Do I need to make any changes to server or delete sl info on the server. I am still getting the certificate verify failed error on clients?
On Fri, Dec 30, 2011 at 8:54 AM, Mohammad Khan <makhan...@gmail.com> wrote: > I was able to sign the certificate to the client but still I am getting > this error now on the > client: > > Client puppet-agent[15030]: Starting Puppet client version 2.6.12 > Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve catalog > from remote server: certificate verify failed > Dec 30 08:52:52 Client puppet-agent[15030]: Using cached catalog > Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve catalog; > skipping run > > > > > On Fri, Dec 30, 2011 at 8:26 AM, Mohammad Khan <makhan...@gmail.com>wrote: > >> I have gone little further nowwhat I have done is to delete the ssl >> folder from one of the client and ran this command on server: puppetca >> --clean clientname >> it has generated new certificate but in the end I get the same error: >> >> err: Could not call revoke: Cannot convert into OpenSSL::BN >> Further more when i restart the agent from the client now I get this >> message under server message log: client has a waiting certificate request >> Under my client message log: >> hostname puppet-agent[13385]: Did not receive certificate >> >> >> >> >> On Fri, Dec 30, 2011 at 7:36 AM, Mohammad Khan <makhan...@gmail.com>wrote: >> >>> I have tried to deleted the ssl folder under puppet. And then tried to >>> clean the certificate from the server but did not work. >>> #puppetca --clean hostname >>> notice: Revoked certificate with serial # Inventory of signed >>> certificates >>> # SERIAL NOT_BEFORE NOT_AFTER SUBJECT >>> >>> >>> err: Could not call revoke: Cannot convert into OpenSSL::BN >>> >>> >>> >>> On Fri, Dec 30, 2011 at 7:23 AM, Mohammad Khan <makhan...@gmail.com>wrote: >>> >>>> Thanks guys; I am getting closer but still some errors. I am getting >>>> these errors now. >>>> Starting Puppet client version 2.6.12 >>>> Dec 30 07:20:40 puppet puppet-agent[19918]: Could not retrieve catalog >>>> from remote server: Retrieved certificate does not match private key; >>>> please remove certificate from server and regenerate it with the current >>>> key >>>> Dec 30 07:20:40 server puppet-agent[19918]: Using cached catalog >>>> Dec 30 07:20:40 server puppet-agent[19918]: Could not retrieve catalog; >>>> skipping run >>>> >>>> >>>> >>>> >>>> On Fri, Dec 30, 2011 at 2:31 AM, Bernd Adamowicz < >>>> bernd.adamow...@esailors.de> wrote: >>>> >>>>> I'm pretty sure that, besides the other answers already provided, your >>>>> main problem is the wrong user for your Puppet configuration. It should be >>>>> user 'puppet' and not 'root'. That's how '/etc/puppet' should look like: >>>>> >>>>> drwxr-xr-x 5 puppet puppet 4.0K Dec 12 17:48 . >>>>> drwxr-xr-x 79 root root 12K Dec 26 04:03 .. >>>>> -rw-r--r-- 1 puppet puppet 3.1K Dec 12 17:48 auth.conf >>>>> drwxr-xr-x 6 puppet puppet 4.0K Dec 12 17:48 environments >>>>> drwxr-xr-x 3 puppet puppet 4.0K Dec 12 17:48 manifests >>>>> -rw-r--r-- 1 puppet puppet 838 Dec 12 17:48 namespaceauth.conf >>>>> -rw-r--r-- 1 puppet puppet 1.8K Dec 12 17:48 puppet.conf >>>>> drwxr-xr-x 6 puppet puppet 4.0K Dec 30 08:20 .svn >>>>> >>>>> So a command like 'chown -R puppet:puppet /etc/puppet' issued as >>>>> 'root' should solve your main problem which is the 'Permission denied' >>>>> error as well as the non starting Puppet process. >>>>> >>>>> Bernd >>>>> >>>>> > -----Ursprüngliche Nachricht----- >>>>> > Von: puppet-users@googlegroups.com [mailto:puppet- >>>>> > us...@googlegroups.com] Im Auftrag von Khan >>>>> > Gesendet: Donnerstag, 29. Dezember 2011 17:37 >>>>> > An: Puppet Users >>>>> > Betreff: [Puppet Users] Puppetserver error >>>>> > >>>>> > Hello everyone, >>>>> > I am new to puppet. I have installed on redhat Enterprise 5and seems >>>>> > to be working fine. Couple days ago I was testing some permissions >>>>> on / >>>>> > etc folder and applied 600 /etc and sub folders. Although I have >>>>> > reverted the permission but I am having issues on puppetmaster. >>>>> > Currently I have these permission on etc 755 and puppet folder: >>>>> > my /etc folder is 755 and puppet folder with tese permsions: >>>>> > >>>>> > -rw-r--r-- 1 root root 2346 May 8 2010 auth.conf >>>>> > -rw-r--r-- 1 root root 419 May 19 2010 fileserver.conf >>>>> > drwxr-xr-x 3 root root 4096 Dec 23 10:48 manifests >>>>> > drwxr-xr-x 21 root root 4096 Oct 22 2010 modules >>>>> > -rw-r--r-- 1 root root 980 May 27 2010 puppet.conf >>>>> > -rw-r--r-- 1 root root 855 May 17 2010 puppet.conf.rpmnew >>>>> > >>>>> > I am getting these error in the log: >>>>> > >>>>> > puppet-master[3519]: Could not parse for environment production: >>>>> > Permission denied - /etc/puppet/manifests/classes/sysctl.pp at /etc/ >>>>> > puppet/manifests/site.pp:3 on node client1 >>>>> > >>>>> > Dec 27 14:25:46 server puppet-master[3519]: Could not parse for >>>>> > environment production: Permission denied - /etc/puppet/manifests/ >>>>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client2 >>>>> > >>>>> > Dec 27 14:27:15 server puppet-master[3519]: Could not parse for >>>>> > environment production: Permission denied - /etc/puppet/manifests/ >>>>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client3 >>>>> > >>>>> > Dec 27 14:27:15 server puppet-master[3519]: Could not parse for >>>>> > environment production: Permission denied - /etc/puppet/manifests/ >>>>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client4 >>>>> > >>>>> > Dec 27 14:27:15 server puppet-agent[10407]: Could not retrieve >>>>> catalog >>>>> > from remote server: Error 400 on SERVER: Could not parse for >>>>> > environment production: Permission denied - /etc/puppet/manifests/ >>>>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node server >>>>> > Any Help will be greatly appreciated. >>>>> > >>>>> > -- >>>>> > You received this message because you are subscribed to the Google >>>>> > Groups "Puppet Users" group. >>>>> > To post to this group, send email to puppet-users@googlegroups.com. >>>>> > To unsubscribe from this group, send email to puppet- >>>>> > users+unsubscr...@googlegroups.com. >>>>> > For more options, visit this group at >>>>> > http://groups.google.com/group/puppet-users?hl=en. >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Puppet Users" group. >>>>> To post to this group, send email to puppet-users@googlegroups.com. >>>>> To unsubscribe from this group, send email to >>>>> puppet-users+unsubscr...@googlegroups.com. >>>>> For more options, visit this group at >>>>> http://groups.google.com/group/puppet-users?hl=en. >>>>> >>>>> >>>> >>>> >>>> -- >>>> Regards, >>>> Mohammad >>>> >>>> >>> >>> >>> -- >>> Regards, >>> Mohammad >>> >>> >> >> >> -- >> Regards, >> Mohammad >> >> > > > -- > Regards, > Mohammad > > -- Regards, Mohammad -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
