Puppet users - Apr 2012 - Puppet not creating manifest file?

Hi,

I am totally new to Puppet and for the last few weeks I''ve been trying
to read as many documents and howto''s as possible to try to understand
how Puppet works.


Currently, after going through:

http://www.howtoforge.com/installing_puppet_on_ubuntu

http://docs.puppetlabs.com/pe/2.5/quick_start.html

http://that-matt.com/2010/08/puppet-retrieved-certificate-does-not-match-private-key/

http://bitcube.co.uk/content/puppet-errors-explained

https://www.cs.drexel.edu/node/14569


I am noticing that the client system is not generating a manifests file???


Currently I created a new SSL certificate on the client by doing:

puppet -t


As for the server... I am using the training OVF image learn.puppet
from the puppetlabs.com website.


Running: puppet agent --test on the client gives me this output:


err: Could not retrieve catalog from remote server: hostname was not
match with the server certificate
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
err: Could not send report: hostname was not match with the server certificate


I signed the certificate on the server by doing:


puppetca --list
puppetca --sign <fqdn>


This should be pretty trivial however, for whatever reason things
aren''t working..... could anyone give me a hand?


Thanks.



Kaya

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Kaya,

The manifest file(s) are something you create to tell puppet what you want
done.   Starting with a file in (normally) /etc/puppet/manifests/site.pp

HTH


On Tue, Apr 10, 2012 at 7:18 AM, Kaya Saman <kayasaman@gmail.com> wrote:
> Hi,
>
> I am totally new to Puppet and for the last few weeks I''ve been
trying
> to read as many documents and howto''s as possible to try to
understand
> how Puppet works.
>
>
> Currently, after going through:
>
> http://www.howtoforge.com/installing_puppet_on_ubuntu
>
> http://docs.puppetlabs.com/pe/2.5/quick_start.html
>
>
>
http://that-matt.com/2010/08/puppet-retrieved-certificate-does-not-match-private-key/
>
> http://bitcube.co.uk/content/puppet-errors-explained
>
> https://www.cs.drexel.edu/node/14569
>
>
> I am noticing that the client system is not generating a manifests file???
>
>
> Currently I created a new SSL certificate on the client by doing:
>
> puppet -t
>
>
> As for the server... I am using the training OVF image learn.puppet
> from the puppetlabs.com website.
>
>
> Running: puppet agent --test on the client gives me this output:
>
>
> err: Could not retrieve catalog from remote server: hostname was not
> match with the server certificate
> warning: Not using cache on failed catalog
> err: Could not retrieve catalog; skipping run
> err: Could not send report: hostname was not match with the server
> certificate
>
>
> I signed the certificate on the server by doing:
>
>
> puppetca --list
> puppetca --sign <fqdn>
>
>
> This should be pretty trivial however, for whatever reason things
> aren''t working..... could anyone give me a hand?
>
>
> Thanks.
>
>
>
> Kaya
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
Peter L. Berghold
Owner, Shark River Technical Solutions LLC

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Thanks Peter for the response!

I did this:

Using the guide from HowtoForge posted earlier....

I fudged the in-place manifests file to:


## site.pp ##

# This file (/etc/puppetlabs/puppet/manifests/site.pp) is the main entry point
# used when an agent connects to a master and asks for an updated configuration.
#
# Global objects like filebuckets and resource defaults should go in this file,
# as should the default node definition. (The default node can be omitted
# if you use the console and don''t define any other nodes in site.pp.
See
# http://docs.puppetlabs.com/guides/language_guide.html#nodes for more on
# node definitions.)

## Active Configurations ##

# PRIMARY FILEBUCKET
# This configures puppet agent and puppet inspect to back up file contents when
# they run. The Puppet Enterprise console needs this to display file contents
# and differences.

# Define filebucket ''main'':
#filebucket { ''main'':
#  server => ''learn.localdomain'',
#  path   => false,
#}

# Make filebucket ''main'' the default backup location for all
File resources:
#File { backup => ''main'' }

# DEFAULT NODE
# Node definitions in this file are merged with node data from the console. See
# http://docs.puppetlabs.com/guides/language_guide.html#nodes for more on
# node definitions.

# The default node definition matches any node lacking a more specific node
# definition. If there are no other nodes in this file, classes declared here
# will be included in every node''s catalog, *in addition* to any
classes
# specified in the console for that node.

#node default {
  # This is where you can declare classes for all nodes.
  # Example:
  #   class { ''my_class'': }
#}


# Create "/tmp/testfile" if it doesn''t exist.
class test_class {
    file { "/tmp/testfile":
       ensure => present,
       mode   => 644,
       owner  => root,
       group  => root
    }
}

# tell puppet on which client to run the class
node pc.jabber.com {
    include test_class
}



The domain is just using local DNS server which is not on web to
pre-test a jabber implementation.


On both systems when I run: puppet agent --test I keep getting these errors:


Server:

[root@ps ~]# /opt/puppet/bin/puppet agent --test
info: Retrieving plugin
err: /File[/var/opt/lib/pe-puppet/lib]: Failed to generate additional
resources using ''eval_generate: getaddrinfo: Name or service not known
err: /File[/var/opt/lib/pe-puppet/lib]: Could not evaluate:
getaddrinfo: Name or service not known Could not retrieve file
metadata for puppet://learn.localdomain/plugins: getaddrinfo: Name or
service not known
info: Loading facts in facter_dot_d
info: Loading facts in facter_dot_d
info: Loading facts in facter_dot_d
info: Loading facts in facter_dot_d
err: Could not retrieve catalog from remote server: getaddrinfo: Name
or service not known
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
err: Could not send report: getaddrinfo: Name or service not known


Client:


[root@pc ~]# puppet agent --test
err: Could not retrieve catalog from remote server: hostname was not
match with the server certificate
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
err: Could not send report: hostname was not match with the server certificate


.....am creating the cert via: puppetd -t

but not having much luck?? :-(



Regards,


Kaya


On Tue, Apr 10, 2012 at 1:55 PM, Peter Berghold <salty.cowdawg@gmail.com>
wrote:
> Kaya,
>
> The manifest file(s) are something you create to tell puppet what you want
> done.   Starting with a file in (normally) /etc/puppet/manifests/site.pp
>
> HTH
>
>
> On Tue, Apr 10, 2012 at 7:18 AM, Kaya Saman <kayasaman@gmail.com>
wrote:
>>
>> Hi,
>>
>> I am totally new to Puppet and for the last few weeks I''ve
been trying
>> to read as many documents and howto''s as possible to try to
understand
>> how Puppet works.
>>
>>
>> Currently, after going through:
>>
>> http://www.howtoforge.com/installing_puppet_on_ubuntu
>>
>> http://docs.puppetlabs.com/pe/2.5/quick_start.html
>>
>>
>>
http://that-matt.com/2010/08/puppet-retrieved-certificate-does-not-match-private-key/
>>
>> http://bitcube.co.uk/content/puppet-errors-explained
>>
>> https://www.cs.drexel.edu/node/14569
>>
>>
>> I am noticing that the client system is not generating a manifests
file???
>>
>>
>> Currently I created a new SSL certificate on the client by doing:
>>
>> puppet -t
>>
>>
>> As for the server... I am using the training OVF image learn.puppet
>> from the puppetlabs.com website.
>>
>>
>> Running: puppet agent --test on the client gives me this output:
>>
>>
>> err: Could not retrieve catalog from remote server: hostname was not
>> match with the server certificate
>> warning: Not using cache on failed catalog
>> err: Could not retrieve catalog; skipping run
>> err: Could not send report: hostname was not match with the server
>> certificate
>>
>>
>> I signed the certificate on the server by doing:
>>
>>
>> puppetca --list
>> puppetca --sign <fqdn>
>>
>>
>> This should be pretty trivial however, for whatever reason things
>> aren''t working..... could anyone give me a hand?
>>
>>
>> Thanks.
>>
>>
>>
>> Kaya
>>
>> --
>> You received this message because you are subscribed to the Google
Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscribe@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
>
>
> --
> Peter L. Berghold
> Owner, Shark River Technical Solutions LLC
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Tue, Apr 10, 2012 at 9:17 AM, Kaya Saman <kayasaman@gmail.com> wrote:
> T
> [root@ps ~]# /opt/puppet/bin/puppet agent --test
> info: Retrieving plugin
> err: /File[/var/opt/lib/pe-puppet/lib]: Failed to generate additional
> resources using ''eval_generate: getaddrinfo: Name or service not
known
> err: /File[/var/opt/lib/pe-puppet/lib]: Could not evaluate:
> getaddrinfo: Name or service not known Could not retrieve file
> metadata for puppet://learn.localdomain/plugins: getaddrinfo: Name or
> service not known
>
in the words of Jamie Hienaman (sp?) from Myth Busters... Now there''s
your
problem!

The client you are running the test on doesn''t know what host to talk
to.
In other words the host "puppet" is unknown to the client.  Try adding
the
IP address of the host running your puppet master to your /etc/hosts file.

Example:

10.1.2.3       puppet



-- 
Peter L. Berghold
Owner, Shark River Technical Solutions LLC

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Well I''ve tried again!


This time /etc/hosts on the client looks like:

[root@pc ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.4	pc.jabber.com	pc
10.0.0.6	ps.jabber.com	puppet

when I resign the client after removing the certificate, I get this:

[root@ps manifests]# /opt/puppet/sbin/puppetca --sign pc.jabber.com
notice: Signed certificate request for pc.jabber.com
notice: Removing file Puppet::SSL::CertificateRequest pc.jabber.com at
''/etc/puppetlabs/puppet/ssl/ca/requests/pc.jabber.com.pem''


[root@pc ~]# puppet agent --test
warning: peer certificate won''t be verified in this SSL session
info: Caching certificate for pc.jabber.com
err: Could not retrieve catalog from remote server: hostname was not
match with the server certificate
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
err: Could not send report: hostname was not match with the server certificate


The weird thing is that on the server I have 2 separate key instances:


[root@ps manifests]# /opt/puppet/sbin/puppetca --list
  pc.jabber.com      (CC:D2:90:11:6A:1D:49:EB:E5:3C:1F:C0:4E:89:EA:D5)
  puppet-test-client (5C:C4:3F:94:02:C3:D0:BD:F1:EB:F2:BB:A2:37:FD:3A)

for one system.


DNS from client side:


[root@pc ~]# nslookup ps.jabber.com
Server:		10.0.0.1
Address:	10.0.0.1#53

Name:	ps.jabber.com
Address: 10.0.0.6


So all in all same issue and am lost?


Regards,


Kaya


On Tue, Apr 10, 2012 at 3:00 PM, Peter Berghold <salty.cowdawg@gmail.com>
wrote:
>
>
> On Tue, Apr 10, 2012 at 9:17 AM, Kaya Saman <kayasaman@gmail.com>
wrote:
>>
>> T
>> [root@ps ~]# /opt/puppet/bin/puppet agent --test
>> info: Retrieving plugin
>> err: /File[/var/opt/lib/pe-puppet/lib]: Failed to generate additional
>> resources using ''eval_generate: getaddrinfo: Name or service
not known
>> err: /File[/var/opt/lib/pe-puppet/lib]: Could not evaluate:
>> getaddrinfo: Name or service not known Could not retrieve file
>> metadata for puppet://learn.localdomain/plugins: getaddrinfo: Name or
>> service not known
>
>
> in the words of Jamie Hienaman (sp?) from Myth Busters... Now
there''s your
> problem!
>
> The client you are running the test on doesn''t know what host to
talk to.
> In other words the host "puppet" is unknown to the client.  Try
adding the
> IP address of the host running your puppet master to your /etc/hosts file.
>
> Example:
>
> 10.1.2.3       puppet
>
>
>
>
> --
> Peter L. Berghold
> Owner, Shark River Technical Solutions LLC
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Tue, Apr 10, 2012 at 10:19 AM, Kaya Saman <kayasaman@gmail.com> wrote:
>
> err: Could not send report: hostname was not match with the server
> certificate
>
>
>
on the client run the command

facter fqdn

what does the host think its name is?





-- 
Peter L. Berghold
Owner, Shark River Technical Solutions LLC

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

This is the output of all host based commands:

[root@pc ~]# uname -a
Linux pc.jabber.com 3.3.0-4.fc16.x86_64 #1 SMP Tue Mar 20 18:05:40 UTC
2012 x86_64 x86_64 x86_64 GNU/Linux

[root@pc ~]# hostname -a
pc

[root@pc ~]# facter fqdn
pc.jabber.com


Regards,

Kaya



On Tue, Apr 10, 2012 at 4:01 PM, Peter Berghold <salty.cowdawg@gmail.com>
wrote:
>
>
> On Tue, Apr 10, 2012 at 10:19 AM, Kaya Saman <kayasaman@gmail.com>
wrote:
>>
>>
>> err: Could not send report: hostname was not match with the server
>> certificate
>>
>>
>
>
> on the client run the command
>
> facter fqdn
>
> what does the host think its name is?
>
>
>
>
>
> --
> Peter L. Berghold
> Owner, Shark River Technical Solutions LLC
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Try the following:

On the puppet master host:

cd /etc/puppet/ssl/ca/signed and remove the signed cert you generated
before.

On the client host (where you''re running the agent)

   - cd /var/lib/puppet  and remove any ssl directory you find there.
   - cd /etc/puppet and remove any ssl directory you see there.
   - run puppet agent --waitforcert=1


On the puppet master host puppetca --sign pc.jabber.com

Puppet''s built in SSL can be a bit fussy...


On Tue, Apr 10, 2012 at 11:09 AM, Kaya Saman <kayasaman@gmail.com> wrote:
> This is the output of all host based commands:
>
> [root@pc ~]# uname -a
> Linux pc.jabber.com 3.3.0-4.fc16.x86_64 #1 SMP Tue Mar 20 18:05:40 UTC
> 2012 x86_64 x86_64 x86_64 GNU/Linux
>
> [root@pc ~]# hostname -a
> pc
>
> [root@pc ~]# facter fqdn
> pc.jabber.com
>
>
> Regards,
>
> Kaya
>
>
>
> On Tue, Apr 10, 2012 at 4:01 PM, Peter Berghold
<salty.cowdawg@gmail.com>
> wrote:
> >
> >
> > On Tue, Apr 10, 2012 at 10:19 AM, Kaya Saman
<kayasaman@gmail.com>
> wrote:
> >>
> >>
> >> err: Could not send report: hostname was not match with the server
> >> certificate
> >>
> >>
> >
> >
> > on the client run the command
> >
> > facter fqdn
> >
> > what does the host think its name is?
> >
> >
> >
> >
> >
> > --
> > Peter L. Berghold
> > Owner, Shark River Technical Solutions LLC
> >
> > --
> > You received this message because you are subscribed to the Google
Groups
> > "Puppet Users" group.
> > To post to this group, send email to puppet-users@googlegroups.com.
> > To unsubscribe from this group, send email to
> > puppet-users+unsubscribe@googlegroups.com.
> > For more options, visit this group at
> > http://groups.google.com/group/puppet-users?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
Peter L. Berghold
Owner, Shark River Technical Solutions LLC

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On the server I get this error:

cd /etc/puppet/ssl/ca/signed
-bash: cd: /etc/puppet/ssl/ca/signed: No such file or directory


The output of puppet agent --waitforcert=1


[root@pc puppet]# puppet agent --waitforcert=1
[root@pc puppet]#


Is this correct?


