You'll have to re-sign your node's cert using puppetca --sign <hostname>
On Fri, Dec 30, 2011 at 9:28 AM, Mohammad Khan <makhan...@gmail.com> wrote: > I removed ssldir from clients and ran the puppetca --clean from the server. > It ran fine finally. Now I am stuck on where client complains that > 'certificate verify failed" I dont know what to do now? > > > On Fri, Dec 30, 2011 at 11:42 AM, Aaron Grewell <aaron.grew...@gmail.com> > wrote: >> >> Did you remove the ssldir on the server or the client? Usually to >> completely reset the cert you run clean on the server, remove the >> contents of the ssldir on the client, then re-run puppet and it should >> rebuild the cert. I wouldn't recommend removing the ssldir on the >> server except as a last resort, otherwise you'll have to rebuild all >> your client certs. >> >> If that's what you already did, make sure that your ssldir and its >> contents are owned by user & group puppet as well. >> >> On Fri, Dec 30, 2011 at 8:02 AM, Mohammad Khan <makhan...@gmail.com> >> wrote: >> > Do I need to make any changes to server or delete sl info on the server. >> > I >> > am still getting the certificate verify failed error on clients? >> > >> > >> > On Fri, Dec 30, 2011 at 8:54 AM, Mohammad Khan <makhan...@gmail.com> >> > wrote: >> >> >> >> I was able to sign the certificate to the client but still I am getting >> >> this error now on the >> >> client: >> >> >> >> Client puppet-agent[15030]: Starting Puppet client version 2.6.12 >> >> Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve catalog >> >> from remote server: certificate verify failed >> >> Dec 30 08:52:52 Client puppet-agent[15030]: Using cached catalog >> >> Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve catalog; >> >> skipping run >> >> >> >> >> >> >> >> >> >> On Fri, Dec 30, 2011 at 8:26 AM, Mohammad Khan <makhan...@gmail.com> >> >> wrote: >> >>> >> >>> I have gone little further nowwhat I have done is to delete the ssl >> >>> folder from one of the client and ran this command on server: puppetca >> >>> --clean clientname >> >>> it has generated new certificate but in the end I get the same error: >> >>> >> >>> err: Could not call revoke: Cannot convert into OpenSSL::BN >> >>> Further more when i restart the agent from the client now I get this >> >>> message under server message log: client has a waiting certificate >> >>> request >> >>> Under my client message log: >> >>> hostname puppet-agent[13385]: Did not receive certificate >> >>> >> >>> >> >>> >> >>> >> >>> On Fri, Dec 30, 2011 at 7:36 AM, Mohammad Khan <makhan...@gmail.com> >> >>> wrote: >> >>>> >> >>>> I have tried to deleted the ssl folder under puppet. And then tried >> >>>> to >> >>>> clean the certificate from the server but did not work. >> >>>> #puppetca --clean hostname >> >>>> notice: Revoked certificate with serial # Inventory of signed >> >>>> certificates >> >>>> # SERIAL NOT_BEFORE NOT_AFTER SUBJECT >> >>>> >> >>>> >> >>>> err: Could not call revoke: Cannot convert into OpenSSL::BN >> >>>> >> >>>> >> >>>> >> >>>> On Fri, Dec 30, 2011 at 7:23 AM, Mohammad Khan <makhan...@gmail.com> >> >>>> wrote: >> >>>>> >> >>>>> Thanks guys; I am getting closer but still some errors. I am getting >> >>>>> these errors now. >> >>>>> Starting Puppet client version 2.6.12 >> >>>>> Dec 30 07:20:40 puppet puppet-agent[19918]: Could not retrieve >> >>>>> catalog >> >>>>> from remote server: Retrieved certificate does not match private >> >>>>> key; please >> >>>>> remove certificate from server and regenerate it with the current >> >>>>> key >> >>>>> Dec 30 07:20:40 server puppet-agent[19918]: Using cached catalog >> >>>>> Dec 30 07:20:40 server puppet-agent[19918]: Could not retrieve >> >>>>> catalog; >> >>>>> skipping run >> >>>>> >> >>>>> >> >>>>> >> >>>>> >> >>>>> On Fri, Dec 30, 2011 at 2:31 AM, Bernd Adamowicz >> >>>>> <bernd.adamow...@esailors.de> wrote: >> >>>>>> >> >>>>>> I'm pretty sure that, besides the other answers already provided, >> >>>>>> your >> >>>>>> main problem is the wrong user for your Puppet configuration. It >> >>>>>> should be >> >>>>>> user 'puppet' and not 'root'. That's how '/etc/puppet' should look >> >>>>>> like: >> >>>>>> >> >>>>>> drwxr-xr-x 5 puppet puppet 4.0K Dec 12 17:48 . >> >>>>>> drwxr-xr-x 79 root root 12K Dec 26 04:03 .. >> >>>>>> -rw-r--r-- 1 puppet puppet 3.1K Dec 12 17:48 auth.conf >> >>>>>> drwxr-xr-x 6 puppet puppet 4.0K Dec 12 17:48 environments >> >>>>>> drwxr-xr-x 3 puppet puppet 4.0K Dec 12 17:48 manifests >> >>>>>> -rw-r--r-- 1 puppet puppet 838 Dec 12 17:48 namespaceauth.conf >> >>>>>> -rw-r--r-- 1 puppet puppet 1.8K Dec 12 17:48 puppet.conf >> >>>>>> drwxr-xr-x 6 puppet puppet 4.0K Dec 30 08:20 .svn >> >>>>>> >> >>>>>> So a command like 'chown -R puppet:puppet /etc/puppet' issued as >> >>>>>> 'root' should solve your main problem which is the 'Permission >> >>>>>> denied' error >> >>>>>> as well as the non starting Puppet process. >> >>>>>> >> >>>>>> Bernd >> >>>>>> >> >>>>>> > -----Ursprüngliche Nachricht----- >> >>>>>> > Von: puppet-users@googlegroups.com [mailto:puppet- >> >>>>>> > us...