hm, nevermind, I somehow solved it. although I'm not (yet) sure how. It involved a lot of restarting and deleting :)
thanks anyways! Axel. 2012/8/10 Axel Bock <axel.b...@arbeitsagentur.de> > Hello readers, > > I have this little issue that my puppet client refuses to do anything > because of SSL validation errors. Maybe I'll just post dump of what > happens, that makes it clear I hope. Does anyone have a suggestion why that > might happen? what I already checked: > > On the master: > > - Puppet and puppetmaster is running > - Something is listening on Port 8140 (although I cannot > telnet-connect to it, it closes immediately for whatever reason) > - in /var/lib/puppet/ssl: find . -type f -delete > > On the client: > > - in /var/lib/puppet/ssl: find . -type f -delete > > I would appreciate any help that's available ... > > thanks & greetings! Axel. > > > ... and now the little dump: > > (CLIENT) > *root@l1311022:/var/lib/puppet/ssl$* *puppet agent --test* > info: Creating a new SSL key for l1311022.our.domain.de > warning: peer certificate won't be verified in this SSL session (2x) > info: Creating a new SSL certificate request for l1311022.our.domain.de > info: Certificate Request fingerprint (md5): > 19:60:00:FE:95:D8:1B:D1:7A:0A:08:C1:1F:E1:94:4E > warning: peer certificate won't be verified in this SSL session (3x) > Exiting; no certificate found and waitforcert is disabled > > (SERVER) > *l1215022:/var/lib/puppet/ssl # pca -l* > notice: Signed certificate request for ca > notice: Rebuilding inventory file > l1311022.our.domain.de (19:60:00:FE:95:D8:1B:D1:7A:0A:08:C1:1F:E1:94:4E) > *l1215022:/var/lib/puppet/ssl # pca -s --all* > notice: Signed certificate request for l1311022.our.domain.de > notice: Removing file Puppet::SSL::CertificateRequest > l1311022.our.domain.de at > '/var/lib/puppet/ssl/ca/requests/l1311022.our.domain.de.pem' > l1215022:/var/lib/puppet/ssl # > > (CLIENT) > *root@l1311022:/var/lib/puppet/ssl$ puppet agent --test* > warning: peer certificate won't be verified in this SSL session > info: Caching certificate for ca > warning: peer certificate won't be verified in this SSL session > info: Caching certificate for l1311022.our.domain.de > info: Retrieving plugin > err: /File[/var/lib/puppet/lib]: Failed to generate additional resources > using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read > server certificate B: certificate verify failed > err: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect > returned=1 errno=0 state=SSLv3 read server certificate B: certificate > verify failed Could not retrieve file metadata for puppet:// > l1215022.our.domain.de/plugins: SSL_connect returned=1 errno=0 > state=SSLv3 read server certificate B: certificate verify failed > err: Could not retrieve catalog from remote server: SSL_connect returned=1 > errno=0 state=SSLv3 read server certificate B: certificate verify failed > warning: Not using cache on failed catalog > err: Could not retrieve catalog; skipping run > err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 > read server certificate B: certificate verify failed > > The config files look like this: > > (CLIENT) > [main] > logdir = /var/log/puppet > rundir = /var/run/puppet > ssldir = /var/lib/puppet/ssl > modulepath = /etc/puppet/modules:/opt/puppet/share/puppet/modules > [agent] > certname = l1311022.our.domain.de > server = l1215022.our.domain.de > report = true > graph = true > pluginsync = true > classfile = $vardir/classes.txt > localconfig = $vardir/localconfig > > (SERVER) > [main] > logdir = /var/log/puppet > rundir = /var/run/puppet > ssldir = /var/lib/puppet/ssl > certname = l1215022.our.domain.de > [agent] > classfile = $vardir/classes.txt > localconfig = $vardir/localconfig > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/ToaPaY7mtgwJ. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