On Tue, Apr 10, 2012 at 4:15 PM, Peter Berghold <salty.cowdawg@gmail.com>
wrote:
> Try the following:
>
> On the puppet master host:
>
> cd /etc/puppet/ssl/ca/signed and remove the signed cert you generated
> before.
>
> On the client host (where you''re running the agent)
>
> cd /var/lib/puppet  and remove any ssl directory you find there.
> cd /etc/puppet and remove any ssl directory you see there.
> run puppet agent --waitforcert=1
>
>
> On the puppet master host puppetca --sign pc.jabber.com
>
> Puppet''s built in SSL can be a bit fussy...
>
>
>
> On Tue, Apr 10, 2012 at 11:09 AM, Kaya Saman <kayasaman@gmail.com>
wrote:
>>
>> This is the output of all host based commands:
>>
>> [root@pc ~]# uname -a
>> Linux pc.jabber.com 3.3.0-4.fc16.x86_64 #1 SMP Tue Mar 20 18:05:40 UTC
>> 2012 x86_64 x86_64 x86_64 GNU/Linux
>>
>> [root@pc ~]# hostname -a
>> pc
>>
>> [root@pc ~]# facter fqdn
>> pc.jabber.com
>>
>>
>> Regards,
>>
>> Kaya
>>
>>
>>
>> On Tue, Apr 10, 2012 at 4:01 PM, Peter Berghold
<salty.cowdawg@gmail.com>
>> wrote:
>> >
>> >
>> > On Tue, Apr 10, 2012 at 10:19 AM, Kaya Saman
<kayasaman@gmail.com>
>> > wrote:
>> >>
>> >>
>> >> err: Could not send report: hostname was not match with the
server
>> >> certificate
>> >>
>> >>
>> >
>> >
>> > on the client run the command
>> >
>> > facter fqdn
>> >
>> > what does the host think its name is?
>> >
>> >
>> >
>> >
>> >
>> > --
>> > Peter L. Berghold
>> > Owner, Shark River Technical Solutions LLC
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "Puppet Users" group.
>> > To post to this group, send email to
puppet-users@googlegroups.com.
>> > To unsubscribe from this group, send email to
>> > puppet-users+unsubscribe@googlegroups.com.
>> > For more options, visit this group at
>> > http://groups.google.com/group/puppet-users?hl=en.
>>
>> --
>> You received this message because you are subscribed to the Google
Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscribe@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
>
>
> --
> Peter L. Berghold
> Owner, Shark River Technical Solutions LLC
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Ok quick update... turns out the signed dir was in a different location:

/etc/puppetlabs/puppet/ssl/ca/signed


I rectified that part but now a bit lost!


On Tue, Apr 10, 2012 at 4:25 PM, Kaya Saman <kayasaman@gmail.com>
wrote:
> On the server I get this error:
>
> cd /etc/puppet/ssl/ca/signed
> -bash: cd: /etc/puppet/ssl/ca/signed: No such file or directory
>
>
> The output of puppet agent --waitforcert=1
>
>
> [root@pc puppet]# puppet agent --waitforcert=1
> [root@pc puppet]#
>
>
> Is this correct?
>
>
> On Tue, Apr 10, 2012 at 4:15 PM, Peter Berghold
<salty.cowdawg@gmail.com> wrote:
>> Try the following:
>>
>> On the puppet master host:
>>
>> cd /etc/puppet/ssl/ca/signed and remove the signed cert you generated
>> before.
>>
>> On the client host (where you''re running the agent)
>>
>> cd /var/lib/puppet  and remove any ssl directory you find there.
>> cd /etc/puppet and remove any ssl directory you see there.
>> run puppet agent --waitforcert=1
>>
>>
>> On the puppet master host puppetca --sign pc.jabber.com
>>
>> Puppet''s built in SSL can be a bit fussy...
>>
>>
>>
>> On Tue, Apr 10, 2012 at 11:09 AM, Kaya Saman
<kayasaman@gmail.com> wrote:
>>>
>>> This is the output of all host based commands:
>>>
>>> [root@pc ~]# uname -a
>>> Linux pc.jabber.com 3.3.0-4.fc16.x86_64 #1 SMP Tue Mar 20 18:05:40
UTC
>>> 2012 x86_64 x86_64 x86_64 GNU/Linux
>>>
>>> [root@pc ~]# hostname -a
>>> pc
>>>
>>> [root@pc ~]# facter fqdn
>>> pc.jabber.com
>>>
>>>
>>> Regards,
>>>
>>> Kaya
>>>
>>>
>>>
>>> On Tue, Apr 10, 2012 at 4:01 PM, Peter Berghold
<salty.cowdawg@gmail.com>
>>> wrote:
>>> >
>>> >
>>> > On Tue, Apr 10, 2012 at 10:19 AM, Kaya Saman
<kayasaman@gmail.com>
>>> > wrote:
>>> >>
>>> >>
>>> >> err: Could not send report: hostname was not match with
the server
>>> >> certificate
>>> >>
>>> >>
>>> >
>>> >
>>> > on the client run the command
>>> >
>>> > facter fqdn
>>> >
>>> > what does the host think its name is?
>>> >
>>> >
>>> >
>>> >
>>> >
>>> > --
>>> > Peter L. Berghold
>>> > Owner, Shark River Technical Solutions LLC
>>> >
>>> > --
>>> > You received this message because you are subscribed to the
Google
>>> > Groups
>>> > "Puppet Users" group.
>>> > To post to this group, send email to
puppet-users@googlegroups.com.
>>> > To unsubscribe from this group, send email to
>>> > puppet-users+unsubscribe@googlegroups.com.
>>> > For more options, visit this group at
>>> > http://groups.google.com/group/puppet-users?hl=en.
>>>
>>> --
>>> You received this message because you are subscribed to the Google
Groups
>>> "Puppet Users" group.
>>> To post to this group, send email to puppet-users@googlegroups.com.
>>> To unsubscribe from this group, send email to
>>> puppet-users+unsubscribe@googlegroups.com.
>>> For more options, visit this group at
>>> http://groups.google.com/group/puppet-users?hl=en.
>>>
>>
>>
>>
>> --
>> Peter L. Berghold
>> Owner, Shark River Technical Solutions LLC
>>
>> --
>> You received this message because you are subscribed to the Google
Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscribe@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Eh?  What platform are you running on and why /etc/puppetlabs?



On Tue, Apr 10, 2012 at 11:31 AM, Kaya Saman <kayasaman@gmail.com> wrote:
> Ok quick update... turns out the signed dir was in a different location:
>
> /etc/puppetlabs/puppet/ssl/ca/signed
>
>
> I rectified that part but now a bit lost!
>
>
> On Tue, Apr 10, 2012 at 4:25 PM, Kaya Saman <kayasaman@gmail.com>
wrote:
> > On the server I get this error:
> >
> > cd /etc/puppet/ssl/ca/signed
> > -bash: cd: /etc/puppet/ssl/ca/signed: No such file or directory
> >
> >
> > The output of puppet agent --waitforcert=1
> >
> >
> > [root@pc puppet]# puppet agent --waitforcert=1
> > [root@pc puppet]#
> >
> >
> > Is this correct?
> >
> >
> > On Tue, Apr 10, 2012 at 4:15 PM, Peter Berghold
<salty.cowdawg@gmail.com>
> wrote:
> >> Try the following:
> >>
> >> On the puppet master host:
> >>
> >> cd /etc/puppet/ssl/ca/signed and remove the signed cert you
generated
> >> before.
> >>
> >> On the client host (where you''re running the agent)
> >>
> >> cd /var/lib/puppet  and remove any ssl directory you find there.
> >> cd /etc/puppet and remove any ssl directory you see there.
> >> run puppet agent --waitforcert=1
> >>
> >>
> >> On the puppet master host puppetca --sign pc.jabber.com
> >>
> >> Puppet''s built in SSL can be a bit fussy...
> >>
> >>
> >>
> >> On Tue, Apr 10, 2012 at 11:09 AM, Kaya Saman
<kayasaman@gmail.com>
> wrote:
> >>>
> >>> This is the output of all host based commands:
> >>>
> >>> [root@pc ~]# uname -a
> >>> Linux pc.jabber.com 3.3.0-4.fc16.x86_64 #1 SMP Tue Mar 20
18:05:40 UTC
> >>> 2012 x86_64 x86_64 x86_64 GNU/Linux
> >>>
> >>> [root@pc ~]# hostname -a
> >>> pc
> >>>
> >>> [root@pc ~]# facter fqdn
> >>> pc.jabber.com
> >>>
> >>>
> >>> Regards,
> >>>
> >>> Kaya
> >>>
> >>>
> >>>
> >>> On Tue, Apr 10, 2012 at 4:01 PM, Peter Berghold <
> salty.cowdawg@gmail.com>
> >>> wrote:
> >>> >
> >>> >
> >>> > On Tue, Apr 10, 2012 at 10:19 AM, Kaya Saman
<kayasaman@gmail.com>
> >>> > wrote:
> >>> >>
> >>> >>
> >>> >> err: Could not send report: hostname was not match
with the server
> >>> >> certificate
> >>> >>
> >>> >>
> >>> >
> >>> >
> >>> > on the client run the command
> >>> >
> >>> > facter fqdn
> >>> >
> >>> > what does the host think its name is?
> >>> >
> >>> >
> >>> >
> >>> >
> >>> >
> >>> > --
> >>> > Peter L. Berghold
> >>> > Owner, Shark River Technical Solutions LLC
> >>> >
> >>> > --
> >>> > You received this message because you are subscribed to
the Google
> >>> > Groups
> >>> > "Puppet Users" group.
> >>> > To post to this group, send email to
puppet-users@googlegroups.com.
> >>> > To unsubscribe from this group, send email to
> >>> > puppet-users+unsubscribe@googlegroups.com.
> >>> > For more options, visit this group at
> >>> > http://groups.google.com/group/puppet-users?hl=en.
> >>>
> >>> --
> >>> You received this message because you are subscribed to the
Google
> Groups
> >>> "Puppet Users" group.
> >>> To post to this group, send email to
puppet-users@googlegroups.com.
> >>> To unsubscribe from this group, send email to
> >>> puppet-users+unsubscribe@googlegroups.com.
> >>> For more options, visit this group at
> >>> http://groups.google.com/group/puppet-users?hl=en.
> >>>
> >>
> >>
> >>
> >> --
> >> Peter L. Berghold
> >> Owner, Shark River Technical Solutions LLC
> >>
> >> --
> >> You received this message because you are subscribed to the Google
> Groups
> >> "Puppet Users" group.
> >> To post to this group, send email to
puppet-users@googlegroups.com.
> >> To unsubscribe from this group, send email to
> >> puppet-users+unsubscribe@googlegroups.com.
> >> For more options, visit this group at
> >> http://groups.google.com/group/puppet-users?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
Peter L. Berghold
Owner, Shark River Technical Solutions LLC

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

It''s the Puppet OVF learn.localdomain Puppet image I downloaded from
the puppetlabs website!

Here is URL:

http://docs.puppetlabs.com/learning/


http://info.puppetlabs.com/download-learning-puppet-VM.html


It''s a CentOS based system but stores Puppet in /opt/puppet rather
then your typical local install.

I''ve got a FreeBSD clean Puppet server too which is unconfigured as of
yet so just waiting to get this running before I move on to something
more complex.


Regards,


Kaya


On Tue, Apr 10, 2012 at 4:34 PM, Peter Berghold <salty.cowdawg@gmail.com>
wrote:
> Eh?  What platform are you running on and why /etc/puppetlabs?
>
>
>
>
> On Tue, Apr 10, 2012 at 11:31 AM, Kaya Saman <kayasaman@gmail.com>
wrote:
>>
>> Ok quick update... turns out the signed dir was in a different
location:
>>
>> /etc/puppetlabs/puppet/ssl/ca/signed
>>
>>
>> I rectified that part but now a bit lost!
>>
>>
>> On Tue, Apr 10, 2012 at 4:25 PM, Kaya Saman <kayasaman@gmail.com>
wrote:
>> > On the server I get this error:
>> >
>> > cd /etc/puppet/ssl/ca/signed
>> > -bash: cd: /etc/puppet/ssl/ca/signed: No such file or directory
>> >
>> >
>> > The output of puppet agent --waitforcert=1
>> >
>> >
>> > [root@pc puppet]# puppet agent --waitforcert=1
>> > [root@pc puppet]#
>> >
>> >
>> > Is this correct?
>> >
>> >
>> > On Tue, Apr 10, 2012 at 4:15 PM, Peter Berghold
>> > <salty.cowdawg@gmail.com> wrote:
>> >> Try the following:
>> >>
>> >> On the puppet master host:
>> >>
>> >> cd /etc/puppet/ssl/ca/signed and remove the signed cert you
generated
>> >> before.
>> >>
>> >> On the client host (where you''re running the agent)
>> >>
>> >> cd /var/lib/puppet  and remove any ssl directory you find
there.
>> >> cd /etc/puppet and remove any ssl directory you see there.
>> >> run puppet agent --waitforcert=1
>> >>
>> >>
>> >> On the puppet master host puppetca --sign pc.jabber.com
>> >>
>> >> Puppet''s built in SSL can be a bit fussy...
>> >>
>> >>
>> >>
>> >> On Tue, Apr 10, 2012 at 11:09 AM, Kaya Saman
<kayasaman@gmail.com>
>> >> wrote:
>> >>>
>> >>> This is the output of all host based commands:
>> >>>
>> >>> [root@pc ~]# uname -a
>> >>> Linux pc.jabber.com 3.3.0-4.fc16.x86_64 #1 SMP Tue Mar 20
18:05:40 UTC
>> >>> 2012 x86_64 x86_64 x86_64 GNU/Linux
>> >>>
>> >>> [root@pc ~]# hostname -a
>> >>> pc
>> >>>
>> >>> [root@pc ~]# facter fqdn
>> >>> pc.jabber.com
>> >>>
>> >>>
>> >>> Regards,
>> >>>
>> >>> Kaya
>> >>>
>> >>>
>> >>>
>> >>> On Tue, Apr 10, 2012 at 4:01 PM, Peter Berghold
>> >>> <salty.cowdawg@gmail.com>
>> >>> wrote:
>> >>> >
>> >>> >
>> >>> > On Tue, Apr 10, 2012 at 10:19 AM, Kaya Saman
<kayasaman@gmail.com>
>> >>> > wrote:
>> >>> >>
>> >>> >>
>> >>> >> err: Could not send report: hostname was not
match with the server
>> >>> >> certificate
>> >>> >>
>> >>> >>
>> >>> >
>> >>> >
>> >>> > on the client run the command
>> >>> >
>> >>> > facter fqdn
>> >>> >
>> >>> > what does the host think its name is?
>> >>> >
>> >>> >
>> >>> >
>> >>> >
>> >>> >
>> >>> > --
>> >>> > Peter L. Berghold
>> >>> > Owner, Shark River Technical Solutions LLC
>> >>> >
>> >>> > --
>> >>> > You received this message because you are subscribed
to the Google
>> >>> > Groups
>> >>> > "Puppet Users" group.
>> >>> > To post to this group, send email to
puppet-users@googlegroups.com.
>> >>> > To unsubscribe from this group, send email to
>> >>> > puppet-users+unsubscribe@googlegroups.com.
>> >>> > For more options, visit this group at
>> >>> > http://groups.google.com/group/puppet-users?hl=en.
>> >>>
>> >>> --
>> >>> You received this message because you are subscribed to
the Google
>> >>> Groups
>> >>> "Puppet Users" group.
>> >>> To post to this group, send email to
puppet-users@googlegroups.com.
>> >>> To unsubscribe from this group, send email to
>> >>> puppet-users+unsubscribe@googlegroups.com.
>> >>> For more options, visit this group at
>> >>> http://groups.google.com/group/puppet-users?hl=en.
>> >>>
>> >>
>> >>
>> >>
>> >> --
>> >> Peter L. Berghold
>> >> Owner, Shark River Technical Solutions LLC
>> >>
>> >> --
>> >> You received this message because you are subscribed to the
Google
>> >> Groups
>> >> "Puppet Users" group.
>> >> To post to this group, send email to
puppet-users@googlegroups.com.
>> >> To unsubscribe from this group, send email to
>> >> puppet-users+unsubscribe@googlegroups.com.
>> >> For more options, visit this group at
>> >> http://groups.google.com/group/puppet-users?hl=en.
>>
>> --
>> You received this message because you are subscribed to the Google
Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscribe@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
>
>
> --
> Peter L. Berghold
> Owner, Shark River Technical Solutions LLC
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Again more weirdness as running:

