Hi, I am having a similar problem but I am trying to run puppetd -t on the server as a client of itself. This works on our other puppet master. Like the poster above, I have cleared /var/lib/puppet/ssl a dozen times and time cannot be an issue because client and server are the same machine. I have tried this with both puppetmasterd and with the apache passenger module, which is what we have running on our other puppet master, which works. I am using puppet versions puppet-2.7.9-2.el6.noarch puppet-server-2.7.9-2.el6.noarch
on top of ruby versions: ruby-1.8.7.352-4.el6_2.x86_64 rubygems-1.3.7-1.el6.noarch ruby-libs-1.8.7.352-4.el6_2.x86_64 All of this on CentOS 6. Any ideas? Thanks. Glen On Tuesday, February 21, 2012 4:56:13 PM UTC-8, Jon wrote: > > I recently built, added to puppet and then nuked a server. Before I > re-added the machine (after I rebuilt it, with the same name), I went to > the puppet server and ran `puppet cert revoke dev-8.company.com` and > `puppet cert clean dev-8.company.com`. Now when puppet runs on ANY > server in my environment, they get the following error: > > info: Caching certificate for dev-8.company.com > *err: Could not retrieve catalog from remote server: SSL_connect > returned=1 errno=0 state=SSLv3 read server certificate B: certificate > verify failed. This is often because the time is out of sync on the server > or client* > warning: Not using cache on failed catalog > err: Could not retrieve catalog; skipping run > *err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 > read server certificate B: certificate verify failed. This is often > because the time is out of sync on the server or client* > > > Now I know for a fact that it isn't a time issue because the puppet server > is on NTP as are the clients. The new machine is also within 1-2 seconds > of server time. All of the clients are configured to run (via Cron) > `/usr/sbin/puppetd --onetime --no-daemonize --logdest syslog --server > puppet.company.com`. The server is named puppet-1.company.com but > puppet. is a valid cname. I've tried rebooting the puppet server, I've > tried upgrading it, just about anything I can think of. > > Any help would be greatly appreciated. > -Jon > > PS Both clients and server are running Ubuntu: > > root@puppet-1:/etc/puppet# cat /etc/lsb-release > DISTRIB_ID=Ubuntu > DISTRIB_RELEASE=11.10 > DISTRIB_CODENAME=oneiric > DISTRIB_DESCRIPTION="Ubuntu 11.10" > > root@puppet-1:/etc/puppet# uname -a > Linux puppet-1 3.0.0-16-server #28-Ubuntu SMP Fri Jan 27 18:03:45 UTC 2012 > x86_64 x86_64 x86_64 GNU/Linux > > > > -- > Jon > [[User:ShakataGaNai]] / KJ6FNQ > http://snowulf.com/ > http://www.linkedin.com/in/shakataganai <http://twitter.com/shakataganai> > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/we1mj3rXSUcJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
