I have just stood up a new open source puppet master (in this case master is ep1p-apux06, aka puppet.domain.com). I have added an external test agent and everything appears to be running correctly. As a test, I have added a single module and if I make changes to the module, I can see it propagate. However, even though I can run 'puppet agent --test' on the master (as a client to itself), I am seeing these errors in the log files:
*Jun 19 09:39:43 ep1p-apux06 puppet-agent[23828]: Unable to fetch my node definition, but the agent run will continue:* *Jun 19 09:39:43 ep1p-apux06 puppet-agent[23828]: The certificate retrieved from the master does not match the agent's private key.* *Jun 19 09:39:43 ep1p-apux06 puppet-agent[23828]: Certificate fingerprint: 0C:8E:16:10:2C:52:0E:1F:B9:75:6F:4C:40:3E:37:84:64:1D:38:0F:89:C0:02:EB:CD:B4:39:E4:03:91:02:5B* *Jun 19 09:39:43 ep1p-apux06 puppet-agent[23828]: To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate.* *Jun 19 09:39:43 ep1p-apux06 puppet-agent[23828]: On the master:* *Jun 19 09:39:43 ep1p-apux06 puppet-agent[23828]: puppet cert clean ep1p-apux06.domain.com* *Jun 19 09:39:43 ep1p-apux06 puppet-agent[23828]: On the agent:* *Jun 19 09:39:43 ep1p-apux06 puppet-agent[23828]: 1a. On most platforms: find /etc/puppet/ssl -name ep1p-apux06.domain.com.pem -delete* *Jun 19 09:39:43 ep1p-apux06 puppet-agent[23828]: 1b. On Windows: del "/etc/puppet/ssl/ep1p-apux06.domain.com.pem" /f* *Jun 19 09:39:43 ep1p-apux06 puppet-agent[23828]: 2. puppet agent -t* *Jun 19 09:39:43 ep1p-apux06 puppet-agent[23828]: (/File[/var/lib/puppet/facts.d]) Failed to generate additional resources using 'eval_generate': SSL_CTX_use_PrivateKey:: key values mismatch* *Jun 19 09:39:43 ep1p-apux06 puppet-agent[23828]: (/File[/var/lib/puppet/facts.d]) Could not evaluate: Could not retrieve file metadata for puppet://puppet/pluginfacts: SSL_CTX_use_PrivateKey:: key values mismatch* *Jun 19 09:39:43 ep1p-apux06 puppet-agent[23828]: (/File[/var/lib/puppet/lib]) Failed to generate additional resources using 'eval_generate': SSL_CTX_use_PrivateKey:: key values mismatch* *Jun 19 09:39:43 ep1p-apux06 puppet-agent[23828]: (/File[/var/lib/puppet/lib]) Could not evaluate: Could not retrieve file metadata for puppet://puppet/plugins: SSL_CTX_use_PrivateKey:: key values mismatch* *Jun 19 09:39:44 ep1p-apux06 puppet-agent[23828]: Could not retrieve catalog from remote server: SSL_CTX_use_PrivateKey:: key values mismatch* *Jun 19 09:39:44 ep1p-apux06 puppet-agent[23828]: Using cached catalog* *Jun 19 09:39:44 ep1p-apux06 puppet-agent[23828]: (/Stage[main]/Ntp::Config/File[ntp.conf]) Could not evaluate: Could not retrieve file metadata for puppet:///modules/ntp/ntp.conf: SSL_CTX_use_PrivateKey:: key values mismatch* *Jun 19 09:39:44 ep1p-apux06 puppet-agent[23828]: (/Stage[main]/Ntp::Service/Service[ntpd]) Dependency File[ntp.conf] has failures: true* *Jun 19 09:39:44 ep1p-apux06 puppet-agent[23828]: (/Stage[main]/Ntp::Service/Service[ntpd]) Skipping because of failed dependencies* *Jun 19 09:39:44 ep1p-apux06 puppet-agent[23828]: Finished catalog run in 0.03 seconds* *Jun 19 09:39:44 ep1p-apux06 puppet-agent[23828]: Could not send report: SSL_CTX_use_PrivateKey:: key values mismatch* I have gone through the process described to clean the certs, reran 'puppet agent --test', and everything appears to be functioning correctly: *[root@ep1p-apux06 puppet]# puppet cert clean ep1p-apux06.domain.com* *Notice: Revoked certificate with serial 14* *Notice: Removing file Puppet::SSL::Certificate ep1p-apux06.domain.com at '/var/lib/puppet/ssl/ca/signed/ep1p-apux06.domain.com.pem'* *Notice: Removing file Puppet::SSL::Certificate ep1p-apux06.domain.com at '/var/lib/puppet/ssl/certs/ep1p-apux06.domain.com.pem'* *Notice: Removing file Puppet::SSL::CertificateRequest ep1p-apux06.domain.com at '/var/lib/puppet/ssl/certificate_requests/ep1p-apux06.domain.com.pem'* *Notice: Removing file Puppet::SSL::Key ep1p-apux06.domain.com at '/var/lib/puppet/ssl/private_keys/ep1p-apux06.domain.com.pem'* *[root@ep1p-apux06 puppet]# find /etc/puppet/ssl -name ep1p-apux06.domain.com.pem -delete* *[root@ep1p-apux06 puppet]# find /var/lib//puppet/ssl -name ep1p-apux06.domain.com.pem -delete* *[root@ep1p-apux06 puppet]# puppet agent --test* *Info: Creating a new SSL key for ep1p-apux06.domain.com* *Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml* *Info: Creating a new SSL certificate request for ep1p-apux06.domain.com* *Info: Certificate Request fingerprint (SHA256): 3F:98:04:FA:04:6A:DE:4C:76:13:97:9E:7C:C3:44:01:98:7A:2C:3B:A5:32:37:9D:F0:5D:29:E3:E9:13:26:12* *Info: Caching certificate for ep1p-apux06.domain.com* *Info: Caching certificate for ep1p-apux06.domain.com* *Info: Retrieving pluginfacts* *Info: Retrieving plugin* *Info: Caching catalog for ep1p-apux06.domain.com* *Info: Applying configuration version '1434723026'* *Notice: Finished catalog run in 0.28 seconds* However, 30 minutes later, and I see the same errors in my log files. *[root@ep1p-apux06 puppet]# cat /etc/puppet/puppet.conf* *[main]* * # The Puppet log directory.* * # The default value is '$vardir/log'.* * logdir = /var/log/puppet* * # Where Puppet PID files are kept.* * # The default value is '$vardir/run'.* * rundir = /var/run/puppet* * # Where SSL certificates are kept.* * # The default value is '$confdir/ssl'.* * ssldir = $vardir/ssl* * runinterval = 1h* * server = puppet.domain.com* * environment = production* *[master]* * dns_alt_names = puppet,puppet.domain.com,puppetmaster,puppetmaster.domain.com* * environment_timeout = unlimited* * always_cache_features = true* * autosign = true* *[agent]* * # The file in which puppetd stores a list of the classes* * # associated with the retrieved configuratiion. Can be loaded in* * # the separate ``puppet`` executable using the ``--loadclasses``* * # option.* * # The default value is '$confdir/classes.txt'.* * classfile = $vardir/classes.txt* * # Where puppetd caches the local configuration. An* * # extension indicating the cache format is added automatically.* * # The default value is '$confdir/localconfig'.* * localconfig = $vardir/localconfig* What might I be possibly missing? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/a6ca4c74-3559-4ba7-bd99-d05199141440%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
