It usually involves doing this one the server: puppet cert clean myhost
and on the client: rm -rf /var/lib/puppet/ssl Then try it again on your client: `puppet agent --test` Then back to your master: `puppet cert sign myhost`. On Friday, August 10, 2012 8:30:50 AM UTC-4, Axel Bock wrote: > > hm, nevermind, I solved it somehow, although I don't know how (yet). it > involved a lot of deleting and restarting :) ... > > thanks anyways! > /Axel. > > Am Freitag, 10. August 2012 14:10:57 UTC+2 schrieb Axel Bock: >> >> Hello readers, >> >> I have this little issue that my puppet client refuses to do anything >> because of SSL validation errors. Maybe I'll just post dump of what >> happens, that makes it clear I hope. Does anyone have a suggestion why that >> might happen? what I already checked: >> >> On the master: >> >> - Puppet and puppetmaster is running >> - Something is listening on Port 8140 (although I cannot >> telnet-connect to it, it closes immediately for whatever reason) >> - in /var/lib/puppet/ssl: find . -type f -delete >> >> On the client: >> >> - in /var/lib/puppet/ssl: find . -type f -delete >> >> I would appreciate any help that's available ... >> >> thanks & greetings! Axel. >> >> >> ... and now the little dump: >> >> (CLIENT) >> *root@l1311022:/var/lib/puppet/ssl$* *puppet agent --test* >> info: Creating a new SSL key for l1311022.our.domain.de >> warning: peer certificate won't be verified in this SSL session (2x) >> info: Creating a new SSL certificate request for l1311022.our.domain.de >> info: Certificate Request fingerprint (md5): >> 19:60:00:FE:95:D8:1B:D1:7A:0A:08:C1:1F:E1:94:4E >> warning: peer certificate won't be verified in this SSL session (3x) >> Exiting; no certificate found and waitforcert is disabled >> >> (SERVER) >> *l1215022:/var/lib/puppet/ssl # pca -l* >> notice: Signed certificate request for ca >> notice: Rebuilding inventory file >> l1311022.our.domain.de(19:60:00:FE:95:D8:1B:D1:7A:0A:08:C1:1F:E1:94:4E) >> *l1215022:/var/lib/puppet/ssl # pca -s --all* >> notice: Signed certificate request for l1311022.our.domain.de >> notice: Removing file Puppet::SSL::CertificateRequest >> l1311022.our.domain.de at >> '/var/lib/puppet/ssl/ca/requests/l1311022.our.domain.de.pem' >> l1215022:/var/lib/puppet/ssl # >> >> (CLIENT) >> *root@l1311022:/var/lib/puppet/ssl$ puppet agent --test* >> warning: peer certificate won't be verified in this SSL session >> info: Caching certificate for ca >> warning: peer certificate won't be verified in this SSL session >> info: Caching certificate for l1311022.our.domain.de >> info: Retrieving plugin >> err: /File[/var/lib/puppet/lib]: Failed to generate additional resources >> using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read >> server certificate B: certificate verify failed >> err: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect >> returned=1 errno=0 state=SSLv3 read server certificate B: certificate >> verify failed Could not retrieve file metadata for puppet:// >> l1215022.our.domain.de/plugins: SSL_connect returned=1 errno=0 >> state=SSLv3 read server certificate B: certificate verify failed >> err: Could not retrieve catalog from remote server: SSL_connect >> returned=1 errno=0 state=SSLv3 read server certificate B: certificate >> verify failed >> warning: Not using cache on failed catalog >> err: Could not retrieve catalog; skipping run >> err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 >> read server certificate B: certificate verify failed >> >> The config files look like this: >> >> (CLIENT) >> [main] >> logdir = /var/log/puppet >> rundir = /var/run/puppet >> ssldir = /var/lib/puppet/ssl >> modulepath = /etc/puppet/modules:/opt/puppet/share/puppet/modules >> [agent] >> certname = l1311022.our.domain.de >> server = l1215022.our.domain.de >> report = true >> graph = true >> pluginsync = true >> classfile = $vardir/classes.txt >> localconfig = $vardir/localconfig >> >> (SERVER) >> [main] >> logdir = /var/log/puppet >> rundir = /var/run/puppet >> ssldir = /var/lib/puppet/ssl >> certname = l1215022.our.domain.de >> [agent] >> classfile = $vardir/classes.txt >> localconfig = $vardir/localconfig >> >> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/Jx0FJz3FksUJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
