On Wed, 27 Jul 2011 13:58:25 -0700, Douglas Garstang wrote: > > All, > > I'm upgrading puppet clients from 0.25.5 to 2.7.1. I've rolled an RPM for > the new version, and I'm: > > 1. Stopping puppet > 2. Upgrading RPM > 3. Change the puppet master on the client to point to a new puppet master > running 2.7.1. > 3. Starting puppet > > I am seeing this in the log files on the client: > > Could not evaluate: certificate verify failed Could not retrieve file > metadata for puppet://hprov01.h.xxx.com/plugins: certificate verify failed > Jul 27 13:53:54 hsqlstor04p1-old puppet-agent[9468]: Could not retrieve > catalog from remote server: certificate verify failed > Jul 27 13:53:54 hsqlstor04p1-old puppet-agent[9468]: Using cached catalog > Jul 27 13:53:54 hsqlstor04p1-old puppet-agent[9468]: Could not send report: > certificate verify failed > Jul 27 13:53:54 hsqlstor04p1-old puppet-agent[9468]: Could not run Puppet > configuration client: interning empty string > > After stopping puppet again, removing /var/lib/puppet/ssl and restarting > puppet, all is ok. Why do I need to blow away the client side certs? I > recently upgraded 0.25.5 to 2.6.8, and I don't believe I had to do this. I > have a couple of hundred servers to upgrade, and I don't want to have to > remove all the client side ssl directories as part of the upgrade process. > > Doug. >
It sounds like you have a new server with 2.7.1, in addition to your old server. Did you copy over the master certificates to the new 2.7.1 master from the old one? If the new 2.7.1 master had generated a new certificate, I would expect to get the errors you're seeing. -- Jacob Helwig ,---- | Join us for PuppetConf, September 22nd and 23rd in Portland, OR | http://bit.ly/puppetconfsig `----
signature.asc
Description: Digital signature
