On Wed, Jul 27, 2011 at 2:01 PM, Jacob Helwig <ja...@puppetlabs.com> wrote:
> On Wed, 27 Jul 2011 13:58:25 -0700, Douglas Garstang wrote: > > > > All, > > > > I'm upgrading puppet clients from 0.25.5 to 2.7.1. I've rolled an RPM for > > the new version, and I'm: > > > > 1. Stopping puppet > > 2. Upgrading RPM > > 3. Change the puppet master on the client to point to a new puppet master > > running 2.7.1. > > 3. Starting puppet > > > > I am seeing this in the log files on the client: > > > > Could not evaluate: certificate verify failed Could not retrieve file > > metadata for puppet://hprov01.h.xxx.com/plugins: certificate verify > failed > > Jul 27 13:53:54 hsqlstor04p1-old puppet-agent[9468]: Could not retrieve > > catalog from remote server: certificate verify failed > > Jul 27 13:53:54 hsqlstor04p1-old puppet-agent[9468]: Using cached catalog > > Jul 27 13:53:54 hsqlstor04p1-old puppet-agent[9468]: Could not send > report: > > certificate verify failed > > Jul 27 13:53:54 hsqlstor04p1-old puppet-agent[9468]: Could not run Puppet > > configuration client: interning empty string > > > > After stopping puppet again, removing /var/lib/puppet/ssl and restarting > > puppet, all is ok. Why do I need to blow away the client side certs? I > > recently upgraded 0.25.5 to 2.6.8, and I don't believe I had to do this. > I > > have a couple of hundred servers to upgrade, and I don't want to have to > > remove all the client side ssl directories as part of the upgrade > process. > > > > Doug. > > > > It sounds like you have a new server with 2.7.1, in addition to your old > server. Did you copy over the master certificates to the new 2.7.1 > master from the old one? > > If the new 2.7.1 master had generated a new certificate, I would expect > to get the errors you're seeing. > > I do. I guess I had assumed, wrongly apparently, that a client could have knowledge of multiple servers. Doug. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
