I removed ssldir from clients and ran the puppetca --clean from the server. It ran fine finally. Now I am stuck on where client complains that 'certificate verify failed" I dont know what to do now?
On Fri, Dec 30, 2011 at 11:42 AM, Aaron Grewell <aaron.grew...@gmail.com>wrote: > Did you remove the ssldir on the server or the client? Usually to > completely reset the cert you run clean on the server, remove the > contents of the ssldir on the client, then re-run puppet and it should > rebuild the cert. I wouldn't recommend removing the ssldir on the > server except as a last resort, otherwise you'll have to rebuild all > your client certs. > > If that's what you already did, make sure that your ssldir and its > contents are owned by user & group puppet as well. > > On Fri, Dec 30, 2011 at 8:02 AM, Mohammad Khan <makhan...@gmail.com> > wrote: > > Do I need to make any changes to server or delete sl info on the server. > I > > am still getting the certificate verify failed error on clients? > > > > > > On Fri, Dec 30, 2011 at 8:54 AM, Mohammad Khan <makhan...@gmail.com> > wrote: > >> > >> I was able to sign the certificate to the client but still I am getting > >> this error now on the > >> client: > >> > >> Client puppet-agent[15030]: Starting Puppet client version 2.6.12 > >> Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve catalog > >> from remote server: certificate verify failed > >> Dec 30 08:52:52 Client puppet-agent[15030]: Using cached catalog > >> Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve catalog; > >> skipping run > >> > >> > >> > >> > >> On Fri, Dec 30, 2011 at 8:26 AM, Mohammad Khan <makhan...@gmail.com> > >> wrote: > >>> > >>> I have gone little further nowwhat I have done is to delete the ssl > >>> folder from one of the client and ran this command on server: puppetca > >>> --clean clientname > >>> it has generated new certificate but in the end I get the same error: > >>> > >>> err: Could not call revoke: Cannot convert into OpenSSL::BN > >>> Further more when i restart the agent from the client now I get this > >>> message under server message log: client has a waiting certificate > request > >>> Under my client message log: > >>> hostname puppet-agent[13385]: Did not receive certificate > >>> > >>> > >>> > >>> > >>> On Fri, Dec 30, 2011 at 7:36 AM, Mohammad Khan <makhan...@gmail.com> > >>> wrote: > >>>> > >>>> I have tried to deleted the ssl folder under puppet. And then tried to > >>>> clean the certificate from the server but did not work. > >>>> #puppetca --clean hostname > >>>> notice: Revoked certificate with serial # Inventory of signed > >>>> certificates > >>>> # SERIAL NOT_BEFORE NOT_AFTER SUBJECT > >>>> > >>>> > >>>> err: Could not call revoke: Cannot convert into OpenSSL::BN > >>>> > >>>> > >>>> > >>>> On Fri, Dec 30, 2011 at 7:23 AM, Mohammad Khan <makhan...@gmail.com> > >>>> wrote: > >>>>> > >>>>> Thanks guys; I am getting closer but still some errors. I am getting > >>>>> these errors now. > >>>>> Starting Puppet client version 2.6.12 > >>>>> Dec 30 07:20:40 puppet puppet-agent[19918]: Could not retrieve > catalog > >>>>> from remote server: Retrieved certificate does not match private > key; please > >>>>> remove certificate from server and regenerate it with the current key > >>>>> Dec 30 07:20:40 server puppet-agent[19918]: Using cached catalog > >>>>> Dec 30 07:20:40 server puppet-agent[19918]: Could not retrieve > catalog; > >>>>> skipping run > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> On Fri, Dec 30, 2011 at 2:31 AM, Bernd Adamowicz > >>>>> <bernd.adamow...@esailors.de> wrote: > >>>>>> > >>>>>> I'm pretty sure that, besides the other answers already provided, > your > >>>>>> main problem is the wrong user for your Puppet configuration. It > should be > >>>>>> user 'puppet' and not 'root'. That's how '/etc/puppet' should look > like: > >>>>>> > >>>>>> drwxr-xr-x 5 puppet puppet 4.0K Dec 12 17:48 . > >>>>>> drwxr-xr-x 79 root root 12K Dec 26 04:03 .. > >>>>>> -rw-r--r-- 1 puppet puppet 3.1K Dec 12 17:48 auth.conf > >>>>>> drwxr-xr-x 6 puppet puppet 4.0K Dec 12 17:48 environments > >>>>>> drwxr-xr-x 3 puppet puppet 4.0K Dec 12 17:48 manifests > >>>>>> -rw-r--r-- 1 puppet puppet 838 Dec 12 17:48 namespaceauth.conf > >>>>>> -rw-r--r-- 1 puppet puppet 1.8K Dec 12 17:48 puppet.conf > >>>>>> drwxr-xr-x 6 puppet puppet 4.0K Dec 30 08:20 .svn > >>>>>> > >>>>>> So a command like 'chown -R puppet:puppet /etc/puppet' issued as > >>>>>> 'root' should solve your main problem which is the 'Permission > denied' error > >>>>>> as well as the non starting Puppet process. > >>>>>> > >>>>>> Bernd > >>>>>> > >>>>>> > -----Ursprüngliche Nachricht----- > >>>>>> > Von: puppet-users@googlegroups.com [mailto:puppet- > >>>>>> > us...