puppetca --clean pc.jabber.com on server yields client to respond with:

[root@pc puppet]# puppet agent --waitforcert=1
[root@pc puppet]# puppet agent --test
err: Could not request certificate: Retrieved certificate does not
match private key; please remove certificate from server and
regenerate it with the current key
Exiting; failed to retrieve certificate and waitforcert is disabled

??

How do I regenerate the certificate with the current key?


puppet -t creates a new cert but how does that function with key?



Regards


On Tue, Apr 10, 2012 at 4:37 PM, Kaya Saman <kayasaman@gmail.com>
wrote:
> It''s the Puppet OVF learn.localdomain Puppet image I downloaded
from
> the puppetlabs website!
>
> Here is URL:
>
> http://docs.puppetlabs.com/learning/
>
>
> http://info.puppetlabs.com/download-learning-puppet-VM.html
>
>
> It''s a CentOS based system but stores Puppet in /opt/puppet rather
> then your typical local install.
>
> I''ve got a FreeBSD clean Puppet server too which is unconfigured
as of
> yet so just waiting to get this running before I move on to something
> more complex.
>
>
> Regards,
>
>
> Kaya
>
>
> On Tue, Apr 10, 2012 at 4:34 PM, Peter Berghold
<salty.cowdawg@gmail.com> wrote:
>> Eh?  What platform are you running on and why /etc/puppetlabs?
>>
>>
>>
>>
>> On Tue, Apr 10, 2012 at 11:31 AM, Kaya Saman
<kayasaman@gmail.com> wrote:
>>>
>>> Ok quick update... turns out the signed dir was in a different
location:
>>>
>>> /etc/puppetlabs/puppet/ssl/ca/signed
>>>
>>>
>>> I rectified that part but now a bit lost!
>>>
>>>
>>> On Tue, Apr 10, 2012 at 4:25 PM, Kaya Saman
<kayasaman@gmail.com> wrote:
>>> > On the server I get this error:
>>> >
>>> > cd /etc/puppet/ssl/ca/signed
>>> > -bash: cd: /etc/puppet/ssl/ca/signed: No such file or
directory
>>> >
>>> >
>>> > The output of puppet agent --waitforcert=1
>>> >
>>> >
>>> > [root@pc puppet]# puppet agent --waitforcert=1
>>> > [root@pc puppet]#
>>> >
>>> >
>>> > Is this correct?
>>> >
>>> >
>>> > On Tue, Apr 10, 2012 at 4:15 PM, Peter Berghold
>>> > <salty.cowdawg@gmail.com> wrote:
>>> >> Try the following:
>>> >>
>>> >> On the puppet master host:
>>> >>
>>> >> cd /etc/puppet/ssl/ca/signed and remove the signed cert
you generated
>>> >> before.
>>> >>
>>> >> On the client host (where you''re running the
agent)
>>> >>
>>> >> cd /var/lib/puppet  and remove any ssl directory you find
there.
>>> >> cd /etc/puppet and remove any ssl directory you see there.
>>> >> run puppet agent --waitforcert=1
>>> >>
>>> >>
>>> >> On the puppet master host puppetca --sign pc.jabber.com
>>> >>
>>> >> Puppet''s built in SSL can be a bit fussy...
>>> >>
>>> >>
>>> >>
>>> >> On Tue, Apr 10, 2012 at 11:09 AM, Kaya Saman
<kayasaman@gmail.com>
>>> >> wrote:
>>> >>>
>>> >>> This is the output of all host based commands:
>>> >>>
>>> >>> [root@pc ~]# uname -a
>>> >>> Linux pc.jabber.com 3.3.0-4.fc16.x86_64 #1 SMP Tue Mar
20 18:05:40 UTC
>>> >>> 2012 x86_64 x86_64 x86_64 GNU/Linux
>>> >>>
>>> >>> [root@pc ~]# hostname -a
>>> >>> pc
>>> >>>
>>> >>> [root@pc ~]# facter fqdn
>>> >>> pc.jabber.com
>>> >>>
>>> >>>
>>> >>> Regards,
>>> >>>
>>> >>> Kaya
>>> >>>
>>> >>>
>>> >>>
>>> >>> On Tue, Apr 10, 2012 at 4:01 PM, Peter Berghold
>>> >>> <salty.cowdawg@gmail.com>
>>> >>> wrote:
>>> >>> >
>>> >>> >
>>> >>> > On Tue, Apr 10, 2012 at 10:19 AM, Kaya Saman
<kayasaman@gmail.com>
>>> >>> > wrote:
>>> >>> >>
>>> >>> >>
>>> >>> >> err: Could not send report: hostname was not
match with the server
>>> >>> >> certificate
>>> >>> >>
>>> >>> >>
>>> >>> >
>>> >>> >
>>> >>> > on the client run the command
>>> >>> >
>>> >>> > facter fqdn
>>> >>> >
>>> >>> > what does the host think its name is?
>>> >>> >
>>> >>> >
>>> >>> >
>>> >>> >
>>> >>> >
>>> >>> > --
>>> >>> > Peter L. Berghold
>>> >>> > Owner, Shark River Technical Solutions LLC
>>> >>> >
>>> >>> > --
>>> >>> > You received this message because you are
subscribed to the Google
>>> >>> > Groups
>>> >>> > "Puppet Users" group.
>>> >>> > To post to this group, send email to
puppet-users@googlegroups.com.
>>> >>> > To unsubscribe from this group, send email to
>>> >>> > puppet-users+unsubscribe@googlegroups.com.
>>> >>> > For more options, visit this group at
>>> >>> >
http://groups.google.com/group/puppet-users?hl=en.
>>> >>>
>>> >>> --
>>> >>> You received this message because you are subscribed
to the Google
>>> >>> Groups
>>> >>> "Puppet Users" group.
>>> >>> To post to this group, send email to
puppet-users@googlegroups.com.
>>> >>> To unsubscribe from this group, send email to
>>> >>> puppet-users+unsubscribe@googlegroups.com.
>>> >>> For more options, visit this group at
>>> >>> http://groups.google.com/group/puppet-users?hl=en.
>>> >>>
>>> >>
>>> >>
>>> >>
>>> >> --
>>> >> Peter L. Berghold
>>> >> Owner, Shark River Technical Solutions LLC
>>> >>
>>> >> --
>>> >> You received this message because you are subscribed to
the Google
>>> >> Groups
>>> >> "Puppet Users" group.
>>> >> To post to this group, send email to
puppet-users@googlegroups.com.
>>> >> To unsubscribe from this group, send email to
>>> >> puppet-users+unsubscribe@googlegroups.com.
>>> >> For more options, visit this group at
>>> >> http://groups.google.com/group/puppet-users?hl=en.
>>>
>>> --
>>> You received this message because you are subscribed to the Google
Groups
>>> "Puppet Users" group.
>>> To post to this group, send email to puppet-users@googlegroups.com.
>>> To unsubscribe from this group, send email to
>>> puppet-users+unsubscribe@googlegroups.com.
>>> For more options, visit this group at
>>> http://groups.google.com/group/puppet-users?hl=en.
>>>
>>
>>
>>
>> --
>> Peter L. Berghold
>> Owner, Shark River Technical Solutions LLC
>>
>> --
>> You received this message because you are subscribed to the Google
Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscribe@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

OK

This is why I took you down the path I did.   Essentially what you want to
have happen is the client should generate its own cert and during its first
interaction with the master get it signed by the master.

On Tue, Apr 10, 2012 at 12:17 PM, Kaya Saman <kayasaman@gmail.com> wrote:
> Again more weirdness as running:
>
> puppetca --clean pc.jabber.com on server yields client to respond with:
>
> [root@pc puppet]# puppet agent --waitforcert=1
>
Forgot the --test invocation.  What that command line does is start the
agent as a daemon and wait for the master to sign its cert.

Kill off the agent :

ps -ef | grep agent
 <note the pid>
kill -9 <pid>

clean out the ssl dirs that exist on the client

kill off the cert on the master

puppet agent --test --waitforcert=1

That should get it for you...

[root@pc puppet]# puppet agent --test
> err: Could not request certificate: Retrieved certificate does not
> match private key; please remove certificate from server and
> regenerate it with the current key
> Exiting; failed to retrieve certificate and waitforcert is disabled
>
> ??
>
> How do I regenerate the certificate with the current key?
>
>
> puppet -t creates a new cert but how does that function with key?
>
>
>
> Regards
>
>
> On Tue, Apr 10, 2012 at 4:37 PM, Kaya Saman <kayasaman@gmail.com>
wrote:
> > It''s the Puppet OVF learn.localdomain Puppet image I
downloaded from
> > the puppetlabs website!
> >
> > Here is URL:
> >
> > http://docs.puppetlabs.com/learning/
> >
> >
> > http://info.puppetlabs.com/download-learning-puppet-VM.html
> >
> >
> > It''s a CentOS based system but stores Puppet in /opt/puppet
rather
> > then your typical local install.
> >
> > I''ve got a FreeBSD clean Puppet server too which is
unconfigured as of
> > yet so just waiting to get this running before I move on to something
> > more complex.
> >
> >
> > Regards,
> >
> >
> > Kaya
> >
> >
> > On Tue, Apr 10, 2012 at 4:34 PM, Peter Berghold
<salty.cowdawg@gmail.com>
> wrote:
> >> Eh?  What platform are you running on and why /etc/puppetlabs?
> >>
> >>
> >>
> >>
> >> On Tue, Apr 10, 2012 at 11:31 AM, Kaya Saman
<kayasaman@gmail.com>
> wrote:
> >>>
> >>> Ok quick update... turns out the signed dir was in a different
> location:
> >>>
> >>> /etc/puppetlabs/puppet/ssl/ca/signed
> >>>
> >>>
> >>> I rectified that part but now a bit lost!
> >>>
> >>>
> >>> On Tue, Apr 10, 2012 at 4:25 PM, Kaya Saman
<kayasaman@gmail.com>
> wrote:
> >>> > On the server I get this error:
> >>> >
> >>> > cd /etc/puppet/ssl/ca/signed
> >>> > -bash: cd: /etc/puppet/ssl/ca/signed: No such file or
directory
> >>> >
> >>> >
> >>> > The output of puppet agent --waitforcert=1
> >>> >
> >>> >
> >>> > [root@pc puppet]# puppet agent --waitforcert=1
> >>> > [root@pc puppet]#
> >>> >
> >>> >
> >>> > Is this correct?
> >>> >
> >>> >
> >>> > On Tue, Apr 10, 2012 at 4:15 PM, Peter Berghold
> >>> > <salty.cowdawg@gmail.com> wrote:
> >>> >> Try the following:
> >>> >>
> >>> >> On the puppet master host:
> >>> >>
> >>> >> cd /etc/puppet/ssl/ca/signed and remove the signed
cert you
> generated
> >>> >> before.
> >>> >>
> >>> >> On the client host (where you''re running the
agent)
> >>> >>
> >>> >> cd /var/lib/puppet  and remove any ssl directory you
find there.
> >>> >> cd /etc/puppet and remove any ssl directory you see
there.
> >>> >> run puppet agent --waitforcert=1
> >>> >>
> >>> >>
> >>> >> On the puppet master host puppetca --sign
pc.jabber.com
> >>> >>
> >>> >> Puppet''s built in SSL can be a bit fussy...
> >>> >>
> >>> >>
> >>> >>
> >>> >> On Tue, Apr 10, 2012 at 11:09 AM, Kaya Saman
<kayasaman@gmail.com>
> >>> >> wrote:
> >>> >>>
> >>> >>> This is the output of all host based commands:
> >>> >>>
> >>> >>> [root@pc ~]# uname -a
> >>> >>> Linux pc.jabber.com 3.3.0-4.fc16.x86_64 #1 SMP
Tue Mar 20
> 18:05:40 UTC
> >>> >>> 2012 x86_64 x86_64 x86_64 GNU/Linux
> >>> >>>
> >>> >>> [root@pc ~]# hostname -a
> >>> >>> pc
> >>> >>>
> >>> >>> [root@pc ~]# facter fqdn
> >>> >>> pc.jabber.com
> >>> >>>
> >>> >>>
> >>> >>> Regards,
> >>> >>>
> >>> >>> Kaya
> >>> >>>
> >>> >>>
> >>> >>>
> >>> >>> On Tue, Apr 10, 2012 at 4:01 PM, Peter Berghold
> >>> >>> <salty.cowdawg@gmail.com>
> >>> >>> wrote:
> >>> >>> >
> >>> >>> >
> >>> >>> > On Tue, Apr 10, 2012 at 10:19 AM, Kaya Saman
<
> kayasaman@gmail.com>
> >>> >>> > wrote:
> >>> >>> >>
> >>> >>> >>
> >>> >>> >> err: Could not send report: hostname was
not match with the
> server
> >>> >>> >> certificate
> >>> >>> >>
> >>> >>> >>
> >>> >>> >
> >>> >>> >
> >>> >>> > on the client run the command
> >>> >>> >
> >>> >>> > facter fqdn
> >>> >>> >
> >>> >>> > what does the host think its name is?
> >>> >>> >
> >>> >>> >
> >>> >>> >
> >>> >>> >
> >>> >>> >
> >>> >>> > --
> >>> >>> > Peter L. Berghold
> >>> >>> > Owner, Shark River Technical Solutions LLC
> >>> >>> >
> >>> >>> > --
> >>> >>> > You received this message because you are
subscribed to the
> Google
> >>> >>> > Groups
> >>> >>> > "Puppet Users" group.
> >>> >>> > To post to this group, send email to
> puppet-users@googlegroups.com.
> >>> >>> > To unsubscribe from this group, send email
to
> >>> >>> > puppet-users+unsubscribe@googlegroups.com.
> >>> >>> > For more options, visit this group at
> >>> >>> >
http://groups.google.com/group/puppet-users?hl=en.
> >>> >>>
> >>> >>> --
> >>> >>> You received this message because you are
subscribed to the Google
> >>> >>> Groups
> >>> >>> "Puppet Users" group.
> >>> >>> To post to this group, send email to
puppet-users@googlegroups.com
> .
> >>> >>> To unsubscribe from this group, send email to
> >>> >>> puppet-users+unsubscribe@googlegroups.com.
> >>> >>> For more options, visit this group at
> >>> >>>
http://groups.google.com/group/puppet-users?hl=en.
> >>> >>>
> >>> >>
> >>> >>
> >>> >>
> >>> >> --
> >>> >> Peter L. Berghold
> >>> >> Owner, Shark River Technical Solutions LLC
> >>> >>
> >>> >> --
> >>> >> You received this message because you are subscribed
to the Google
> >>> >> Groups
> >>> >> "Puppet Users" group.
> >>> >> To post to this group, send email to
puppet-users@googlegroups.com.
> >>> >> To unsubscribe from this group, send email to
> >>> >> puppet-users+unsubscribe@googlegroups.com.
> >>> >> For more options, visit this group at
> >>> >> http://groups.google.com/group/puppet-users?hl=en.
> >>>
> >>> --
> >>> You received this message because you are subscribed to the
Google
> Groups
> >>> "Puppet Users" group.
> >>> To post to this group, send email to
puppet-users@googlegroups.com.
> >>> To unsubscribe from this group, send email to
> >>> puppet-users+unsubscribe@googlegroups.com.
> >>> For more options, visit this group at
> >>> http://groups.google.com/group/puppet-users?hl=en.
> >>>
> >>
> >>
> >>
> >> --
> >> Peter L. Berghold
> >> Owner, Shark River Technical Solutions LLC
> >>
> >> --
> >> You received this message because you are subscribed to the Google
> Groups
> >> "Puppet Users" group.
> >> To post to this group, send email to
puppet-users@googlegroups.com.
> >> To unsubscribe from this group, send email to
> >> puppet-users+unsubscribe@googlegroups.com.
> >> For more options, visit this group at
> >> http://groups.google.com/group/puppet-users?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
Peter L. Berghold
Owner, Shark River Technical Solutions LLC

