etc/resolv.conf -- at one time a bad search path got pushed out which changed what "puppet" resolved to. This was months ago and I went around and fixed this by hand but I clearly missed this box which was not in active service. Last week that changed and I started pulling my hair out. :) In the end I ran tcpdump and found out what was going on. One thing that would help in situations like this is a bit more verbose output with --test including which server you are connecting to. After getting it talking to the right server I still did not get the cert request popping up on the server until I did a sudo rm -r /etc/ puppet/* I *had* removed ss/ dir.. Who knows :) anyway hopefully this ramble may prove useful to anybody else googling for certificate problems.... -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
