On Wed, Feb 22, 2012 at 11:58 AM, Jon Davis <j...@snowulf.com> wrote:
> How can I track down where the issue for this is? I've found some bugs > and blog posts that seem to be related [1][2] and I've followed all of the > instructions and checked ALL of the versions related. I'm running Ruby > 1.8.7 and Puppet 2.7.9 on both sides of the equation, which appear to be > "OK" versions by everyone's posting. I've got as far as doing a `puppet > cert clean --all` and `puppet cert clean puppet.company.com` and > regenerating. Still doesn't work. I've also followed every step on only > Puppet Doc's page that I can find related entries on [3] Hey Jon, When you cleaned the certs on the SERVER side, did you also clean the $ssldir on the CLIENT side and try to connect to the master again? Doing a `puppet config print ssldir` will give you the path to your $ssldir. I would: 1. Clean the cert on the master 2. Clean the ssldir on the client 3. Try running `puppet agent -t` on the client to generate a CSR on the master 4. Sign the cert on the master 5. Try running puppet again on the client. Does this work for you? > > -Jon > [1] http://projects.puppetlabs.com/issues/9084 > [2] http://urgetopunt.com/puppet/2011/09/14/puppet-ruby19.html > [3] > http://docs.puppetlabs.com/pe/2.0/maint_common_config_errors.html#do-agents-trust-the-masters-certificate > > > > On Tue, Feb 21, 2012 at 16:56, Jon Davis <j...@snowulf.com> wrote: > >> I recently built, added to puppet and then nuked a server. Before I >> re-added the machine (after I rebuilt it, with the same name), I went to >> the puppet server and ran `puppet cert revoke dev-8.company.com` and >> `puppet cert clean dev-8.company.com`. Now when puppet runs on ANY >> server in my environment, they get the following error: >> >> info: Caching certificate for dev-8.company.com >> *err: Could not retrieve catalog from remote server: SSL_connect >> returned=1 errno=0 state=SSLv3 read server certificate B: certificate >> verify failed. This is often because the time is out of sync on the server >> or client* >> warning: Not using cache on failed catalog >> err: Could not retrieve catalog; skipping run >> *err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 >> read server certificate B: certificate verify failed. This is often >> because the time is out of sync on the server or client* >> >> >> Now I know for a fact that it isn't a time issue because the puppet >> server is on NTP as are the clients. The new machine is also within 1-2 >> seconds of server time. All of the clients are configured to run (via >> Cron) `/usr/sbin/puppetd --onetime --no-daemonize --logdest syslog --server >> puppet.company.com`. The server is named puppet-1.company.com but >> puppet. is a valid cname. I've tried rebooting the puppet server, I've >> tried upgrading it, just about anything I can think of. >> >> Any help would be greatly appreciated. >> -Jon >> >> PS Both clients and server are running Ubuntu: >> >> root@puppet-1:/etc/puppet# cat /etc/lsb-release >> DISTRIB_ID=Ubuntu >> DISTRIB_RELEASE=11.10 >> DISTRIB_CODENAME=oneiric >> DISTRIB_DESCRIPTION="Ubuntu 11.10" >> >> root@puppet-1:/etc/puppet# uname -a >> Linux puppet-1 3.0.0-16-server #28-Ubuntu SMP Fri Jan 27 18:03:45 UTC >> 2012 x86_64 x86_64 x86_64 GNU/Linux >> >> >> >> -- >> Jon >> [[User:ShakataGaNai]] / KJ6FNQ >> http://snowulf.com/ >> http://www.linkedin.com/in/shakataganai <http://twitter.com/shakataganai> >> >> > > > -- > Jon > [[User:ShakataGaNai]] / KJ6FNQ > http://snowulf.com/ > http://www.linkedin.com/in/shakataganai <http://twitter.com/shakataganai> > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- Gary Larizza Professional Services Engineer Puppet Labs -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
