> I still say the problem is more likely with the master than with the > agent. My working hypothesis is that when you upgraded the master to v3.2 > you broke its certificate-signing functionality. Supposing that the > master's CA certificate was carried over during the upgrade, clients that > already have certificates don't need new certs, so they continue to work. > (And if the CA cert had not been carried over then all existing clients > would have needed new certs.) New clients do need signed certs before they > can retrieve catalogs, however, so the clients you are trying to deploy now > do not work. By this logic, no new client deployment will work against > this master, whether it's Puppet3/Cent6, Puppet2/Cent5, or even > Puppet3/Cent5. It is therefore irrelevant how similar your new client > systems are to the ones already in operation. >
Curious, how could I break the CA certificate-signing functionality by upgrading? Wouldn't that be a bug in the upgrade process? I can install a fresh version of Puppet and see if that works - but, I have too many nodes and thus I need to retain the current certificates that are signed. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
