Per the mcollective deploy docs, I'm trying to use 'puppet certificate generate' to send a csr for one user. Puppet tries to generate a csr for the host as well as the user. There are tickets.
https://tickets.puppetlabs.com/browse/PUP-2018 https://tickets.puppetlabs.com/browse/PUP-3178 Has anybody managed to work around this with the command line tools? I could probably manually copy the csr around and have it work but I would prefer something a bit more automated. More details, same as tickets (xarg is the fake username in question, same result if I use $USER): $ puppet certificate generate --ssldir .n --ca-location remote --ca_server puppetmaster1.mycompany.com xarg Error: The certificate retrieved from the master does not match the agent's private key. Certificate fingerprint: 01:0A:B5:D7:88:B2:81:A0:49:66:29:DC:1C:50:61:86:FA:28:A9:48:0B:87:84:E1:9A:5D:B1:1C:A1:CF:58:55 To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate. On the master: puppet cert clean myhost.mycompany.com On the agent: rm -f /home/cwood/.n/certs/myhost.mycompany.com.pem puppet agent -t Error: Try 'puppet help certificate generate' for usage $ find .n -type f | sort .n/certs/ca.pem .n/certs/myhost.mycompany.com.pem .n/private_keys/myhost.mycompany.com.pem .n/private_keys/xarg.pem .n/public_keys/myhost.mycompany.com.pem .n/public_keys/xarg.pem The command line probably worked for the author of this document, and the prompt indicates a non-root user: https://docs.puppetlabs.com/mcollective/deploy/standard.html#example-client-onboarding-process I tried the node* parameters here, but they didn't change the result: https://docs.puppetlabs.com/references/stable/configuration.html -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20140924151055.GA28345%40iniquitous.heresiarch.ca. For more options, visit https://groups.google.com/d/optout.
