Hi, Maybe a Time related Problem? Check the Time on both, Client and Server
Am 30.12.2011 um 18:55 schrieb Mohammad Khan <makhan...@gmail.com>: > I have done this already; however, client "certificate verify failed" is > occurring now where I am stuck. > > On Fri, Dec 30, 2011 at 12:51 PM, Aaron Grewell <aaron.grew...@gmail.com> > wrote: > You'll have to re-sign your node's cert using puppetca --sign <hostname> > > On Fri, Dec 30, 2011 at 9:28 AM, Mohammad Khan <makhan...@gmail.com> wrote: > > I removed ssldir from clients and ran the puppetca --clean from the server. > > It ran fine finally. Now I am stuck on where client complains that > > 'certificate verify failed" I dont know what to do now? > > > > > > On Fri, Dec 30, 2011 at 11:42 AM, Aaron Grewell <aaron.grew...@gmail.com> > > wrote: > >> > >> Did you remove the ssldir on the server or the client? Usually to > >> completely reset the cert you run clean on the server, remove the > >> contents of the ssldir on the client, then re-run puppet and it should > >> rebuild the cert. I wouldn't recommend removing the ssldir on the > >> server except as a last resort, otherwise you'll have to rebuild all > >> your client certs. > >> > >> If that's what you already did, make sure that your ssldir and its > >> contents are owned by user & group puppet as well. > >> > >> On Fri, Dec 30, 2011 at 8:02 AM, Mohammad Khan <makhan...@gmail.com> > >> wrote: > >> > Do I need to make any changes to server or delete sl info on the server. > >> > I > >> > am still getting the certificate verify failed error on clients? > >> > > >> > > >> > On Fri, Dec 30, 2011 at 8:54 AM, Mohammad Khan <makhan...@gmail.com> > >> > wrote: > >> >> > >> >> I was able to sign the certificate to the client but still I am getting > >> >> this error now on the > >> >> client: > >> >> > >> >> Client puppet-agent[15030]: Starting Puppet client version 2.6.12 > >> >> Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve catalog > >> >> from remote server: certificate verify failed > >> >> Dec 30 08:52:52 Client puppet-agent[15030]: Using cached catalog > >> >> Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve catalog; > >> >> skipping run > >> >> > >> >> > >> >> > >> >> > >> >> On Fri, Dec 30, 2011 at 8:26 AM, Mohammad Khan <makhan...@gmail.com> > >> >> wrote: > >> >>> > >> >>> I have gone little further nowwhat I have done is to delete the ssl > >> >>> folder from one of the client and ran this command on server: puppetca > >> >>> --clean clientname > >> >>> it has generated new certificate but in the end I get the same error: > >> >>> > >> >>> err: Could not call revoke: Cannot convert into OpenSSL::BN > >> >>> Further more when i restart the agent from the client now I get this > >> >>> message under server message log: client has a waiting certificate > >> >>> request > >> >>> Under my client message log: > >> >>> hostname puppet-agent[13385]: Did not receive certificate > >> >>> > >> >>> > >> >>> > >> >>> > >> >>> On Fri, Dec 30, 2011 at 7:36 AM, Mohammad Khan <makhan...@gmail.com> > >> >>> wrote: > >> >>>> > >> >>>> I have tried to deleted the ssl folder under puppet. And then tried > >> >>>> to > >> >>>> clean the certificate from the server but did not work. > >> >>>> #puppetca --clean hostname > >> >>>> notice: Revoked certificate with serial # Inventory of signed > >> >>>> certificates > >> >>>> # SERIAL NOT_BEFORE NOT_AFTER SUBJECT > >> >>>> > >> >>>> > >> >>>> err: Could not call revoke: Cannot convert into OpenSSL::BN > >> >>>> > >> >>>> > >> >>>> > >> >>>> On Fri, Dec 30, 2011 at 7:23 AM, Mohammad Khan <makhan...