On client: [root@xxx ~]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 5.7 (Tikanga) [root@xxx ~]# rpm -qa|grep puppet puppet-2.6.12-1.el5
On server: [root@server ~]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 5.7 (Tikanga) [root@server ~]# rpm -qa|grep puppet puppet-server-2.6.12-1.el5 puppet-2.6.12-1.el5 [root@server ~]# Puppet agent runs on client every 30 minutes, as usual. Sometimes, it fails with messages: Aug 8 17:30:04 xxx puppet-agent[10416]: Creating a new SSL key for xxx.domain.com Aug 8 17:30:04 xxx puppet-agent[10416]: Creating a new SSL certificate request for xxx.domain.com Aug 8 17:30:04 xxx puppet-agent[10416]: Certificate Request fingerprint (md5): 51:BA:28:EA:61:2B:1C:3B:42:64:48:9E:26:0F:28:F9 Aug 8 17:30:05 xxx puppet-agent[10416]: Could not request certificate: Error 400 on SERVER: Could not find certificate request for xxx2.domain.com We have autosign configured in puppetmaster, because we need to run puppet client on nodes totally unattended (we might provision a new or existing node at anytime) The problem is that sometimes when a client runs puppetagent, it fails requesting a certificate that does not own. For exemple: client xxx.domain.com generates a new certificate, that request to sign by the puppetmaster and then it fails because it does not find the request of a certificate for xxx2.domain.com. Maybe, next time, when puppetagent runs again, it success, or it fails again, there is not a rule. We have a script on server and client that deletes client certificates stored in /var/lib/puppet...... that runs every hour. We need this because we can provision a node with same hostname at anytime and if there was an old certificate on server with the same name it will fail. This is because we have autosign set to yes in puppetmaster. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