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Here is what I would suggest.

Clean the /var/lib/puppet directory on both server as well as client.
And then restart puppetmaster on the server.

# puppetd --server your.servername.com --waitforcert 60 --test

Then check on server

# puppetca --list

You can see the list of the client

# puppetca --sign client-name.fqdn

Then run this command on client

# puppet agent --test

I know you have did the same for n times and another thing is that 
check both the date and time whether it is  proper or not on both 
server and client while performing the above test.

if any error let me know.

On Tuesday 10 April 2012 10:51:00 PM IST, Peter Berghold
wrote:
> OK
>
> This is why I took you down the path I did.   Essentially what you
> want to have happen is the client should generate its own cert and
> during its first interaction with the master get it signed by the master.
>
> On Tue, Apr 10, 2012 at 12:17 PM, Kaya Saman <kayasaman@gmail.com
> <mailto:kayasaman@gmail.com>> wrote:
>
>     Again more weirdness as running:
>
>     puppetca --clean pc.jabber.com <http://pc.jabber.com> on server
>     yields client to respond with:
>
>     [root@pc puppet]# puppet agent --waitforcert=1
>
>
> Forgot the --test invocation.  What that command line does is start
> the agent as a daemon and wait for the master to sign its cert.
>
> Kill off the agent :
>
> ps -ef | grep agent
> <note the pid>
> kill -9 <pid>
>
> clean out the ssl dirs that exist on the client
>
> kill off the cert on the master
>
> puppet agent --test --waitforcert=1
>
> That should get it for you...
>
>     [root@pc puppet]# puppet agent --test
>     err: Could not request certificate: Retrieved certificate does not
>     match private key; please remove certificate from server and
>     regenerate it with the current key
>     Exiting; failed to retrieve certificate and waitforcert is disabled
>
>     ??
>
>     How do I regenerate the certificate with the current key?
>
>
>     puppet -t creates a new cert but how does that function with key?
>
>
>
>     Regards
>
>
>     On Tue, Apr 10, 2012 at 4:37 PM, Kaya Saman <kayasaman@gmail.com
>     <mailto:kayasaman@gmail.com>> wrote:
>     > It''s the Puppet OVF learn.localdomain Puppet image I
downloaded from
>     > the puppetlabs website!
>     >
>     > Here is URL:
>     >
>     > http://docs.puppetlabs.com/learning/
>     >
>     >
>     > http://info.puppetlabs.com/download-learning-puppet-VM.html
>     >
>     >
>     > It''s a CentOS based system but stores Puppet in
/opt/puppet rather
>     > then your typical local install.
>     >
>     > I''ve got a FreeBSD clean Puppet server too which is
unconfigured
>     as of
>     > yet so just waiting to get this running before I move on to
>     something
>     > more complex.
>     >
>     >
>     > Regards,
>     >
>     >
>     > Kaya
>     >
>     >
>     > On Tue, Apr 10, 2012 at 4:34 PM, Peter Berghold
>     <salty.cowdawg@gmail.com <mailto:salty.cowdawg@gmail.com>>
wrote:
>     >> Eh?  What platform are you running on and why /etc/puppetlabs?
>     >>
>     >>
>     >>
>     >>
>     >> On Tue, Apr 10, 2012 at 11:31 AM, Kaya Saman
>     <kayasaman@gmail.com <mailto:kayasaman@gmail.com>> wrote:
>     >>>
>     >>> Ok quick update... turns out the signed dir was in a
different
>     location:
>     >>>
>     >>> /etc/puppetlabs/puppet/ssl/ca/signed
>     >>>
>     >>>
>     >>> I rectified that part but now a bit lost!
>     >>>
>     >>>
>     >>> On Tue, Apr 10, 2012 at 4:25 PM, Kaya Saman
>     <kayasaman@gmail.com <mailto:kayasaman@gmail.com>> wrote:
>     >>> > On the server I get this error:
>     >>> >
>     >>> > cd /etc/puppet/ssl/ca/signed
>     >>> > -bash: cd: /etc/puppet/ssl/ca/signed: No such file or
directory
>     >>> >
>     >>> >
>     >>> > The output of puppet agent --waitforcert=1
>     >>> >
>     >>> >
>     >>> > [root@pc puppet]# puppet agent --waitforcert=1
>     >>> > [root@pc puppet]#
>     >>> >
>     >>> >
>     >>> > Is this correct?
>     >>> >
>     >>> >
>     >>> > On Tue, Apr 10, 2012 at 4:15 PM, Peter Berghold
>     >>> > <salty.cowdawg@gmail.com
<mailto:salty.cowdawg@gmail.com>>
>     wrote:
>     >>> >> Try the following:
>     >>> >>
>     >>> >> On the puppet master host:
>     >>> >>
>     >>> >> cd /etc/puppet/ssl/ca/signed and remove the
signed cert you
>     generated
>     >>> >> before.
>     >>> >>
>     >>> >> On the client host (where you''re running
the agent)
>     >>> >>
>     >>> >> cd /var/lib/puppet  and remove any ssl directory
you find
>     there.
>     >>> >> cd /etc/puppet and remove any ssl directory you
see there.
>     >>> >> run puppet agent --waitforcert=1
>     >>> >>
>     >>> >>
>     >>> >> On the puppet master host puppetca --sign
pc.jabber.com
>     <http://pc.jabber.com>
>     >>> >>
>     >>> >> Puppet''s built in SSL can be a bit
fussy...
>     >>> >>
>     >>> >>
>     >>> >>
>     >>> >> On Tue, Apr 10, 2012 at 11:09 AM, Kaya Saman
>     <kayasaman@gmail.com <mailto:kayasaman@gmail.com>>
>     >>> >> wrote:
>     >>> >>>
>     >>> >>> This is the output of all host based
commands:
>     >>> >>>
>     >>> >>> [root@pc ~]# uname -a
>     >>> >>> Linux pc.jabber.com
<http://pc.jabber.com>
>     3.3.0-4.fc16.x86_64 #1 SMP Tue Mar 20 18:05:40 UTC
>     >>> >>> 2012 x86_64 x86_64 x86_64 GNU/Linux
>     >>> >>>
>     >>> >>> [root@pc ~]# hostname -a
>     >>> >>> pc
>     >>> >>>
>     >>> >>> [root@pc ~]# facter fqdn
>     >>> >>> pc.jabber.com <http://pc.jabber.com>
>     >>> >>>
>     >>> >>>
>     >>> >>> Regards,
>     >>> >>>
>     >>> >>> Kaya
>     >>> >>>
>     >>> >>>
>     >>> >>>
>     >>> >>> On Tue, Apr 10, 2012 at 4:01 PM, Peter
Berghold
>     >>> >>> <salty.cowdawg@gmail.com
<mailto:salty.cowdawg@gmail.com>>
>     >>> >>> wrote:
>     >>> >>> >
>     >>> >>> >
>     >>> >>> > On Tue, Apr 10, 2012 at 10:19 AM, Kaya
Saman
>     <kayasaman@gmail.com <mailto:kayasaman@gmail.com>>
>     >>> >>> > wrote:
>     >>> >>> >>
>     >>> >>> >>
>     >>> >>> >> err: Could not send report: hostname
was not match with
>     the server
>     >>> >>> >> certificate
>     >>> >>> >>
>     >>> >>> >>
>     >>> >>> >
>     >>> >>> >
>     >>> >>> > on the client run the command
>     >>> >>> >
>     >>> >>> > facter fqdn
>     >>> >>> >
>     >>> >>> > what does the host think its name is?
>     >>> >>> >
>     >>> >>> >
>     >>> >>> >
>     >>> >>> >
>     >>> >>> >
>     >>> >>> > --
>     >>> >>> > Peter L. Berghold
>     >>> >>> > Owner, Shark River Technical Solutions
LLC
>     >>> >>> >
>     >>> >>> > --
>     >>> >>> > You received this message because you
are subscribed to
>     the Google
>     >>> >>> > Groups
>     >>> >>> > "Puppet Users" group.
>     >>> >>> > To post to this group, send email to
>     puppet-users@googlegroups.com
<mailto:puppet-users@googlegroups.com>.
>     >>> >>> > To unsubscribe from this group, send
email to
>     >>> >>> >
puppet-users+unsubscribe@googlegroups.com
>     <mailto:puppet-users%2Bunsubscribe@googlegroups.com>.
>     >>> >>> > For more options, visit this group at
>     >>> >>> >
http://groups.google.com/group/puppet-users?hl=en.
>     >>> >>>
>     >>> >>> --
>     >>> >>> You received this message because you are
subscribed to
>     the Google
>     >>> >>> Groups
>     >>> >>> "Puppet Users" group.
>     >>> >>> To post to this group, send email to
>     puppet-users@googlegroups.com
<mailto:puppet-users@googlegroups.com>.
>     >>> >>> To unsubscribe from this group, send email to
>     >>> >>> puppet-users+unsubscribe@googlegroups.com
>     <mailto:puppet-users%2Bunsubscribe@googlegroups.com>.
>     >>> >>> For more options, visit this group at
>     >>> >>>
http://groups.google.com/group/puppet-users?hl=en.
>     >>> >>>
>     >>> >>
>     >>> >>
>     >>> >>
>     >>> >> --
>     >>> >> Peter L. Berghold
>     >>> >> Owner, Shark River Technical Solutions LLC
>     >>> >>
>     >>> >> --
>     >>> >> You received this message because you are
subscribed to the
>     Google
>     >>> >> Groups
>     >>> >> "Puppet Users" group.
>     >>> >> To post to this group, send email to
>     puppet-users@googlegroups.com
<mailto:puppet-users@googlegroups.com>.
>     >>> >> To unsubscribe from this group, send email to
>     >>> >> puppet-users+unsubscribe@googlegroups.com
>     <mailto:puppet-users%2Bunsubscribe@googlegroups.com>.
>     >>> >> For more options, visit this group at
>     >>> >>
http://groups.google.com/group/puppet-users?hl=en.
>     >>>
>     >>> --
>     >>> You received this message because you are subscribed to
the
>     Google Groups
>     >>> "Puppet Users" group.
>     >>> To post to this group, send email to
>     puppet-users@googlegroups.com
<mailto:puppet-users@googlegroups.com>.
>     >>> To unsubscribe from this group, send email to
>     >>> puppet-users+unsubscribe@googlegroups.com
>     <mailto:puppet-users%2Bunsubscribe@googlegroups.com>.
>     >>> For more options, visit this group at
>     >>> http://groups.google.com/group/puppet-users?hl=en.
>     >>>
>     >>
>     >>
>     >>
>     >> --
>     >> Peter L. Berghold
>     >> Owner, Shark River Technical Solutions LLC
>     >>
>     >> --
>     >> You received this message because you are subscribed to the
>     Google Groups
>     >> "Puppet Users" group.
>     >> To post to this group, send email to
>     puppet-users@googlegroups.com
<mailto:puppet-users@googlegroups.com>.
>     >> To unsubscribe from this group, send email to
>     >> puppet-users+unsubscribe@googlegroups.com
>     <mailto:puppet-users%2Bunsubscribe@googlegroups.com>.
>     >> For more options, visit this group at
>     >> http://groups.google.com/group/puppet-users?hl=en.
>
>     --
>     You received this message because you are subscribed to the Google
>     Groups "Puppet Users" group.
>     To post to this group, send email to puppet-users@googlegroups.com
>     <mailto:puppet-users@googlegroups.com>.
>     To unsubscribe from this group, send email to
>     puppet-users+unsubscribe@googlegroups.com
>     <mailto:puppet-users%2Bunsubscribe@googlegroups.com>.
>     For more options, visit this group at
>     http://groups.google.com/group/puppet-users?hl=en.
>
>
>
>
> --
> Peter L. Berghold
> Owner, Shark River Technical Solutions LLC
>
> --
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
--
Regards,
Ashish Jaiswal
System Admin

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

What Ashish recommends may be a bit extreme, but I''ve had to at the
very
least clean up /var/lib/puppet on particularly recalcitrant clients.  So it
is not out of the bounds of being reasonable.


