I have checked the time it is fine on both client and server, but still the error is occurring.
On Fri, Dec 30, 2011 at 3:56 PM, Florian Koch < florian.koch1...@googlemail.com> wrote: > Hi, Maybe a Time related Problem? Check the Time on both, Client and Server > > > > > Am 30.12.2011 um 18:55 schrieb Mohammad Khan <makhan...@gmail.com>: > > I have done this already; however, client "certificate verify failed" is > occurring now where I am stuck. > > On Fri, Dec 30, 2011 at 12:51 PM, Aaron Grewell > <aaron.grew...@gmail.com>wrote: > >> You'll have to re-sign your node's cert using puppetca --sign <hostname> >> >> On Fri, Dec 30, 2011 at 9:28 AM, Mohammad Khan <makhan...@gmail.com> >> wrote: >> > I removed ssldir from clients and ran the puppetca --clean from the >> server. >> > It ran fine finally. Now I am stuck on where client complains that >> > 'certificate verify failed" I dont know what to do now? >> > >> > >> > On Fri, Dec 30, 2011 at 11:42 AM, Aaron Grewell < >> aaron.grew...@gmail.com> >> > wrote: >> >> >> >> Did you remove the ssldir on the server or the client? Usually to >> >> completely reset the cert you run clean on the server, remove the >> >> contents of the ssldir on the client, then re-run puppet and it should >> >> rebuild the cert. I wouldn't recommend removing the ssldir on the >> >> server except as a last resort, otherwise you'll have to rebuild all >> >> your client certs. >> >> >> >> If that's what you already did, make sure that your ssldir and its >> >> contents are owned by user & group puppet as well. >> >> >> >> On Fri, Dec 30, 2011 at 8:02 AM, Mohammad Khan <makhan...@gmail.com> >> >> wrote: >> >> > Do I need to make any changes to server or delete sl info on the >> server. >> >> > I >> >> > am still getting the certificate verify failed error on clients? >> >> > >> >> > >> >> > On Fri, Dec 30, 2011 at 8:54 AM, Mohammad Khan <makhan...@gmail.com> >> >> > wrote: >> >> >> >> >> >> I was able to sign the certificate to the client but still I am >> getting >> >> >> this error now on the >> >> >> client: >> >> >> >> >> >> Client puppet-agent[15030]: Starting Puppet client version 2.6.12 >> >> >> Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve >> catalog >> >> >> from remote server: certificate verify failed >> >> >> Dec 30 08:52:52 Client puppet-agent[15030]: Using cached catalog >> >> >> Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve >> catalog; >> >> >> skipping run >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> On Fri, Dec 30, 2011 at 8:26 AM, Mohammad Khan <makhan...@gmail.com >> > >> >> >> wrote: >> >> >>> >> >> >>> I have gone little further nowwhat I have done is to delete the ssl >> >> >>> folder from one of the client and ran this command on server: >> puppetca >> >> >>> --clean clientname >> >> >>> it has generated new certificate but in the end I get the same >> error: >> >> >>> >> >> >>> err: Could not call revoke: Cannot convert into OpenSSL::BN >> >> >>> Further more when i restart the agent from the client now I get >> this >> >> >>> message under server message log: client has a waiting certificate >> >> >>> request >> >> >>> Under my client message log: >> >> >>> hostname puppet-agent[13385]: Did not receive certificate >> >> >>> >> >> >>> >> >> >>> >> >> >>> >> >> >>> On Fri, Dec 30, 2011 at 7:36 AM, Mohammad Khan < >> makhan...@gmail.com> >> >> >>> wrote: >> >> >>>> >> >> >>>> I have tried to deleted the ssl folder under puppet. And then >> tried >> >> >>>> to >> >> >>>> clean the certificate from the server but did not work. >> >> >>>> #puppetca --clean hostname >> >> >>>> notice: Revoked certificate with serial # Inventory of signed >> >> >>>> certificates >> >> >>>> # SERIAL NOT_BEFORE NOT_AFTER SUBJECT >> >> >>>> >> >> >>>> >> >> >>>> err: Could not call revoke: Cannot convert into OpenSSL::BN >> >> >>>> >> >> >>>> >> >> >>>> >> >> >>>> On Fri, Dec 30, 2011 at 7:23 AM, Mohammad Khan < >> makhan...