On 4/22/14, 10:54 AM, Felix Frank wrote:
*sigh* The excessive clearing of certs master side is painful to watch,
to be certain.
The error basically tells you that the master does hand a certificate to
the agent, but it is not one the agent has a key for. This is what
someone will see if they try and fraud themselves to a catalog for one
of your nodes, but lacking your agent's valuable key.
What you want to do is to 'puppet cert clean <agent-fqdn>' on the
master. The old cert should still be showing up in 'puppet cert list
--all'. Then the agent should be able to place its new CSR.
Side question - is the master still as recent (or more so) as the agent?
Thanks,
Felix
Don't know how many times I tried that. No joy. I did get it to work
though by upgrading all versions to 3.5.1 and their dependencies. The
master was 3.5.1 but the clients were 2.4 something. I thought there
was supposed to be backward compatibility. Maybe I missed something in
the release notes. Anyway I'm at 3.5.1 etc now on both ends and it's
working again.
And yes I did read the best practices on upgrades. Next time I'll take
the alternate master approach and upgrade nodes in small bunches using
the new master.
Tnx.
Chris.
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/5356880B.2080506%40gmail.com.
For more options, visit https://groups.google.com/d/optout.