On Tue, Apr 10, 2012 at 1:33 PM, Ashish Jaiswal
<ashish1099@gmail.com>wrote:
> Here is what I would suggest.
>
> Clean the /var/lib/puppet directory on both server as well as client.
> And then restart puppetmaster on the server.
>
> # puppetd --server your.servername.com --waitforcert 60 --test
>
> Then check on server
>
> # puppetca --list
>
> You can see the list of the client
>
> # puppetca --sign client-name.fqdn
>
> Then run this command on client
>
> # puppet agent --test
>
> I know you have did the same for n times and another thing is that check
> both the date and time whether it is  proper or not on both server and
> client while performing the above test.
>
> if any error let me know.
>
>
> On Tuesday 10 April 2012 10:51:00 PM IST, Peter Berghold wrote:
>
>> OK
>>
>> This is why I took you down the path I did.   Essentially what you
>> want to have happen is the client should generate its own cert and
>> during its first interaction with the master get it signed by the
master.
>>
>> On Tue, Apr 10, 2012 at 12:17 PM, Kaya Saman <kayasaman@gmail.com
>> <mailto:kayasaman@gmail.com>> wrote:
>>
>>    Again more weirdness as running:
>>
>>    puppetca --clean pc.jabber.com <http://pc.jabber.com> on
server
>>
>>    yields client to respond with:
>>
>>    [root@pc puppet]# puppet agent --waitforcert=1
>>
>>
>> Forgot the --test invocation.  What that command line does is start
>> the agent as a daemon and wait for the master to sign its cert.
>>
>> Kill off the agent :
>>
>> ps -ef | grep agent
>> <note the pid>
>> kill -9 <pid>
>>
>> clean out the ssl dirs that exist on the client
>>
>> kill off the cert on the master
>>
>> puppet agent --test --waitforcert=1
>>
>> That should get it for you...
>>
>>    [root@pc puppet]# puppet agent --test
>>    err: Could not request certificate: Retrieved certificate does not
>>    match private key; please remove certificate from server and
>>    regenerate it with the current key
>>    Exiting; failed to retrieve certificate and waitforcert is disabled
>>
>>    ??
>>
>>    How do I regenerate the certificate with the current key?
>>
>>
>>    puppet -t creates a new cert but how does that function with key?
>>
>>
>>
>>    Regards
>>
>>
>>    On Tue, Apr 10, 2012 at 4:37 PM, Kaya Saman <kayasaman@gmail.com
>>    <mailto:kayasaman@gmail.com>> wrote:
>>    > It''s the Puppet OVF learn.localdomain Puppet image I
downloaded from
>>    > the puppetlabs website!
>>    >
>>    > Here is URL:
>>    >
>>    >
http://docs.puppetlabs.com/**learning/<http://docs.puppetlabs.com/learning/>
>>    >
>>    >
>>    >
http://info.puppetlabs.com/**download-learning-puppet-VM.**html<http://info.puppetlabs.com/download-learning-puppet-VM.html>
>>    >
>>    >
>>    > It''s a CentOS based system but stores Puppet in
/opt/puppet rather
>>    > then your typical local install.
>>    >
>>    > I''ve got a FreeBSD clean Puppet server too which is
unconfigured
>>    as of
>>    > yet so just waiting to get this running before I move on to
>>    something
>>    > more complex.
>>    >
>>    >
>>    > Regards,
>>    >
>>    >
>>    > Kaya
>>    >
>>    >
>>    > On Tue, Apr 10, 2012 at 4:34 PM, Peter Berghold
>>    <salty.cowdawg@gmail.com
<mailto:salty.cowdawg@gmail.**com<salty.cowdawg@gmail.com>>>
>> wrote:
>>    >> Eh?  What platform are you running on and why
/etc/puppetlabs?
>>    >>
>>    >>
>>    >>
>>    >>
>>    >> On Tue, Apr 10, 2012 at 11:31 AM, Kaya Saman
>>    <kayasaman@gmail.com <mailto:kayasaman@gmail.com>>
wrote:
>>    >>>
>>    >>> Ok quick update... turns out the signed dir was in a
different
>>    location:
>>    >>>
>>    >>> /etc/puppetlabs/puppet/ssl/ca/**signed
>>    >>>
>>    >>>
>>    >>> I rectified that part but now a bit lost!
>>    >>>
>>    >>>
>>    >>> On Tue, Apr 10, 2012 at 4:25 PM, Kaya Saman
>>    <kayasaman@gmail.com <mailto:kayasaman@gmail.com>>
wrote:
>>    >>> > On the server I get this error:
>>    >>> >
>>    >>> > cd /etc/puppet/ssl/ca/signed
>>    >>> > -bash: cd: /etc/puppet/ssl/ca/signed: No such file
or directory
>>    >>> >
>>    >>> >
>>    >>> > The output of puppet agent --waitforcert=1
>>    >>> >
>>    >>> >
>>    >>> > [root@pc puppet]# puppet agent --waitforcert=1
>>    >>> > [root@pc puppet]#
>>    >>> >
>>    >>> >
>>    >>> > Is this correct?
>>    >>> >
>>    >>> >
>>    >>> > On Tue, Apr 10, 2012 at 4:15 PM, Peter Berghold
>>    >>> > <salty.cowdawg@gmail.com
<mailto:salty.cowdawg@gmail.**com<salty.cowdawg@gmail.com>
>> >>
>>
>>    wrote:
>>    >>> >> Try the following:
>>    >>> >>
>>    >>> >> On the puppet master host:
>>    >>> >>
>>    >>> >> cd /etc/puppet/ssl/ca/signed and remove the
signed cert you
>>    generated
>>    >>> >> before.
>>    >>> >>
>>    >>> >> On the client host (where you''re
running the agent)
>>    >>> >>
>>    >>> >> cd /var/lib/puppet  and remove any ssl
directory you find
>>    there.
>>    >>> >> cd /etc/puppet and remove any ssl directory
you see there.
>>    >>> >> run puppet agent --waitforcert=1
>>    >>> >>
>>    >>> >>
>>    >>> >> On the puppet master host puppetca --sign
pc.jabber.com
>>    <http://pc.jabber.com>
>>
>>    >>> >>
>>    >>> >> Puppet''s built in SSL can be a bit
fussy...
>>    >>> >>
>>    >>> >>
>>    >>> >>
>>    >>> >> On Tue, Apr 10, 2012 at 11:09 AM, Kaya Saman
>>    <kayasaman@gmail.com <mailto:kayasaman@gmail.com>>
>>
>>    >>> >> wrote:
>>    >>> >>>
>>    >>> >>> This is the output of all host based
commands:
>>    >>> >>>
>>    >>> >>> [root@pc ~]# uname -a
>>    >>> >>> Linux pc.jabber.com
<http://pc.jabber.com>
>>
>>    3.3.0-4.fc16.x86_64 #1 SMP Tue Mar 20 18:05:40 UTC
>>    >>> >>> 2012 x86_64 x86_64 x86_64 GNU/Linux
>>    >>> >>>
>>    >>> >>> [root@pc ~]# hostname -a
>>    >>> >>> pc
>>    >>> >>>
>>    >>> >>> [root@pc ~]# facter fqdn
>>    >>> >>> pc.jabber.com <http://pc.jabber.com>
>>
>>    >>> >>>
>>    >>> >>>
>>    >>> >>> Regards,
>>    >>> >>>
>>    >>> >>> Kaya
>>    >>> >>>
>>    >>> >>>
>>    >>> >>>
>>    >>> >>> On Tue, Apr 10, 2012 at 4:01 PM, Peter
Berghold
>>    >>> >>> <salty.cowdawg@gmail.com
<mailto:salty.cowdawg@gmail.**com<salty.cowdawg@gmail.com>
>> >>
>>
>>    >>> >>> wrote:
>>    >>> >>> >
>>    >>> >>> >
>>    >>> >>> > On Tue, Apr 10, 2012 at 10:19 AM,
Kaya Saman
>>    <kayasaman@gmail.com <mailto:kayasaman@gmail.com>>
>>
>>    >>> >>> > wrote:
>>    >>> >>> >>
>>    >>> >>> >>
>>    >>> >>> >> err: Could not send report:
hostname was not match with
>>    the server
>>    >>> >>> >> certificate
>>    >>> >>> >>
>>    >>> >>> >>
>>    >>> >>> >
>>    >>> >>> >
>>    >>> >>> > on the client run the command
>>    >>> >>> >
>>    >>> >>> > facter fqdn
>>    >>> >>> >
>>    >>> >>> > what does the host think its name is?
>>    >>> >>> >
>>    >>> >>> >
>>    >>> >>> >
>>    >>> >>> >
>>    >>> >>> >
>>    >>> >>> > --
>>    >>> >>> > Peter L. Berghold
>>    >>> >>> > Owner, Shark River Technical
Solutions LLC
>>    >>> >>> >
>>    >>> >>> > --
>>    >>> >>> > You received this message because you
are subscribed to
>>    the Google
>>    >>> >>> > Groups
>>    >>> >>> > "Puppet Users" group.
>>    >>> >>> > To post to this group, send email to
>>    puppet-users@googlegroups.com
<mailto:puppet-users@**googlegroups.com<puppet-users@googlegroups.com>
>> >.
>>
>>    >>> >>> > To unsubscribe from this group, send
email to
>>    >>> >>> >
puppet-users+unsubscribe@**googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com>
>>   
<mailto:puppet-users%**2Bunsubscribe@googlegroups.com<puppet-users%252Bunsubscribe@googlegroups.com>
>> **>.
>>
>>    >>> >>> > For more options, visit this group at
>>    >>> >>> >
http://groups.google.com/**group/puppet-users?hl=en<http://groups.google.com/group/puppet-users?hl=en>
>> .
>>    >>> >>>
>>    >>> >>> --
>>    >>> >>> You received this message because you are
subscribed to
>>    the Google
>>    >>> >>> Groups
>>    >>> >>> "Puppet Users" group.
>>    >>> >>> To post to this group, send email to
>>    puppet-users@googlegroups.com
<mailto:puppet-users@**googlegroups.com<puppet-users@googlegroups.com>
>> >.
>>
>>    >>> >>> To unsubscribe from this group, send email
to
>>    >>> >>>
puppet-users+unsubscribe@**googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com>
>>   
<mailto:puppet-users%**2Bunsubscribe@googlegroups.com<puppet-users%252Bunsubscribe@googlegroups.com>
>> **>.
>>
>>    >>> >>> For more options, visit this group at
>>    >>> >>>
http://groups.google.com/**group/puppet-users?hl=en<http://groups.google.com/group/puppet-users?hl=en>
>> .
>>    >>> >>>
>>    >>> >>
>>    >>> >>
>>    >>> >>
>>    >>> >> --
>>    >>> >> Peter L. Berghold
>>    >>> >> Owner, Shark River Technical Solutions LLC
>>    >>> >>
>>    >>> >> --
>>    >>> >> You received this message because you are
subscribed to the
>>    Google
>>    >>> >> Groups
>>    >>> >> "Puppet Users" group.
>>    >>> >> To post to this group, send email to
>>    puppet-users@googlegroups.com
<mailto:puppet-users@**googlegroups.com<puppet-users@googlegroups.com>
>> >.
>>
>>    >>> >> To unsubscribe from this group, send email to
>>    >>> >>
puppet-users+unsubscribe@**googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com>
>>   
<mailto:puppet-users%**2Bunsubscribe@googlegroups.com<puppet-users%252Bunsubscribe@googlegroups.com>
>> **>.
>>
>>    >>> >> For more options, visit this group at
>>    >>> >>
http://groups.google.com/**group/puppet-users?hl=en<http://groups.google.com/group/puppet-users?hl=en>
>> .
>>    >>>
>>    >>> --
>>    >>> You received this message because you are subscribed to
the
>>    Google Groups
>>    >>> "Puppet Users" group.
>>    >>> To post to this group, send email to
>>    puppet-users@googlegroups.com
<mailto:puppet-users@**googlegroups.com<puppet-users@googlegroups.com>
>> >.
>>
>>    >>> To unsubscribe from this group, send email to
>>    >>>
puppet-users+unsubscribe@**googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com>
>>   
<mailto:puppet-users%**2Bunsubscribe@googlegroups.com<puppet-users%252Bunsubscribe@googlegroups.com>
>> **>.
>>
>>    >>> For more options, visit this group at
>>    >>>
http://groups.google.com/**group/puppet-users?hl=en<http://groups.google.com/group/puppet-users?hl=en>
>> .
>>    >>>
>>    >>
>>    >>
>>    >>
>>    >> --
>>    >> Peter L. Berghold
>>    >> Owner, Shark River Technical Solutions LLC
>>    >>
>>    >> --
>>    >> You received this message because you are subscribed to the
>>    Google Groups
>>    >> "Puppet Users" group.
>>    >> To post to this group, send email to
>>    puppet-users@googlegroups.com
<mailto:puppet-users@**googlegroups.com<puppet-users@googlegroups.com>
>> >.
>>
>>    >> To unsubscribe from this group, send email to
>>    >>
puppet-users+unsubscribe@**googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com>
>>   
<mailto:puppet-users%**2Bunsubscribe@googlegroups.com<puppet-users%252Bunsubscribe@googlegroups.com>
>> **>.
>>
>>    >> For more options, visit this group at
>>    >>
http://groups.google.com/**group/puppet-users?hl=en<http://groups.google.com/group/puppet-users?hl=en>
>> .
>>
>>    --
>>    You received this message because you are subscribed to the Google
>>    Groups "Puppet Users" group.
>>    To post to this group, send email to puppet-users@googlegroups.com
>>   
<mailto:puppet-users@**googlegroups.com<puppet-users@googlegroups.com>
>> >.
>>
>>    To unsubscribe from this group, send email to
>>   
puppet-users+unsubscribe@**googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com>
>>   
<mailto:puppet-users%**2Bunsubscribe@googlegroups.com<puppet-users%252Bunsubscribe@googlegroups.com>
>> **>.
>>
>>    For more options, visit this group at
>>   
http://groups.google.com/**group/puppet-users?hl=en<http://groups.google.com/group/puppet-users?hl=en>
>> .
>>
>>
>>
>>
>> --
>> Peter L. Berghold
>> Owner, Shark River Technical Solutions LLC
>>
>> --
>> You received this message because you are subscribed to the Google
>> Groups "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>>
puppet-users+unsubscribe@**googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com>
>> .
>> For more options, visit this group at
>>
http://groups.google.com/**group/puppet-users?hl=en<http://groups.google.com/group/puppet-users?hl=en>
>> .
>>
>
> --
> Regards,
> Ashish Jaiswal
> System Admin
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to puppet-users+unsubscribe@**
> googlegroups.com <puppet-users%2Bunsubscribe@googlegroups.com>.
> For more options, visit this group at http://groups.google.com/**
>
group/puppet-users?hl=en<http://groups.google.com/group/puppet-users?hl=en>
> .
>
>

-- 
Peter L. Berghold
Owner, Shark River Technical Solutions LLC

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Thanks.