@gmail.com> >> >> >>>> wrote: >> >> >>>>> >> >> >>>>> Thanks guys; I am getting closer but still some errors. I am >> getting >> >> >>>>> these errors now. >> >> >>>>> Starting Puppet client version 2.6.12 >> >> >>>>> Dec 30 07:20:40 puppet puppet-agent[19918]: Could not retrieve >> >> >>>>> catalog >> >> >>>>> from remote server: Retrieved certificate does not match private >> >> >>>>> key; please >> >> >>>>> remove certificate from server and regenerate it with the current >> >> >>>>> key >> >> >>>>> Dec 30 07:20:40 server puppet-agent[19918]: Using cached catalog >> >> >>>>> Dec 30 07:20:40 server puppet-agent[19918]: Could not retrieve >> >> >>>>> catalog; >> >> >>>>> skipping run >> >> >>>>> >> >> >>>>> >> >> >>>>> >> >> >>>>> >> >> >>>>> On Fri, Dec 30, 2011 at 2:31 AM, Bernd Adamowicz >> >> >>>>> <bernd.adamow...@esailors.de> wrote: >> >> >>>>>> >> >> >>>>>> I'm pretty sure that, besides the other answers already >> provided, >> >> >>>>>> your >> >> >>>>>> main problem is the wrong user for your Puppet configuration. It >> >> >>>>>> should be >> >> >>>>>> user 'puppet' and not 'root'. That's how '/etc/puppet' should >> look >> >> >>>>>> like: >> >> >>>>>> >> >> >>>>>> drwxr-xr-x 5 puppet puppet 4.0K Dec 12 17:48 . >> >> >>>>>> drwxr-xr-x 79 root root 12K Dec 26 04:03 .. >> >> >>>>>> -rw-r--r-- 1 puppet puppet 3.1K Dec 12 17:48 auth.conf >> >> >>>>>> drwxr-xr-x 6 puppet puppet 4.0K Dec 12 17:48 environments >> >> >>>>>> drwxr-xr-x 3 puppet puppet 4.0K Dec 12 17:48 manifests >> >> >>>>>> -rw-r--r-- 1 puppet puppet 838 Dec 12 17:48 namespaceauth.conf >> >> >>>>>> -rw-r--r-- 1 puppet puppet 1.8K Dec 12 17:48 puppet.conf >> >> >>>>>> drwxr-xr-x 6 puppet puppet 4.0K Dec 30 08:20 .svn >> >> >>>>>> >> >> >>>>>> So a command like 'chown -R puppet:puppet /etc/puppet' issued as >> >> >>>>>> 'root' should solve your main problem which is the 'Permission >> >> >>>>>> denied' error >> >> >>>>>> as well as the non starting Puppet process. >> >> >>>>>> >> >> >>>>>> Bernd >> >> >>>>>> >> >> >>>>>> > -----Ursprüngliche Nachricht----- >> >> >>>>>> > Von: puppet-users@googlegroups.com [mailto:puppet- >> >> >>>>>> > us...@googlegroups.com] Im Auftrag von Khan >> >> >>>>>> > Gesendet: Donnerstag, 29. Dezember 2011 17:37 >> >> >>>>>> > An: Puppet Users >> >> >>>>>> > Betreff: [Puppet Users] Puppetserver error >> >> >>>>>> > >> >> >>>>>> > Hello everyone, >> >> >>>>>> > I am new to puppet. I have installed on redhat Enterprise 5and >> >> >>>>>> > seems >> >> >>>>>> > to be working fine. Couple days ago I was testing some >> >> >>>>>> > permissions >> >> >>>>>> > on / >> >> >>>>>> > etc folder and applied 600 /etc and sub folders. Although I >> have >> >> >>>>>> > reverted the permission but I am having issues on >> puppetmaster. >> >> >>>>>> > Currently I have these permission on etc 755 and puppet >> folder: >> >> >>>>>> > my /etc folder is 755 and puppet folder with tese permsions: >> >> >>>>>> > >> >> >>>>>> > -rw-r--r-- 1 root root 2346 May 8 2010 auth.conf >> >> >>>>>> > -rw-r--r-- 1 root root 419 May 19 2010 fileserver.conf >> >> >>>>>> > drwxr-xr-x 3 root root 4096 Dec 23 10:48 manifests >> >> >>>>>> > drwxr-xr-x 21 root root 4096 Oct 22 2010 modules >> >> >>>>>> > -rw-r--r-- 1 root root 980 May 27 2010 puppet.conf >> >> >>>>>> > -rw-r--r-- 1 root root 855 May 17 2010 puppet.conf.rpmnew >> >> >>>>>> > >> >> >>>>>> > I am getting these error in the log: >> >> >>>>>> > >> >> >>>>>> > puppet-master[3519]: Could not parse for environment >> production: >> >> >>>>>> > Permission denied - /etc/puppet/manifests/classes/sysctl.pp at >> >> >>>>>> > /etc/ >> >> >>>>>> > puppet/manifests/site.pp:3 on node client1 >> >> >>>>>> > >> >> >>>>>> > Dec 27 14:25:46 server puppet-master[3519]: Could not parse >> for >> >> >>>>>> > environment production: Permission denied - >> >> >>>>>> > /etc/puppet/manifests/ >> >> >>>>>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node >> >> >>>>>> > client2 >> >> >>>>>> > >> >> >>>>>> > Dec 27 14:27:15 server puppet-master[3519]: Could not parse >> for >> >> >>>>>> > environment production: Permission denied - >> >> >>>>>> > /etc/puppet/manifests/ >> >> >>>>>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node >> >> >>>>>> > client3 >> >> >>>>>> > >> >> >>>>>> > Dec 27 14:27:15 server puppet-master[3519]: Could not parse >> for >> >> >>>>>> > environment production: Permission denied - >> >> >>>>>> > /etc/puppet/manifests/ >> >> >>>>>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node >> >> >>>>>> > client4 >> >> >>>>>> > >> >> >>>>>> > Dec 27 14:27:15 server puppet-agent[10407]: Could not retrieve >> >> >>>>>> > catalog >> >> >>>>>> > from remote server: Error 400 on SERVER: Could not parse for >> >> >>>>>> > environment production: Permission denied - >> >> >>>>>> > /etc/puppet/manifests/ >> >> >>>>>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node >> >> >>>>>> > server >> >> >>>>>> > Any Help will be greatly appreciated. >> >> >>>>>> > >> >> >>>>>> > -- >> >> >>>>>> > You received this message because you are subscribed to the >> >> >>>>>> > Google >> >> >>>>>> > Groups "Puppet Users" group. >> >> >>>>>> > To post to this group, send email to >> >> >>>>>> > puppet-users@googlegroups.com. >> >> >>>>>> > To unsubscribe from this group, send email to puppet- >> >> >>>>>> > users+unsubscr...@googlegroups.com. >> >> >>>>>> > For more options, visit this group at >> >> >>>>>> > http://groups.google.com/group/puppet-users?hl=en. >> >> >>>>>> >> >> >>>>>> -- >> >> >>>>>> You received this message because you are subscribed to the >> Google >> >> >>>>>> Groups "Puppet Users" group. >> >> >>>>>> To post to this group, send email to >> puppet-users@googlegroups.com. >> >> >>>>>> To unsubscribe from this group, send email to >> >> >>>>>> puppet-users+unsubscr...@googlegroups.com. >> >> >>>>>> For more options, visit this group at >> >> >>>>>> http://groups.google.com/group/puppet-users?hl=en. >> >> >>>>>> >> >> >>>>> >> >> >>>>> >> >> >>>>> >> >> >>>>> -- >> >> >>>>> Regards, >> >> >>>>> Mohammad >> >> >>>>> >> >> >>>> >> >> >>>> >> >> >>>> >> >> >>>> -- >> >> >>>> Regards, >> >> >>>> Mohammad >> >> >>>> >> >> >>> >> >> >>> >> >> >>> >> >> >>> -- >> >> >>> Regards, >> >> >>> Mohammad >> >> >>> >> >> >> >> >> >> >> >> >> >> >> >> -- >> >> >> Regards, >> >> >> Mohammad >> >> >> >> >> > >> >> > >> >> > >> >> > -- >> >> > Regards, >> >> > Mohammad >> >> > >> >> > -- >> >> > You received this message because you are subscribed to the Google >> >> > Groups >> >> > "Puppet Users" group. >> >> > To post to this group, send email to puppet-users@googlegroups.com. >> >> > To unsubscribe from this group, send email to >> >> > puppet-users+unsubscr...@googlegroups.com. >> >> > For more options, visit this group at >> >> > http://groups.google.com/group/puppet-users?hl=en. >> >> >> >> -- >> >> You received this message because you are subscribed to the Google >> Groups >> >> "Puppet Users" group. >> >> To post to this group, send email to puppet-users@googlegroups.com. >> >> To unsubscribe from this group, send email to >> >> puppet-users+unsubscr...@googlegroups.com. >> >> For more options, visit this group at >> >> http://groups.google.com/group/puppet-users?hl=en. >> >> >> > >> > >> > >> > -- >> > Regards, >> > Mohammad >> > >> > -- >> > You received this message because you are subscribed to the Google >> Groups >> > "Puppet Users" group. >> > To post to this group, send email to puppet-users@googlegroups.com. >> > To unsubscribe from this group, send email to >> > puppet-users+unsubscr...@googlegroups.com. >> > For more options, visit this group at >> > http://groups.google.com/group/puppet-users?hl=en. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> >> > > > -- > Regards, > Mohammad > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- Regards, Mohammad -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