@googlegroups.com] Im Auftrag von Khan >> >>>>>> > Gesendet: Donnerstag, 29. Dezember 2011 17:37 >> >>>>>> > An: Puppet Users >> >>>>>> > Betreff: [Puppet Users] Puppetserver error >> >>>>>> > >> >>>>>> > Hello everyone, >> >>>>>> > I am new to puppet. I have installed on redhat Enterprise 5and >> >>>>>> > seems >> >>>>>> > to be working fine. Couple days ago I was testing some >> >>>>>> > permissions >> >>>>>> > on / >> >>>>>> > etc folder and applied 600 /etc and sub folders. Although I have >> >>>>>> > reverted the permission but I am having issues on puppetmaster. >> >>>>>> > Currently I have these permission on etc 755 and puppet folder: >> >>>>>> > my /etc folder is 755 and puppet folder with tese permsions: >> >>>>>> > >> >>>>>> > -rw-r--r-- 1 root root 2346 May 8 2010 auth.conf >> >>>>>> > -rw-r--r-- 1 root root 419 May 19 2010 fileserver.conf >> >>>>>> > drwxr-xr-x 3 root root 4096 Dec 23 10:48 manifests >> >>>>>> > drwxr-xr-x 21 root root 4096 Oct 22 2010 modules >> >>>>>> > -rw-r--r-- 1 root root 980 May 27 2010 puppet.conf >> >>>>>> > -rw-r--r-- 1 root root 855 May 17 2010 puppet.conf.rpmnew >> >>>>>> > >> >>>>>> > I am getting these error in the log: >> >>>>>> > >> >>>>>> > puppet-master[3519]: Could not parse for environment production: >> >>>>>> > Permission denied - /etc/puppet/manifests/classes/sysctl.pp at >> >>>>>> > /etc/ >> >>>>>> > puppet/manifests/site.pp:3 on node client1 >> >>>>>> > >> >>>>>> > Dec 27 14:25:46 server puppet-master[3519]: Could not parse for >> >>>>>> > environment production: Permission denied - >> >>>>>> > /etc/puppet/manifests/ >> >>>>>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node >> >>>>>> > client2 >> >>>>>> > >> >>>>>> > Dec 27 14:27:15 server puppet-master[3519]: Could not parse for >> >>>>>> > environment production: Permission denied - >> >>>>>> > /etc/puppet/manifests/ >> >>>>>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node >> >>>>>> > client3 >> >>>>>> > >> >>>>>> > Dec 27 14:27:15 server puppet-master[3519]: Could not parse for >> >>>>>> > environment production: Permission denied - >> >>>>>> > /etc/puppet/manifests/ >> >>>>>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node >> >>>>>> > client4 >> >>>>>> > >> >>>>>> > Dec 27 14:27:15 server puppet-agent[10407]: Could not retrieve >> >>>>>> > catalog >> >>>>>> > from remote server: Error 400 on SERVER: Could not parse for >> >>>>>> > environment production: Permission denied - >> >>>>>> > /etc/puppet/manifests/ >> >>>>>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node >> >>>>>> > server >> >>>>>> > Any Help will be greatly appreciated. >> >>>>>> > >> >>>>>> > -- >> >>>>>> > You received this message because you are subscribed to the >> >>>>>> > Google >> >>>>>> > Groups "Puppet Users" group. >> >>>>>> > To post to this group, send email to >> >>>>>> > puppet-users@googlegroups.com. >> >>>>>> > To unsubscribe from this group, send email to puppet- >> >>>>>> > users+unsubscr...@googlegroups.com. >> >>>>>> > For more options, visit this group at >> >>>>>> > http://groups.google.com/group/puppet-users?hl=en. >> >>>>>> >> >>>>>> -- >> >>>>>> You received this message because you are subscribed to the Google >> >>>>>> Groups "Puppet Users" group. >> >>>>>> To post to this group, send email to puppet-users@googlegroups.com. >> >>>>>> To unsubscribe from this group, send email to >> >>>>>> puppet-users+unsubscr...@googlegroups.com. >> >>>>>> For more options, visit this group at >> >>>>>> http://groups.google.com/group/puppet-users?hl=en. >> >>>>>> >> >>>>> >> >>>>> >> >>>>> >> >>>>> -- >> >>>>> Regards, >> >>>>> Mohammad >> >>>>> >> >>>> >> >>>> >> >>>> >> >>>> -- >> >>>> Regards, >> >>>> Mohammad >> >>>> >> >>> >> >>> >> >>> >> >>> -- >> >>> Regards, >> >>> Mohammad >> >>> >> >> >> >> >> >> >> >> -- >> >> Regards, >> >> Mohammad >> >> >> > >> > >> > >> > -- >> > Regards, >> > Mohammad >> > >> > -- >> > You received this message because you are subscribed to the Google >> > Groups >> > "Puppet Users" group. >> > To post to this group, send email to puppet-users@googlegroups.com. >> > To unsubscribe from this group, send email to >> > puppet-users+unsubscr...@googlegroups.com. >> > For more options, visit this group at >> > http://groups.google.com/group/puppet-users?hl=en. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> > > > > -- > Regards, > Mohammad > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