@gmail.com> > >> >>>> wrote: > >> >>>>> > >> >>>>> Thanks guys; I am getting closer but still some errors. I am getting > >> >>>>> these errors now. > >> >>>>> Starting Puppet client version 2.6.12 > >> >>>>> Dec 30 07:20:40 puppet puppet-agent[19918]: Could not retrieve > >> >>>>> catalog > >> >>>>> from remote server: Retrieved certificate does not match private > >> >>>>> key; please > >> >>>>> remove certificate from server and regenerate it with the current > >> >>>>> key > >> >>>>> Dec 30 07:20:40 server puppet-agent[19918]: Using cached catalog > >> >>>>> Dec 30 07:20:40 server puppet-agent[19918]: Could not retrieve > >> >>>>> catalog; > >> >>>>> skipping run > >> >>>>> > >> >>>>> > >> >>>>> > >> >>>>> > >> >>>>> On Fri, Dec 30, 2011 at 2:31 AM, Bernd Adamowicz > >> >>>>> <bernd.adamow...@esailors.de> wrote: > >> >>>>>> > >> >>>>>> I'm pretty sure that, besides the other answers already provided, > >> >>>>>> your > >> >>>>>> main problem is the wrong user for your Puppet configuration. It > >> >>>>>> should be > >> >>>>>> user 'puppet' and not 'root'. That's how '/etc/puppet' should look > >> >>>>>> like: > >> >>>>>> > >> >>>>>> drwxr-xr-x 5 puppet puppet 4.0K Dec 12 17:48 . > >> >>>>>> drwxr-xr-x 79 root root 12K Dec 26 04:03 .. > >> >>>>>> -rw-r--r-- 1 puppet puppet 3.1K Dec 12 17:48 auth.conf > >> >>>>>> drwxr-xr-x 6 puppet puppet 4.0K Dec 12 17:48 environments > >> >>>>>> drwxr-xr-x 3 puppet puppet 4.0K Dec 12 17:48 manifests > >> >>>>>> -rw-r--r-- 1 puppet puppet 838 Dec 12 17:48 namespaceauth.conf > >> >>>>>> -rw-r--r-- 1 puppet puppet 1.8K Dec 12 17:48 puppet.conf > >> >>>>>> drwxr-xr-x 6 puppet puppet 4.0K Dec 30 08:20 .svn > >> >>>>>> > >> >>>>>> So a command like 'chown -R puppet:puppet /etc/puppet' issued as > >> >>>>>> 'root' should solve your main problem which is the 'Permission > >> >>>>>> denied' error > >> >>>>>> as well as the non starting Puppet process. > >> >>>>>> > >> >>>>>> Bernd > >> >>>>>> > >> >>>>>> > -----Ursprüngliche Nachricht----- > >> >>>>>> > Von: puppet-users@googlegroups.com [mailto:puppet- > >> >>>>>> > us...@googlegroups.com] Im Auftrag von Khan > >> >>>>>> > Gesendet: Donnerstag, 29. Dezember 2011 17:37 > >> >>>>>> > An: Puppet Users > >> >>>>>> > Betreff: [Puppet Users] Puppetserver error > >> >>>>>> > > >> >>>>>> > Hello everyone, > >> >>>>>> > I am new to puppet. I have installed on redhat Enterprise 5and > >> >>>>>> > seems > >> >>>>>> > to be working fine. Couple days ago I was testing some > >> >>>>>> > permissions > >> >>>>>> > on / > >> >>>>>> > etc folder and applied 600 /etc and sub folders. Although I have > >> >>>>>> > reverted the permission but I am having issues on puppetmaster. > >> >>>>>> > Currently I have these permission on etc 755 and puppet folder: > >> >>>>>> > my /etc folder is 755 and puppet folder with tese permsions: > >> >>>>>> > > >> >>>>>> > -rw-r--r-- 1 root root 2346 May 8 2010 auth.conf > >> >>>>>> > -rw-r--r-- 1 root root 419 May 19 2010 fileserver.conf > >> >>>>>> > drwxr-xr-x 3 root root 4096 Dec 23 10:48 manifests > >> >>>>>> > drwxr-xr-x 21 root root 4096 Oct 22 2010 modules > >> >>>>>> > -rw-r--r-- 1 root root 980 May 27 2010 puppet.conf > >> >>>>>> > -rw-r--r-- 1 root root 855 May 17 2010 puppet.conf.rpmnew > >> >>>>>> > > >> >>>>>> > I am getting these error in the log: > >> >>>>>> > > >> >>>>>> > puppet-master[3519]: Could not parse for environment production: > >> >>>>>> > Permission denied - /etc/puppet/manifests/classes/sysctl.pp at > >> >>>>>> > /etc/ > >> >>>>>> > puppet/manifests/site.pp:3 on node client1 > >> >>>>>> > > >> >>>>>> > Dec 27 14:25:46 server puppet-master[3519]: Could not parse for > >> >>>>>> > environment production: Permission denied - > >> >>>>>> > /etc/puppet/manifests/ > >> >>>>>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node > >> >>>>>> > client2 > >> >>>>>> > > >> >>>>>> > Dec 27 14:27:15 server puppet-master[3519]: Could not parse for > >> >>>>>> > environment production: Permission denied - > >> >>>>>> > /etc/puppet/manifests/ > >> >>>>>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node > >> >>>>>> > client3 > >> >>>>>> > > >> >>>>>> > Dec 27 14:27:15 server puppet-master[3519]: Could not parse for > >> >>>>>> > environment production: Permission denied - > >> >>>>>> > /etc/puppet/manifests/ > >> >>>>>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node > >> >>>>>> > client4 > >> >>>>>> > > >> >>>>>> > Dec 27 14:27:15 server puppet-agent[10407]: Could not retrieve > >> >>>>>> > catalog > >> >>>>>> > from remote server: Error 400 on SERVER: Could not parse for > >> >>>>>> > environment production: Permission denied - > >> >>>>>> > /etc/puppet/manifests/ > >> >>>>>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node > >> >>>>>> > server > >> >>>>>> > Any Help will be greatly appreciated. > >> >>>>>> > > >> >>>>>> > -- > >> >>>>>> > You received this message because you are subscribed to the > >> >>>>>> > Google > >> >>>>>> > Groups "Puppet Users" group. > >> >>>>>> > To post to this group, send email to > >> >>>>>> > puppet-users@googlegroups.com. > >> >>>>>> > To unsubscribe from this group, send email to puppet- > >> >>>>>> > users+unsubscr...@googlegroups.com. > >> >>>>>> > For more options, visit this group at > >> >>>>>> > http://groups.google.com/group/puppet-users?hl=en. > >> >>>>>> > >> >>>>>> -- > >> >>>>>> You received this message because you are subscribed to the Google > >> >>>>>> Groups "Puppet Users" group. > >> >>>>>> To post to this group, send email to puppet-users@googlegroups.com. > >> >>>>>> To unsubscribe from this group, send email to > >> >>>>>> puppet-users+unsubscr...@googlegroups.com. > >> >>>>>> For more options, visit this group at > >> >>>>>> http://groups.google.com/group/puppet-users?hl=en. > >> >>>>>> > >> >>>>> > >> >>>>> > >> >>>>> > >> >>>>> -- > >> >>>>> Regards, > >> >>>>> Mohammad > >> >>>>> > >> >>>> > >> >>>> > >> >>>> > >> >>>> -- > >> >>>> Regards, > >> >>>> Mohammad > >> >>>> > >> >>> > >> >>> > >> >>> > >> >>> -- > >> >>> Regards, > >> >>> Mohammad > >> >>> > >> >> > >> >> > >> >> > >> >> -- > >> >> Regards, > >> >> Mohammad > >> >> > >> > > >> > > >> > > >> > -- > >> > Regards, > >> > Mohammad > >> > > >> > -- > >> > You received this message because you are subscribed to the Google > >> > Groups > >> > "Puppet Users" group. > >> > To post to this group, send email to puppet-users@googlegroups.com. > >> > To unsubscribe from this group, send email to > >> > puppet-users+unsubscr...@googlegroups.com. > >> > For more options, visit this group at > >> > http://groups.google.com/group/puppet-users?hl=en. > >> > >> -- > >> You received this message because you are subscribed to the Google Groups > >> "Puppet Users" group. > >> To post to this group, send email to puppet-users@googlegroups.com. > >> To unsubscribe from this group, send email to > >> puppet-users+unsubscr...@googlegroups.com. > >> For more options, visit this group at > >> http://groups.google.com/group/puppet-users?hl=en. > >> > > > > > > > > -- > > Regards, > > Mohammad > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Puppet Users" group. > > To post to this group, send email to puppet-users@googlegroups.com. > > To unsubscribe from this group, send email to > > puppet-users+unsubscr...@googlegroups.com. > > For more options, visit this group at > > http://groups.google.com/group/puppet-users?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > > > > -- > Regards, > Mohammad > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
