On Wednesday, July 17, 2013 4:24:13 PM UTC-5, Forrie wrote: > > > I still say the problem is more likely with the master than with the >> agent. My working hypothesis is that when you upgraded the master to v3.2 >> you broke its certificate-signing functionality. Supposing that the >> master's CA certificate was carried over during the upgrade, clients that >> already have certificates don't need new certs, so they continue to work. >> (And if the CA cert had not been carried over then all existing clients >> would have needed new certs.) New clients do need signed certs before they >> can retrieve catalogs, however, so the clients you are trying to deploy now >> do not work. By this logic, no new client deployment will work against >> this master, whether it's Puppet3/Cent6, Puppet2/Cent5, or even >> Puppet3/Cent5. It is therefore irrelevant how similar your new client >> systems are to the ones already in operation. >> > > Curious, how could I break the CA certificate-signing functionality by > upgrading? Wouldn't that be a bug in the upgrade process? >
In principle, the upgrade could break certificate signing any number of ways. Whether such an event would constitute a bug depends in part on whether yours was a supported upgrade path, but in any event, you cannot discount bugs. You haven't said how your Puppet master was installed originally or how it was upgraded. You did originally say that your agents were installed as gems, and a recent message added the information that one of those agents is on the same system as the master, so I suppose that the master is provided as part of the same gem. But wait. You said that the problematic agents were on new-built systems. Have you then transferred the master to a new / rebuilt host as part of this process? (What could possibly go wrong?) Alternatively, I didn't notice you responding to the possibility that you have two separate Puppet installs. Did you check? John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
