I should add that shortly thereafter, webrick reports this:
[2013-02-06 12:06:45] ERROR OpenSSL::SSL::SSLError: SSL_accept returned=1
errno=0 state=SSLv3 read client certificate A: sslv3 alert certificate
revoked
/usr/share/ruby/vendor_ruby/puppet/network/http/webrick.rb:32:in
`accept'
/usr/share/ruby/vendor_ruby/puppet/network/http/webrick.rb:32:in `block
(3 levels) in listen'
/usr/share/ruby/webrick/server.rb:191:in `call'
/usr/share/ruby/webrick/server.rb:191:in `block in start_thread'
This repeats quite a few times before stopping.
On Wednesday, February 6, 2013 12:07:43 PM UTC-5, Bret Wortman wrote:
>
> Yeah, It is running (though I had been assuming that -- thanks for
> prompting me to check!); "puppet agent -t" works when run on the master,
> but only there. And I can see the requests hitting in the
> /var/log/puppet/masterhttp.log file:
>
> [2013-02-06 12:04:55] nodename.my.net - - [06/Feb/2013:12:04:55 EST] "GET
> /production/certificate/nodename.my.net? HTTP/1.1" 404 40
> [2013-02-06 12:04:55] - -> /production/certificate/nodename.my.net?
>
> It's absolutely right that the cert doesn't exist yet -- the client should
> be requesting one (since I deleted the one it had both on the that node and
> on the server via puppet cert clean) but that request isn't getting
> through, it seems.
>
>
>
> On Wednesday, February 6, 2013 12:01:43 PM UTC-5, Brendan O'Bra wrote:
>>
>> Are you sure the master is running?
>> This:
>> Error: Could not request certificate: Connection refused - connect(2)
>> seems like it might not be listening.
>>
>>
>> On Wed, Feb 6, 2013 at 7:44 AM, Bret Wortman <br...@thewortmans.org>wrote:
>>
>>> I think I really hosed my certificates somehow this morning trying to
>>> get PuppetDB and Puppet talking again -- here's where I stand.
>>>
>>> My Puppet master and PuppetDB are again talking, or at least, aren't
>>> complaining about communication.
>>>
>>> From my puppet master, I can run "puppet agent -t", and it runs just
>>> fine.
>>>
>>> From any other node on which puppet had been running, I get this:
>>>
>>> # puppet agent -t
>>> Error: Could not request certificate: Connection refused - connect(2)
>>> Exiting; failed to retrieve certificate and waitforcert is disabled
>>> #
>>>
>>> Now, I have auto-signing enabled (my systems are on a private network)
>>> and when I go to my master:
>>>
>>> # puppet cert list
>>> #
>>>
>>> There's nothing. Nothing in the logs. No one is talking to my
>>> puppetmaster this morning.
>>>
>>> I *did* delete a bunch of certs in my flailing attempts to get puppet &
>>> puppetdb talking and suspect that may be the cause; but how can I get my
>>> remote agents talking to the puppet master again?
>>>
>>> Thanks.
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Puppet Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to puppet-users...@googlegroups.com.
>>> To post to this group, send email to puppet...@googlegroups.com.
>>> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
>>> For more options, visit https://groups.google.com/groups/opt_out.
>>>
>>>
>>>
>>
>>
>>
>> --
>> GVoice: 707.410.0371
>> LinkedIn: http://www.linkedin.com/in/brendanobra
>>
>>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