Am currently on bus going home but will get back asap tomorrow morning once I
get back into the office :-)

I appreciate everybodies input!
Sent from my BlackBerry® wireless device

-----Original Message-----
From: Peter Berghold <salty.cowdawg@gmail.com>
Sender: puppet-users@googlegroups.com
Date: Tue, 10 Apr 2012 13:40:29 
To: <puppet-users@googlegroups.com>
Reply-To: puppet-users@googlegroups.com
Subject: Re: [Puppet Users] Puppet not creating manifest file?

What Ashish recommends may be a bit extreme, but I''ve had to at the
very
least clean up /var/lib/puppet on particularly recalcitrant clients.  So it
is not out of the bounds of being reasonable.


On Tue, Apr 10, 2012 at 1:33 PM, Ashish Jaiswal
<ashish1099@gmail.com>wrote:
> Here is what I would suggest.
>
> Clean the /var/lib/puppet directory on both server as well as client.
> And then restart puppetmaster on the server.
>
> # puppetd --server your.servername.com --waitforcert 60 --test
>
> Then check on server
>
> # puppetca --list
>
> You can see the list of the client
>
> # puppetca --sign client-name.fqdn
>
> Then run this command on client
>
> # puppet agent --test
>
> I know you have did the same for n times and another thing is that check
> both the date and time whether it is  proper or not on both server and
> client while performing the above test.
>
> if any error let me know.
>
>
> On Tuesday 10 April 2012 10:51:00 PM IST, Peter Berghold wrote:
>
>> OK
>>
>> This is why I took you down the path I did.   Essentially what you
>> want to have happen is the client should generate its own cert and
>> during its first interaction with the master get it signed by the
master.
>>
>> On Tue, Apr 10, 2012 at 12:17 PM, Kaya Saman <kayasaman@gmail.com
>> <mailto:kayasaman@gmail.com>> wrote:
>>
>>    Again more weirdness as running:
>>
>>    puppetca --clean pc.jabber.com <http://pc.jabber.com> on
server
>>
>>    yields client to respond with:
>>
>>    [root@pc puppet]# puppet agent --waitforcert=1
>>
>>
>> Forgot the --test invocation.  What that command line does is start
>> the agent as a daemon and wait for the master to sign its cert.
>>
>> Kill off the agent :
>>
>> ps -ef | grep agent
>> <note the pid>
>> kill -9 <pid>
>>
>> clean out the ssl dirs that exist on the client
>>
>> kill off the cert on the master
>>
>> puppet agent --test --waitforcert=1
>>
>> That should get it for you...
>>
>>    [root@pc puppet]# puppet agent --test
>>    err: Could not request certificate: Retrieved certificate does not
>>    match private key; please remove certificate from server and
>>    regenerate it with the current key
>>    Exiting; failed to retrieve certificate and waitforcert is disabled
>>
>>    ??
>>
>>    How do I regenerate the certificate with the current key?
>>
>>
>>    puppet -t creates a new cert but how does that function with key?
>>
>>
>>
>>    Regards
>>
>>
>>    On Tue, Apr 10, 2012 at 4:37 PM, Kaya Saman <kayasaman@gmail.com
>>    <mailto:kayasaman@gmail.com>> wrote:
>>    > It''s the Puppet OVF learn.localdomain Puppet image I
downloaded from
>>    > the puppetlabs website!
>>    >
>>    > Here is URL:
>>    >
>>    >
http://docs.puppetlabs.com/**learning/<http://docs.puppetlabs.com/learning/>
>>    >
>>    >
>>    >
http://info.puppetlabs.com/**download-learning-puppet-VM.**html<http://info.puppetlabs.com/download-learning-puppet-VM.html>
>>    >
>>    >
>>    > It''s a CentOS based system but stores Puppet in
/opt/puppet rather
>>    > then your typical local install.
>>    >
>>    > I''ve got a FreeBSD clean Puppet server too which is
unconfigured
>>    as of
>>    > yet so just waiting to get this running before I move on to
>>    something
>>    > more complex.
>>    >
>>    >
>>    > Regards,
>>    >
>>    >
>>    > Kaya
>>    >
>>    >
>>    > On Tue, Apr 10, 2012 at 4:34 PM, Peter Berghold
>>    <salty.cowdawg@gmail.com
<mailto:salty.cowdawg@gmail.**com<salty.cowdawg@gmail.com>>>
>> wrote:
>>    >> Eh?  What platform are you running on and why
/etc/puppetlabs?
>>    >>
>>    >>
>>    >>
>>    >>
>>    >> On Tue, Apr 10, 2012 at 11:31 AM, Kaya Saman
>>    <kayasaman@gmail.com <mailto:kayasaman@gmail.com>>
wrote:
>>    >>>
>>    >>> Ok quick update... turns out the signed dir was in a
different
>>    location:
>>    >>>
>>    >>> /etc/puppetlabs/puppet/ssl/ca/**signed
>>    >>>
>>    >>>
>>    >>> I rectified that part but now a bit lost!
>>    >>>
>>    >>>
>>    >>> On Tue, Apr 10, 2012 at 4:25 PM, Kaya Saman
>>    <kayasaman@gmail.com <mailto:kayasaman@gmail.com>>
wrote:
>>    >>> > On the server I get this error:
>>    >>> >
>>    >>> > cd /etc/puppet/ssl/ca/signed
>>    >>> > -bash: cd: /etc/puppet/ssl/ca/signed: No such file
or directory
>>    >>> >
>>    >>> >
>>    >>> > The output of puppet agent --waitforcert=1
>>    >>> >
>>    >>> >
>>    >>> > [root@pc puppet]# puppet agent --waitforcert=1
>>    >>> > [root@pc puppet]#
>>    >>> >
>>    >>> >
>>    >>> > Is this correct?
>>    >>> >
>>    >>> >
>>    >>> > On Tue, Apr 10, 2012 at 4:15 PM, Peter Berghold
>>    >>> > <salty.cowdawg@gmail.com
<mailto:salty.cowdawg@gmail.**com<salty.cowdawg@gmail.com>
>> >>
>>
>>    wrote:
>>    >>> >> Try the following:
>>    >>> >>
>>    >>> >> On the puppet master host:
>>    >>> >>
>>    >>> >> cd /etc/puppet/ssl/ca/signed and remove the
signed cert you
>>    generated
>>    >>> >> before.
>>    >>> >>
>>    >>> >> On the client host (where you''re
running the agent)
>>    >>> >>
>>    >>> >> cd /var/lib/puppet  and remove any ssl
directory you find
>>    there.
>>    >>> >> cd /etc/puppet and remove any ssl directory
you see there.
>>    >>> >> run puppet agent --waitforcert=1
>>    >>> >>
>>    >>> >>
>>    >>> >> On the puppet master host puppetca --sign
pc.jabber.com
>>    <http://pc.jabber.com>
>>
>>    >>> >>
>>    >>> >> Puppet''s built in SSL can be a bit
fussy...
>>    >>> >>
>>    >>> >>
>>    >>> >>
>>    >>> >> On Tue, Apr 10, 2012 at 11:09 AM, Kaya Saman
>>    <kayasaman@gmail.com <mailto:kayasaman@gmail.com>>
>>
>>    >>> >> wrote:
>>    >>> >>>
>>    >>> >>> This is the output of all host based
commands:
>>    >>> >>>
>>    >>> >>> [root@pc ~]# uname -a
>>    >>> >>> Linux pc.jabber.com
<http://pc.jabber.com>
>>
>>    3.3.0-4.fc16.x86_64 #1 SMP Tue Mar 20 18:05:40 UTC
>>    >>> >>> 2012 x86_64 x86_64 x86_64 GNU/Linux
>>    >>> >>>
>>    >>> >>> [root@pc ~]# hostname -a
>>    >>> >>> pc
>>    >>> >>>
>>    >>> >>> [root@pc ~]# facter fqdn
>>    >>> >>> pc.jabber.com <http://pc.jabber.com>
>>
>>    >>> >>>
>>    >>> >>>
>>    >>> >>> Regards,
>>    >>> >>>
>>    >>> >>> Kaya
>>    >>> >>>
>>    >>> >>>
>>    >>> >>>
>>    >>> >>> On Tue, Apr 10, 2012 at 4:01 PM, Peter
Berghold
>>    >>> >>> <salty.cowdawg@gmail.com
<mailto:salty.cowdawg@gmail.**com<salty.cowdawg@gmail.com>
>> >>
>>
>>    >>> >>> wrote:
>>    >>> >>> >
>>    >>> >>> >
>>    >>> >>> > On Tue, Apr 10, 2012 at 10:19 AM,
Kaya Saman
>>    <kayasaman@gmail.com <mailto:kayasaman@gmail.com>>
>>
>>    >>> >>> > wrote:
>>    >>> >>> >>
>>    >>> >>> >>
>>    >>> >>> >> err: Could not send report:
hostname was not match with
>>    the server
>>    >>> >>> >> certificate
>>    >>> >>> >>
>>    >>> >>> >>
>>    >>> >>> >
>>    >>> >>> >
>>    >>> >>> > on the client run the command
>>    >>> >>> >
>>    >>> >>> > facter fqdn
>>    >>> >>> >
>>    >>> >>> > what does the host think its name is?
>>    >>> >>> >
>>    >>> >>> >
>>    >>> >>> >
>>    >>> >>> >
>>    >>> >>> >
>>    >>> >>> > --
>>    >>> >>> > Peter L. Berghold
>>    >>> >>> > Owner, Shark River Technical
Solutions LLC
>>    >>> >>> >
>>    >>> >>> > --
>>    >>> >>> > You received this message because you
are subscribed to
>>    the Google
>>    >>> >>> > Groups
>>    >>> >>> > "Puppet Users" group.
>>    >>> >>> > To post to this group, send email to
>>    puppet-users@googlegroups.com
<mailto:puppet-users@**googlegroups.com<puppet-users@googlegroups.com>
>> >.
>>
>>    >>> >>> > To unsubscribe from this group, send
email to
>>    >>> >>> >
puppet-users+unsubscribe@**googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com>
>>   
<mailto:puppet-users%**2Bunsubscribe@googlegroups.com<puppet-users%252Bunsubscribe@googlegroups.com>
>> **>.
>>
>>    >>> >>> > For more options, visit this group at
>>    >>> >>> >
http://groups.google.com/**group/puppet-users?hl=en<http://groups.google.com/group/puppet-users?hl=en>
>> .
>>    >>> >>>
>>    >>> >>> --
>>    >>> >>> You received this message because you are
subscribed to
>>    the Google
>>    >>> >>> Groups
>>    >>> >>> "Puppet Users" group.
>>    >>> >>> To post to this group, send email to
>>    puppet-users@googlegroups.com
<mailto:puppet-users@**googlegroups.com<puppet-users@googlegroups.com>
>> >.
>>
>>    >>> >>> To unsubscribe from this group, send email
to
>>    >>> >>>
puppet-users+unsubscribe@**googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com>
>>   
<mailto:puppet-users%**2Bunsubscribe@googlegroups.com<puppet-users%252Bunsubscribe@googlegroups.com>
>> **>.
>>
>>    >>> >>> For more options, visit this group at
>>    >>> >>>
http://groups.google.com/**group/puppet-users?hl=en<http://groups.google.com/group/puppet-users?hl=en>
>> .
>>    >>> >>>
>>    >>> >>
>>    >>> >>
>>    >>> >>
>>    >>> >> --
>>    >>> >> Peter L. Berghold
>>    >>> >> Owner, Shark River Technical Solutions LLC
>>    >>> >>
>>    >>> >> --
>>    >>> >> You received this message because you are
subscribed to the
>>    Google
>>    >>> >> Groups
>>    >>> >> "Puppet Users" group.
>>    >>> >> To post to this group, send email to
>>    puppet-users@googlegroups.com
<mailto:puppet-users@**googlegroups.com<puppet-users@googlegroups.com>
>> >.
>>
>>    >>> >> To unsubscribe from this group, send email to
>>    >>> >>
puppet-users+unsubscribe@**googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com>
>>   
<mailto:puppet-users%**2Bunsubscribe@googlegroups.com<puppet-users%252Bunsubscribe@googlegroups.com>
>> **>.
>>
>>    >>> >> For more options, visit this group at
>>    >>> >>
http://groups.google.com/**group/puppet-users?hl=en<http://groups.google.com/group/puppet-users?hl=en>
>> .
>>    >>>
>>    >>> --
>>    >>> You received this message because you are subscribed to
the
>>    Google Groups
>>    >>> "Puppet Users" group.
>>    >>> To post to this group, send email to
>>    puppet-users@googlegroups.com
<mailto:puppet-users@**googlegroups.com<puppet-users@googlegroups.com>
>> >.
>>
>>    >>> To unsubscribe from this group, send email to
>>    >>>
puppet-users+unsubscribe@**googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com>
>>   
<mailto:puppet-users%**2Bunsubscribe@googlegroups.com<puppet-users%252Bunsubscribe@googlegroups.com>
>> **>.
>>
>>    >>> For more options, visit this group at
>>    >>>
http://groups.google.com/**group/puppet-users?hl=en<http://groups.google.com/group/puppet-users?hl=en>
>> .
>>    >>>
>>    >>
>>    >>
>>    >>
>>    >> --
>>    >> Peter L. Berghold
>>    >> Owner, Shark River Technical Solutions LLC
>>    >>
>>    >> --
>>    >> You received this message because you are subscribed to the
>>    Google Groups
>>    >> "Puppet Users" group.
>>    >> To post to this group, send email to
>>    puppet-users@googlegroups.com
<mailto:puppet-users@**googlegroups.com<puppet-users@googlegroups.com>
>> >.
>>
>>    >> To unsubscribe from this group, send email to
>>    >>
puppet-users+unsubscribe@**googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com>
>>   
<mailto:puppet-users%**2Bunsubscribe@googlegroups.com<puppet-users%252Bunsubscribe@googlegroups.com>
>> **>.
>>
>>    >> For more options, visit this group at
>>    >>
http://groups.google.com/**group/puppet-users?hl=en<http://groups.google.com/group/puppet-users?hl=en>
>> .
>>
>>    --
>>    You received this message because you are subscribed to the Google
>>    Groups "Puppet Users" group.
>>    To post to this group, send email to puppet-users@googlegroups.com
>>   
<mailto:puppet-users@**googlegroups.com<puppet-users@googlegroups.com>
>> >.
>>
>>    To unsubscribe from this group, send email to
>>   
puppet-users+unsubscribe@**googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com>
>>   
<mailto:puppet-users%**2Bunsubscribe@googlegroups.com<puppet-users%252Bunsubscribe@googlegroups.com>
>> **>.
>>
>>    For more options, visit this group at
>>   
http://groups.google.com/**group/puppet-users?hl=en<http://groups.google.com/group/puppet-users?hl=en>
>> .
>>
>>
>>
>>
>> --
>> Peter L. Berghold
>> Owner, Shark River Technical Solutions LLC
>>
>> --
>> You received this message because you are subscribed to the Google
>> Groups "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>>
puppet-users+unsubscribe@**googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com>
>> .
>> For more options, visit this group at
>>
http://groups.google.com/**group/puppet-users?hl=en<http://groups.google.com/group/puppet-users?hl=en>
>> .
>>
>
> --
> Regards,
> Ashish Jaiswal
> System Admin
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to puppet-users+unsubscribe@**
> googlegroups.com <puppet-users%2Bunsubscribe@googlegroups.com>.
> For more options, visit this group at http://groups.google.com/**
>
group/puppet-users?hl=en<http://groups.google.com/group/puppet-users?hl=en>
> .
>
>

-- 
Peter L. Berghold
Owner, Shark River Technical Solutions LLC

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.


