Tried this, both systems are within seconds of each other as best I can tell. Both are also synced to US NTP Pool 1.
On Friday, November 30, 2012 2:07:30 PM UTC-5, tas wrote: > > I have the same exact problem over and over and over, so I gave up on > Puppet. > But maybe you can try resolve this by checking if times are in sync? > try ntpdate on master and slave. > check date on both machines very quickly to see the time sync > > On Thursday, November 29, 2012 4:52:42 PM UTC-5, shoerner wrote: >> >> Hello everyone, >> >> Just getting my first puppet master set up and I am having a problem that >> I just do not know how to get past. For some reason, my certificate store >> keeps getting corrupted. Basically what happens is that the server will >> issue itself a valid certificate (after removing the 'bad' cert) and will >> run just fine. When I start puppetDB (I am pretty sure it happens around >> here) on the system though, running the command 'puppet ca list --all' on >> the PuppetMaster, I get the following: >> >> Error: The certificate retrieved from the master does not match the >> agent's private key. >> Certificate fingerprint: *<fingerprint removed>* >> To fix this, remove the certificate from both the master and the agent >> and then start a puppet run, which will automatically regenerate a >> certficate. >> On the master: >> puppet cert clean puppetmaster.site >> On the agent: >> rm -f /var/lib/puppet/ssl/certs/puppetmaster.site.pem >> puppet agent -t >> >> Error: Try 'puppet help ca list' for usage >> >> I have tried following said instructions which did not work at all. >> Eventually I was able to build it down to the following steps to regenerate >> the certificate store: >> # service puppetmaster stop >> # service puppetdb stop >> # service puppet stop >> # find $(puppet master --configprint ssldir) -name "$(puppet master >> --configprint certname).pem" -delete >> # rm -rf /var/lib/puppet/ssl >> # puppet master --no-daemonize --debug --verbose --trace (kill it when >> it says "starting puppet") >> # /usr/sbin/puppetdb-ssl-setup >> # service puppetmaster start >> # puppet ca list --all (lists the certs installed) >> # service puppetdb start >> # puppet ca list --all (prints error message above with new fingerprint) >> >> The master is running Fedora 16 with Puppet 3.0.1 (along with PuppetDB >> 1.0.2 and Puppet Dashboard). I realize that the solution is only made more >> difficult by the inclusion of db and dashboard, but the project scope grew >> too quickly and resulted in attempts to combine services. I am out of ideas >> save for re-installing the service; after messing with this install for so >> long, I doubt many people here will want to support this decision. >> > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/bQbclsRwEioJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