@googlegroups.com] Im Auftrag von Khan > >>>>>> > Gesendet: Donnerstag, 29. Dezember 2011 17:37 > >>>>>> > An: Puppet Users > >>>>>> > Betreff: [Puppet Users] Puppetserver error > >>>>>> > > >>>>>> > Hello everyone, > >>>>>> > I am new to puppet. I have installed on redhat Enterprise 5and > seems > >>>>>> > to be working fine. Couple days ago I was testing some permissions > >>>>>> > on / > >>>>>> > etc folder and applied 600 /etc and sub folders. Although I have > >>>>>> > reverted the permission but I am having issues on puppetmaster. > >>>>>> > Currently I have these permission on etc 755 and puppet folder: > >>>>>> > my /etc folder is 755 and puppet folder with tese permsions: > >>>>>> > > >>>>>> > -rw-r--r-- 1 root root 2346 May 8 2010 auth.conf > >>>>>> > -rw-r--r-- 1 root root 419 May 19 2010 fileserver.conf > >>>>>> > drwxr-xr-x 3 root root 4096 Dec 23 10:48 manifests > >>>>>> > drwxr-xr-x 21 root root 4096 Oct 22 2010 modules > >>>>>> > -rw-r--r-- 1 root root 980 May 27 2010 puppet.conf > >>>>>> > -rw-r--r-- 1 root root 855 May 17 2010 puppet.conf.rpmnew > >>>>>> > > >>>>>> > I am getting these error in the log: > >>>>>> > > >>>>>> > puppet-master[3519]: Could not parse for environment production: > >>>>>> > Permission denied - /etc/puppet/manifests/classes/sysctl.pp at > /etc/ > >>>>>> > puppet/manifests/site.pp:3 on node client1 > >>>>>> > > >>>>>> > Dec 27 14:25:46 server puppet-master[3519]: Could not parse for > >>>>>> > environment production: Permission denied - /etc/puppet/manifests/ > >>>>>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node > client2 > >>>>>> > > >>>>>> > Dec 27 14:27:15 server puppet-master[3519]: Could not parse for > >>>>>> > environment production: Permission denied - /etc/puppet/manifests/ > >>>>>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node > client3 > >>>>>> > > >>>>>> > Dec 27 14:27:15 server puppet-master[3519]: Could not parse for > >>>>>> > environment production: Permission denied - /etc/puppet/manifests/ > >>>>>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node > client4 > >>>>>> > > >>>>>> > Dec 27 14:27:15 server puppet-agent[10407]: Could not retrieve > >>>>>> > catalog > >>>>>> > from remote server: Error 400 on SERVER: Could not parse for > >>>>>> > environment production: Permission denied - /etc/puppet/manifests/ > >>>>>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node > server > >>>>>> > Any Help will be greatly appreciated. > >>>>>> > > >>>>>> > -- > >>>>>> > You received this message because you are subscribed to the Google > >>>>>> > Groups "Puppet Users" group. > >>>>>> > To post to this group, send email to > puppet-users@googlegroups.com. > >>>>>> > To unsubscribe from this group, send email to puppet- > >>>>>> > users+unsubscr...@googlegroups.com. > >>>>>> > For more options, visit this group at > >>>>>> > http://groups.google.com/group/puppet-users?hl=en. > >>>>>> > >>>>>> -- > >>>>>> You received this message because you are subscribed to the Google > >>>>>> Groups "Puppet Users" group. > >>>>>> To post to this group, send email to puppet-users@googlegroups.com. > >>>>>> To unsubscribe from this group, send email to > >>>>>> puppet-users+unsubscr...@googlegroups.com. > >>>>>> For more options, visit this group at > >>>>>> http://groups.google.com/group/puppet-users?hl=en. > >>>>>> > >>>>> > >>>>> > >>>>> > >>>>> -- > >>>>> Regards, > >>>>> Mohammad > >>>>> > >>>> > >>>> > >>>> > >>>> -- > >>>> Regards, > >>>> Mohammad > >>>> > >>> > >>> > >>> > >>> -- > >>> Regards, > >>> Mohammad > >>> > >> > >> > >> > >> -- > >> Regards, > >> Mohammad > >> > > > > > > > > -- > > Regards, > > Mohammad > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Puppet Users" group. > > To post to this group, send email to puppet-users@googlegroups.com. > > To unsubscribe from this group, send email to > > puppet-users+unsubscr...@googlegroups.com. > > For more options, visit this group at > > http://groups.google.com/group/puppet-users?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- Regards, Mohammad -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