-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Ok no joy :-(


On client:

[root@pc puppet]# puppetd --server ps.jabber.com --waitforcert 60 --test
warning: peer certificate won''t be verified in this SSL session
info: Caching certificate for pc.jabber.com
err: Could not retrieve catalog from remote server: hostname was not
match with the server certificate
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
err: Could not send report: hostname was not match with the server certificate


On server:


[root@ps var]# /opt/puppet/sbin/puppetca --list
  pc.jabber.com      (D2:66:2E:65:3B:DA:D0:C2:CA:12:42:8E:69:12:00:98)
  puppet-test-client (5C:C4:3F:94:02:C3:D0:BD:F1:EB:F2:BB:A2:37:FD:3A)
[root@ps var]# /opt/puppet/sbin/puppetca --sign pc.jabber.com
notice: Signed certificate request for pc.jabber.com
notice: Removing file Puppet::SSL::CertificateRequest pc.jabber.com at
''/etc/puppetlabs/puppet/ssl/ca/requests/pc.jabber.com.pem''



What happens if I use my FreeBSD "clean" install and transfer the
config over from the PuppetLabs image??

I mean is it the server or client that''s not wanting to cooperate?


Regards,


Kaya



On Tue, Apr 10, 2012 at 6:45 PM,  <kayasaman@gmail.com>
wrote:
> Thanks.
>
> Am currently on bus going home but will get back asap tomorrow morning once
> I get back into the office :-)
>
> I appreciate everybodies input!
> Sent from my BlackBerry® wireless device
> ________________________________
> From: Peter Berghold <salty.cowdawg@gmail.com>
> Sender: puppet-users@googlegroups.com
> Date: Tue, 10 Apr 2012 13:40:29 -0400
> To: <puppet-users@googlegroups.com>
> ReplyTo: puppet-users@googlegroups.com
> Subject: Re: [Puppet Users] Puppet not creating manifest file?
>
> What Ashish recommends may be a bit extreme, but I''ve had to at
the very
> least clean up /var/lib/puppet on particularly recalcitrant clients.  So it
> is not out of the bounds of being reasonable.
>
>
> On Tue, Apr 10, 2012 at 1:33 PM, Ashish Jaiswal
<ashish1099@gmail.com>
> wrote:
>>
>> Here is what I would suggest.
>>
>> Clean the /var/lib/puppet directory on both server as well as client.
>> And then restart puppetmaster on the server.
>>
>> # puppetd --server your.servername.com --waitforcert 60 --test
>>
>> Then check on server
>>
>> # puppetca --list
>>
>> You can see the list of the client
>>
>> # puppetca --sign client-name.fqdn
>>
>> Then run this command on client
>>
>> # puppet agent --test
>>
>> I know you have did the same for n times and another thing is that
check
>> both the date and time whether it is  proper or not on both server and
>> client while performing the above test.
>>
>> if any error let me know.
>>
>>
>> On Tuesday 10 April 2012 10:51:00 PM IST, Peter Berghold wrote:
>>>
>>> OK
>>>
>>> This is why I took you down the path I did.   Essentially what you
>>> want to have happen is the client should generate its own cert and
>>> during its first interaction with the master get it signed by the
master.
>>>
>>> On Tue, Apr 10, 2012 at 12:17 PM, Kaya Saman
<kayasaman@gmail.com
>>> <mailto:kayasaman@gmail.com>> wrote:
>>>
>>>    Again more weirdness as running:
>>>
>>>    puppetca --clean pc.jabber.com <http://pc.jabber.com> on
server
>>>
>>>    yields client to respond with:
>>>
>>>    [root@pc puppet]# puppet agent --waitforcert=1
>>>
>>>
>>> Forgot the --test invocation.  What that command line does is start
>>> the agent as a daemon and wait for the master to sign its cert.
>>>
>>> Kill off the agent :
>>>
>>> ps -ef | grep agent
>>> <note the pid>
>>> kill -9 <pid>
>>>
>>> clean out the ssl dirs that exist on the client
>>>
>>> kill off the cert on the master
>>>
>>> puppet agent --test --waitforcert=1
>>>
>>> That should get it for you...
>>>
>>>    [root@pc puppet]# puppet agent --test
>>>    err: Could not request certificate: Retrieved certificate does
not
>>>    match private key; please remove certificate from server and
>>>    regenerate it with the current key
>>>    Exiting; failed to retrieve certificate and waitforcert is
disabled
>>>
>>>    ??
>>>
>>>    How do I regenerate the certificate with the current key?
>>>
>>>
>>>    puppet -t creates a new cert but how does that function with
key?
>>>
>>>
>>>
>>>    Regards
>>>
>>>
>>>    On Tue, Apr 10, 2012 at 4:37 PM, Kaya Saman
<kayasaman@gmail.com
>>>    <mailto:kayasaman@gmail.com>> wrote:
>>>    > It''s the Puppet OVF learn.localdomain Puppet image
I downloaded from
>>>    > the puppetlabs website!
>>>    >
>>>    > Here is URL:
>>>    >
>>>    > http://docs.puppetlabs.com/learning/
>>>    >
>>>    >
>>>    > http://info.puppetlabs.com/download-learning-puppet-VM.html
>>>    >
>>>    >
>>>    > It''s a CentOS based system but stores Puppet in
/opt/puppet rather
>>>    > then your typical local install.
>>>    >
>>>    > I''ve got a FreeBSD clean Puppet server too which
is unconfigured
>>>    as of
>>>    > yet so just waiting to get this running before I move on to
>>>    something
>>>    > more complex.
>>>    >
>>>    >
>>>    > Regards,
>>>    >
>>>    >
>>>    > Kaya
>>>    >
>>>    >
>>>    > On Tue, Apr 10, 2012 at 4:34 PM, Peter Berghold
>>>    <salty.cowdawg@gmail.com
<mailto:salty.cowdawg@gmail.com>> wrote:
>>>    >> Eh?  What platform are you running on and why
/etc/puppetlabs?
>>>    >>
>>>    >>
>>>    >>
>>>    >>
>>>    >> On Tue, Apr 10, 2012 at 11:31 AM, Kaya Saman
>>>    <kayasaman@gmail.com <mailto:kayasaman@gmail.com>>
wrote:
>>>    >>>
>>>    >>> Ok quick update... turns out the signed dir was in
a different
>>>    location:
>>>    >>>
>>>    >>> /etc/puppetlabs/puppet/ssl/ca/signed
>>>    >>>
>>>    >>>
>>>    >>> I rectified that part but now a bit lost!
>>>    >>>
>>>    >>>
>>>    >>> On Tue, Apr 10, 2012 at 4:25 PM, Kaya Saman
>>>    <kayasaman@gmail.com <mailto:kayasaman@gmail.com>>
wrote:
>>>    >>> > On the server I get this error:
>>>    >>> >
>>>    >>> > cd /etc/puppet/ssl/ca/signed
>>>    >>> > -bash: cd: /etc/puppet/ssl/ca/signed: No such
file or directory
>>>    >>> >
>>>    >>> >
>>>    >>> > The output of puppet agent --waitforcert=1
>>>    >>> >
>>>    >>> >
>>>    >>> > [root@pc puppet]# puppet agent --waitforcert=1
>>>    >>> > [root@pc puppet]#
>>>    >>> >
>>>    >>> >
>>>    >>> > Is this correct?
>>>    >>> >
>>>    >>> >
>>>    >>> > On Tue, Apr 10, 2012 at 4:15 PM, Peter
Berghold
>>>    >>> > <salty.cowdawg@gmail.com
<mailto:salty.cowdawg@gmail.com>>
>>>
>>>    wrote:
>>>    >>> >> Try the following:
>>>    >>> >>
>>>    >>> >> On the puppet master host:
>>>    >>> >>
>>>    >>> >> cd /etc/puppet/ssl/ca/signed and remove
the signed cert you
>>>    generated
>>>    >>> >> before.
>>>    >>> >>
>>>    >>> >> On the client host (where you''re
running the agent)
>>>    >>> >>
>>>    >>> >> cd /var/lib/puppet  and remove any ssl
directory you find
>>>    there.
>>>    >>> >> cd /etc/puppet and remove any ssl
directory you see there.
>>>    >>> >> run puppet agent --waitforcert=1
>>>    >>> >>
>>>    >>> >>
>>>    >>> >> On the puppet master host puppetca --sign
pc.jabber.com
>>>    <http://pc.jabber.com>
>>>
>>>    >>> >>
>>>    >>> >> Puppet''s built in SSL can be a
bit fussy...
>>>    >>> >>
>>>    >>> >>
>>>    >>> >>
>>>    >>> >> On Tue, Apr 10, 2012 at 11:09 AM, Kaya
Saman
>>>    <kayasaman@gmail.com <mailto:kayasaman@gmail.com>>
>>>
>>>    >>> >> wrote:
>>>    >>> >>>
>>>    >>> >>> This is the output of all host based
commands:
>>>    >>> >>>
>>>    >>> >>> [root@pc ~]# uname -a
>>>    >>> >>> Linux pc.jabber.com
<http://pc.jabber.com>
>>>
>>>    3.3.0-4.fc16.x86_64 #1 SMP Tue Mar 20 18:05:40 UTC
>>>    >>> >>> 2012 x86_64 x86_64 x86_64 GNU/Linux
>>>    >>> >>>
>>>    >>> >>> [root@pc ~]# hostname -a
>>>    >>> >>> pc
>>>    >>> >>>
>>>    >>> >>> [root@pc ~]# facter fqdn
>>>    >>> >>> pc.jabber.com
<http://pc.jabber.com>
>>>
>>>    >>> >>>
>>>    >>> >>>
>>>    >>> >>> Regards,
>>>    >>> >>>
>>>    >>> >>> Kaya
>>>    >>> >>>
>>>    >>> >>>
>>>    >>> >>>
>>>    >>> >>> On Tue, Apr 10, 2012 at 4:01 PM, Peter
Berghold
>>>    >>> >>> <salty.cowdawg@gmail.com
<mailto:salty.cowdawg@gmail.com>>
>>>
>>>    >>> >>> wrote:
>>>    >>> >>> >
>>>    >>> >>> >
>>>    >>> >>> > On Tue, Apr 10, 2012 at 10:19 AM,
Kaya Saman
>>>    <kayasaman@gmail.com <mailto:kayasaman@gmail.com>>
>>>
>>>    >>> >>> > wrote:
>>>    >>> >>> >>
>>>    >>> >>> >>
>>>    >>> >>> >> err: Could not send report:
hostname was not match with
>>>    the server
>>>    >>> >>> >> certificate
>>>    >>> >>> >>
>>>    >>> >>> >>
>>>    >>> >>> >
>>>    >>> >>> >
>>>    >>> >>> > on the client run the command
>>>    >>> >>> >
>>>    >>> >>> > facter fqdn
>>>    >>> >>> >
>>>    >>> >>> > what does the host think its name
is?
>>>    >>> >>> >
>>>    >>> >>> >
>>>    >>> >>> >
>>>    >>> >>> >
>>>    >>> >>> >
>>>    >>> >>> > --
>>>    >>> >>> > Peter L. Berghold
>>>    >>> >>> > Owner, Shark River Technical
Solutions LLC
>>>    >>> >>> >
>>>    >>> >>> > --
>>>    >>> >>> > You received this message because
you are subscribed to
>>>    the Google
>>>    >>> >>> > Groups
>>>    >>> >>> > "Puppet Users" group.
>>>    >>> >>> > To post to this group, send email
to
>>>    puppet-users@googlegroups.com
<mailto:puppet-users@googlegroups.com>.
>>>
>>>    >>> >>> > To unsubscribe from this group,
send email to
>>>    >>> >>> >
puppet-users+unsubscribe@googlegroups.com
>>>    <mailto:puppet-users%2Bunsubscribe@googlegroups.com>.
>>>
>>>    >>> >>> > For more options, visit this
group at
>>>    >>> >>> >
http://groups.google.com/group/puppet-users?hl=en.
>>>    >>> >>>
>>>    >>> >>> --
>>>    >>> >>> You received this message because you
are subscribed to
>>>    the Google
>>>    >>> >>> Groups
>>>    >>> >>> "Puppet Users" group.
>>>    >>> >>> To post to this group, send email to
>>>    puppet-users@googlegroups.com
<mailto:puppet-users@googlegroups.com>.
>>>
>>>    >>> >>> To unsubscribe from this group, send
email to
>>>    >>> >>>
puppet-users+unsubscribe@googlegroups.com
>>>    <mailto:puppet-users%2Bunsubscribe@googlegroups.com>.
>>>
>>>    >>> >>> For more options, visit this group at
>>>    >>> >>>
http://groups.google.com/group/puppet-users?hl=en.
>>>    >>> >>>
>>>    >>> >>
>>>    >>> >>
>>>    >>> >>
>>>    >>> >> --
>>>    >>> >> Peter L. Berghold
>>>    >>> >> Owner, Shark River Technical Solutions LLC
>>>    >>> >>
>>>    >>> >> --
>>>    >>> >> You received this message because you are
subscribed to the
>>>    Google
>>>    >>> >> Groups
>>>    >>> >> "Puppet Users" group.
>>>    >>> >> To post to this group, send email to
>>>    puppet-users@googlegroups.com
<mailto:puppet-users@googlegroups.com>.
>>>
>>>    >>> >> To unsubscribe from this group, send email
to
>>>    >>> >> puppet-users+unsubscribe@googlegroups.com
>>>    <mailto:puppet-users%2Bunsubscribe@googlegroups.com>.
>>>
>>>    >>> >> For more options, visit this group at
>>>    >>> >>
http://groups.google.com/group/puppet-users?hl=en.
>>>    >>>
>>>    >>> --
>>>    >>> You received this message because you are
subscribed to the
>>>    Google Groups
>>>    >>> "Puppet Users" group.
>>>    >>> To post to this group, send email to
>>>    puppet-users@googlegroups.com
<mailto:puppet-users@googlegroups.com>.
>>>
>>>    >>> To unsubscribe from this group, send email to
>>>    >>> puppet-users+unsubscribe@googlegroups.com
>>>    <mailto:puppet-users%2Bunsubscribe@googlegroups.com>.
>>>
>>>    >>> For more options, visit this group at
>>>    >>> http://groups.google.com/group/puppet-users?hl=en.
>>>    >>>
>>>    >>
>>>    >>
>>>    >>
>>>    >> --
>>>    >> Peter L. Berghold
>>>    >> Owner, Shark River Technical Solutions LLC
>>>    >>
>>>    >> --
>>>    >> You received this message because you are subscribed to
the
>>>    Google Groups
>>>    >> "Puppet Users" group.
>>>    >> To post to this group, send email to
>>>    puppet-users@googlegroups.com
<mailto:puppet-users@googlegroups.com>.
>>>
>>>    >> To unsubscribe from this group, send email to
>>>    >> puppet-users+unsubscribe@googlegroups.com
>>>    <mailto:puppet-users%2Bunsubscribe@googlegroups.com>.
>>>
>>>    >> For more options, visit this group at
>>>    >> http://groups.google.com/group/puppet-users?hl=en.
>>>
>>>    --
>>>    You received this message because you are subscribed to the
Google
>>>    Groups "Puppet Users" group.
>>>    To post to this group, send email to
puppet-users@googlegroups.com
>>>    <mailto:puppet-users@googlegroups.com>.
>>>
>>>    To unsubscribe from this group, send email to
>>>    puppet-users+unsubscribe@googlegroups.com
>>>    <mailto:puppet-users%2Bunsubscribe@googlegroups.com>.
>>>
>>>    For more options, visit this group at
>>>    http://groups.google.com/group/puppet-users?hl=en.
>>>
>>>
>>>
>>>
>>> --
>>> Peter L. Berghold
>>> Owner, Shark River Technical Solutions LLC
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Puppet Users" group.
>>> To post to this group, send email to puppet-users@googlegroups.com.
>>> To unsubscribe from this group, send email to
>>> puppet-users+unsubscribe@googlegroups.com.
>>> For more options, visit this group at
>>> http://groups.google.com/group/puppet-users?hl=en.
>>
>>
>> --
>> Regards,
>> Ashish Jaiswal
>> System Admin
>>
>>
>> --
>> You received this message because you are subscribed to the Google
Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscribe@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
>
>
> --
> Peter L. Berghold
> Owner, Shark River Technical Solutions LLC
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Kaya,

