On 04/11/2011 12:20 AM, Douglas Garstang wrote: > I don't know what it is with puppet's certificates, but once again, they > are behaving strangely. > > Client is reporting: > debug: Using cached certificate for auth01.fre.livegamer.com > <http://auth01.fre.livegamer.com> > /usr/lib/ruby/site_ruby/1.8/puppet/ssl/host.rb:166:in `certificate' > /usr/lib/ruby/site_ruby/1.8/puppet/ssl/host.rb:227:in `wait_for_cert' > /usr/lib/ruby/site_ruby/1.8/puppet/application/agent.rb:194:in `setup_host' > /usr/lib/ruby/site_ruby/1.8/puppet/application/agent.rb:257:in `setup' > /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:286:in `run' > /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:393:in `exit_on_fail' > /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:286:in `run' > /usr/sbin/puppetd:4 > err: Could not request certificate: Retrieved certificate does not match > private key; please remove certificate from server and regenerate it > with the current key > > I: > Stopped puppet on client > Removed /var/lib/puppet on client > Cleaned certificate on server > Restarted server > Started puppet on client > > and again it occurs. It doesn't happen every time, but often does after > the first install of a new system. Also, puppet will be part way through > it's process, and then report the certificates are not valid. Performing > the above steps _usually_ fixes it.
Hi, this sounds weird. Are you sure you're not loosing the key on your agents somehow? If so, you may want to establish logging like "once an hour, dump a hash of my priv key to syslog". You're either loosing your key, or the certificates on your master get replaced somehow at some point. Which would be equally startling. HTH, Felix -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
