Following my previous message, do you think that the problem may be:
puppet master:
# puppet -V
3.0.1
puppet agent:
# puppet -V
0.25.4
I am testing a 3 version of master with my old deploy of agents.
---
Rodolfo Pilas
http://www.pilas.net
@ysidorito
El jueves, 6 diciembre 2012 a las 20:17 , Rodolfo Pilas escribió:
>
> I have just installed a puppet master 3.0.1 under Debian 6.0 Squeeze.
>
> As soon as I have installed puppet ca list --all works ok:
>
> # puppet ca list --all
> + master1.domain (SHA256)
AB:E1:EE:F5:9C:C7:F5:4F:37:76:A0:AB:93:60:9A:E9:69:58:12:A6:37:4E:29:CD:7C:B7:A1:07:80:3B:13:47
>
> and I "puppet agent -t" from self mater1.domain and all worked
ok.
>
> The signature of the first node showed the certificate ( I had not seen
this at previous puppet versions).
>
> # puppet ca list
> agent1.domain (MD5) F9:88:19:CF:82:84:AD:AE:F8:EC:0B:A3:04:E8:65:CC
>
> # puppet ca sign agent1.domain
> Signed certificate request for agent1.domain
> Removing file Puppet::SSL::CertificateRequest agent1.domain at
''/var/lib/puppet/ssl/ca/requests/agent1.domain.pem''
> "-----BEGIN
CERTIFICATE-----\nMIID2TCCAcGgAwIBAgIBAzANBgkqhkiG9w0BAQsFADAoMSYwJAYDVQQDDB1QdXBw\nZXQgQ0E6IGN1dHRlci5yb290d2F5LmNvbTAeFw0xMjEyMDUyMTA2MTdaFw0xNzEy\nMDUyMTA2MTdaMB4xHDAaBgNVBAMME3Rlc3Rhd3Mucm9vdHdheS5jb20wgZ8wDQYJ\nKoZIhvcNAQEBBQADgY0AMIGJAoGBALggbp23HqJJvloI7WHH/EMMBj1W5JS3ctNn\n82Z66HTnwe6pbNw4l654nNJWsdxgIc6Bia23DoQejUmNrQ9nKN+63JK7lXQ//88k\nt19ixI6dMst/p1B7LGUBH1CE542/5MifU70+mOIdTfUzRTra9C0CuoyAh6LeLPNj\nu7Ov6d5jAgMBAAGjgZswgZgwDAYDVR0TAQH/BAIwADA3BglghkgBhvhCAQ0EKhYo\nUHVwcGV0IFJ1YnkvT3BlblNTTCBJbnRlcm5hbCBDZXJ0aWZpY2F0ZTAOBgNVHQ8B\nAf8EBAMCBaAwHQYDVR0OBBYEFEqIAYrvXq1/SB4SCcvqQ/xkbtFQMCAGA1UdJQEB\n/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAgEAdmDO\n5N4pq73lu6FLagVBwDFgw0813EHj1uBodkYtm7Lg3PaxLhTepn+gZF4vXQbLJTO3\njCpAxj3jsuiuGiYUscV2VGnRBVX5LrFdugg1R14XfSHmBSin8YhhkdKD8F8xP/Pl\ncNCRVOOl8+as+SjvtXpF/5EoAxsEi/aBRET/HM3EEPPEweeRuT5S6R1XSRSGUX7g\nQpSQw1D3M12FYYHTbWSA8kQX6B/KCgeHTzHsPPEbqtS2fsfFHzKYvLNzbf2IAvJL\ncAobf+IQkqgdNTehTftx/DWRkahIGN7Joaza19e45z8fIsqOROx74HaZTxZN7WDu\ns+7XrNt0kvsaVcW/ro/8chheIpeHXkrerPPcZA+ToPR3uN+O/OFkzxVbFMcCYwKr\nag1GgnWRH8TSMatMbqeqJjsUGaEDxaYG+7UigUEzvSvohalNC18yKHnX+hhB9QF0\nDr2fSvYbF8TCTEqckZC4O3JNYLqqV7n2dZ5eo/e/9d/MYzzfRUSyWtL05yCY6II5\nAuD3X1ZvzWUJUY1tVmqO7PyzV/LwBxB/25sfXVKyn0pffkP0WtkycgQtarRxLmLw\nibIbZg7QunADecve+nTk/3KMAwbBRRaoO2wVEdcm0BqLDvRGRNcR+P4kjz0eZ/FQ\nHLyd1G25T/bdL9RFkqXVXHMAQOf8PKT1jNdZBm0=\n-----END
CERTIFICATE-----\n"
>
>
> After that I was unable to list --all again:
>
> # puppet ca list --all
> Error: The certificate retrieved from the master does not match the
agent''s private key.
> Certificate fingerprint:
47:86:DF:83:53:A3:14:AB:C6:9B:B6:2A:30:A3:61:DB:DC:17:7A:40:CA:AC:33:12:BB:67:07:9F:2A:77:DA:CF
> To fix this, remove the certificate from both the master and the agent and
then start a puppet run, which will automatically regenerate a certficate.
> On the master:
> puppet cert clean master1.domain
> On the agent:
> rm -f /var/lib/puppet/ssl/certs/master1.domain.pem
> puppet agent -t
>
> I have complete remove /var/lib/puppet/ssl and recreate all certificates
with THE SAME steps and error.
>
> Suggestions?
>
> ---
> Rodolfo Pilas
> http://www.pilas.net
> @ysidorito
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.