Did you clean out:


   - /var/lib/puppet
   - /etc/puppet/ssl


before you re-ran?


The error you are seeing indicates there is a mismatch between hostname is
associated with the server''s certificate and what notion the client has
for
the server''s name.

Do you have DNS configured on the client (and server) and what does your
resolv.conf have in it?  That could effect what the client sees as its own
name as well as the server''s name.

If you do not have DNS configured on the client then there are other things
to look at.  What do you see if you run the command

ping puppet -c 1

This should answer a lot..


On Wed, Apr 11, 2012 at 5:03 AM, Kaya Saman <kayasaman@gmail.com> wrote:
> Ok no joy :-(
>
>
> On client:
>
> [root@pc puppet]# puppetd --server ps.jabber.com --waitforcert 60 --test
> warning: peer certificate won''t be verified in this SSL session
> info: Caching certificate for pc.jabber.com
> err: Could not retrieve catalog from remote server: hostname was not
> match with the server certificate
> warning: Not using cache on failed catalog
> err: Could not retrieve catalog; skipping run
> err: Could not send report: hostname was not match with the server
> certificate
>
>
> On server:
>
>
> [root@ps var]# /opt/puppet/sbin/puppetca --list
>  pc.jabber.com      (D2:66:2E:65:3B:DA:D0:C2:CA:12:42:8E:69:12:00:98)
>   puppet-test-client (5C:C4:3F:94:02:C3:D0:BD:F1:EB:F2:BB:A2:37:FD:3A)
> [root@ps var]# /opt/puppet/sbin/puppetca --sign pc.jabber.com
> notice: Signed certificate request for pc.jabber.com
> notice: Removing file Puppet::SSL::CertificateRequest pc.jabber.com at
>
''/etc/puppetlabs/puppet/ssl/ca/requests/pc.jabber.com.pem''
>
>
>
> What happens if I use my FreeBSD "clean" install and transfer the
> config over from the PuppetLabs image??
>
> I mean is it the server or client that''s not wanting to cooperate?
>
>
> Regards,
>
>
> Kaya
>
>
>
> On Tue, Apr 10, 2012 at 6:45 PM,  <kayasaman@gmail.com> wrote:
> > Thanks.
> >
> > Am currently on bus going home but will get back asap tomorrow morning
> once
> > I get back into the office :-)
> >
> > I appreciate everybodies input!
> > Sent from my BlackBerry® wireless device
> > ________________________________
> > From: Peter Berghold <salty.cowdawg@gmail.com>
> > Sender: puppet-users@googlegroups.com
> > Date: Tue, 10 Apr 2012 13:40:29 -0400
> > To: <puppet-users@googlegroups.com>
> > ReplyTo: puppet-users@googlegroups.com
> > Subject: Re: [Puppet Users] Puppet not creating manifest file?
> >
> > What Ashish recommends may be a bit extreme, but I''ve had to
at the very
> > least clean up /var/lib/puppet on particularly recalcitrant clients. 
So
> it
> > is not out of the bounds of being reasonable.
> >
> >
> > On Tue, Apr 10, 2012 at 1:33 PM, Ashish Jaiswal
<ashish1099@gmail.com>
> > wrote:
> >>
> >> Here is what I would suggest.
> >>
> >> Clean the /var/lib/puppet directory on both server as well as
client.
> >> And then restart puppetmaster on the server.
> >>
> >> # puppetd --server your.servername.com --waitforcert 60 --test
> >>
> >> Then check on server
> >>
> >> # puppetca --list
> >>
> >> You can see the list of the client
> >>
> >> # puppetca --sign client-name.fqdn
> >>
> >> Then run this command on client
> >>
> >> # puppet agent --test
> >>
> >> I know you have did the same for n times and another thing is that
check
> >> both the date and time whether it is  proper or not on both server
and
> >> client while performing the above test.
> >>
> >> if any error let me know.
> >>
> >>
> >> On Tuesday 10 April 2012 10:51:00 PM IST, Peter Berghold wrote:
> >>>
> >>> OK
> >>>
> >>> This is why I took you down the path I did.   Essentially what
you
> >>> want to have happen is the client should generate its own cert
and
> >>> during its first interaction with the master get it signed by
the
> master.
> >>>
> >>> On Tue, Apr 10, 2012 at 12:17 PM, Kaya Saman
<kayasaman@gmail.com
> >>> <mailto:kayasaman@gmail.com>> wrote:
> >>>
> >>>    Again more weirdness as running:
> >>>
> >>>    puppetca --clean pc.jabber.com <http://pc.jabber.com>
on server
> >>>
> >>>    yields client to respond with:
> >>>
> >>>    [root@pc puppet]# puppet agent --waitforcert=1
> >>>
> >>>
> >>> Forgot the --test invocation.  What that command line does is
start
> >>> the agent as a daemon and wait for the master to sign its
cert.
> >>>
> >>> Kill off the agent :
> >>>
> >>> ps -ef | grep agent
> >>> <note the pid>
> >>> kill -9 <pid>
> >>>
> >>> clean out the ssl dirs that exist on the client
> >>>
> >>> kill off the cert on the master
> >>>
> >>> puppet agent --test --waitforcert=1
> >>>
> >>> That should get it for you...
> >>>
> >>>    [root@pc puppet]# puppet agent --test
> >>>    err: Could not request certificate: Retrieved certificate
does not
> >>>    match private key; please remove certificate from server
and
> >>>    regenerate it with the current key
> >>>    Exiting; failed to retrieve certificate and waitforcert is
disabled
> >>>
> >>>    ??
> >>>
> >>>    How do I regenerate the certificate with the current key?
> >>>
> >>>
> >>>    puppet -t creates a new cert but how does that function
with key?
> >>>
> >>>
> >>>
> >>>    Regards
> >>>
> >>>
> >>>    On Tue, Apr 10, 2012 at 4:37 PM, Kaya Saman
<kayasaman@gmail.com
> >>>    <mailto:kayasaman@gmail.com>> wrote:
> >>>    > It''s the Puppet OVF learn.localdomain Puppet
image I downloaded
> from
> >>>    > the puppetlabs website!
> >>>    >
> >>>    > Here is URL:
> >>>    >
> >>>    > http://docs.puppetlabs.com/learning/
> >>>    >
> >>>    >
> >>>    >
http://info.puppetlabs.com/download-learning-puppet-VM.html
> >>>    >
> >>>    >
> >>>    > It''s a CentOS based system but stores Puppet
in /opt/puppet rather
> >>>    > then your typical local install.
> >>>    >
> >>>    > I''ve got a FreeBSD clean Puppet server too
which is unconfigured
> >>>    as of
> >>>    > yet so just waiting to get this running before I move
on to
> >>>    something
> >>>    > more complex.
> >>>    >
> >>>    >
> >>>    > Regards,
> >>>    >
> >>>    >
> >>>    > Kaya
> >>>    >
> >>>    >
> >>>    > On Tue, Apr 10, 2012 at 4:34 PM, Peter Berghold
> >>>    <salty.cowdawg@gmail.com
<mailto:salty.cowdawg@gmail.com>> wrote:
> >>>    >> Eh?  What platform are you running on and why
/etc/puppetlabs?
> >>>    >>
> >>>    >>
> >>>    >>
> >>>    >>
> >>>    >> On Tue, Apr 10, 2012 at 11:31 AM, Kaya Saman
> >>>    <kayasaman@gmail.com
<mailto:kayasaman@gmail.com>> wrote:
> >>>    >>>
> >>>    >>> Ok quick update... turns out the signed dir
was in a different
> >>>    location:
> >>>    >>>
> >>>    >>> /etc/puppetlabs/puppet/ssl/ca/signed
> >>>    >>>
> >>>    >>>
> >>>    >>> I rectified that part but now a bit lost!
> >>>    >>>
> >>>    >>>
> >>>    >>> On Tue, Apr 10, 2012 at 4:25 PM, Kaya Saman
> >>>    <kayasaman@gmail.com
<mailto:kayasaman@gmail.com>> wrote:
> >>>    >>> > On the server I get this error:
> >>>    >>> >
> >>>    >>> > cd /etc/puppet/ssl/ca/signed
> >>>    >>> > -bash: cd: /etc/puppet/ssl/ca/signed: No
such file or
> directory
> >>>    >>> >
> >>>    >>> >
> >>>    >>> > The output of puppet agent
--waitforcert=1
> >>>    >>> >
> >>>    >>> >
> >>>    >>> > [root@pc puppet]# puppet agent
--waitforcert=1
> >>>    >>> > [root@pc puppet]#
> >>>    >>> >
> >>>    >>> >
> >>>    >>> > Is this correct?
> >>>    >>> >
> >>>    >>> >
> >>>    >>> > On Tue, Apr 10, 2012 at 4:15 PM, Peter
Berghold
> >>>    >>> > <salty.cowdawg@gmail.com
<mailto:salty.cowdawg@gmail.com>>
> >>>
> >>>    wrote:
> >>>    >>> >> Try the following:
> >>>    >>> >>
> >>>    >>> >> On the puppet master host:
> >>>    >>> >>
> >>>    >>> >> cd /etc/puppet/ssl/ca/signed and
remove the signed cert you
> >>>    generated
> >>>    >>> >> before.
> >>>    >>> >>
> >>>    >>> >> On the client host (where
you''re running the agent)
> >>>    >>> >>
> >>>    >>> >> cd /var/lib/puppet  and remove any
ssl directory you find
> >>>    there.
> >>>    >>> >> cd /etc/puppet and remove any ssl
directory you see there.
> >>>    >>> >> run puppet agent --waitforcert=1
> >>>    >>> >>
> >>>    >>> >>
> >>>    >>> >> On the puppet master host puppetca
--sign pc.jabber.com
> >>>    <http://pc.jabber.com>
> >>>
> >>>    >>> >>
> >>>    >>> >> Puppet''s built in SSL can be
a bit fussy...
> >>>    >>> >>
> >>>    >>> >>
> >>>    >>> >>
> >>>    >>> >> On Tue, Apr 10, 2012 at 11:09 AM,
Kaya Saman
> >>>    <kayasaman@gmail.com
<mailto:kayasaman@gmail.com>>
> >>>
> >>>    >>> >> wrote:
> >>>    >>> >>>
> >>>    >>> >>> This is the output of all host
based commands:
> >>>    >>> >>>
> >>>    >>> >>> [root@pc ~]# uname -a
> >>>    >>> >>> Linux pc.jabber.com
<http://pc.jabber.com>
> >>>
> >>>    3.3.0-4.fc16.x86_64 #1 SMP Tue Mar 20 18:05:40 UTC
> >>>    >>> >>> 2012 x86_64 x86_64 x86_64
GNU/Linux
> >>>    >>> >>>
> >>>    >>> >>> [root@pc ~]# hostname -a
> >>>    >>> >>> pc
> >>>    >>> >>>
> >>>    >>> >>> [root@pc ~]# facter fqdn
> >>>    >>> >>> pc.jabber.com
<http://pc.jabber.com>
> >>>
> >>>    >>> >>>
> >>>    >>> >>>
> >>>    >>> >>> Regards,
> >>>    >>> >>>
> >>>    >>> >>> Kaya
> >>>    >>> >>>
> >>>    >>> >>>
> >>>    >>> >>>
> >>>    >>> >>> On Tue, Apr 10, 2012 at 4:01 PM,
Peter Berghold
> >>>    >>> >>> <salty.cowdawg@gmail.com
<mailto:salty.cowdawg@gmail.com>>
> >>>
> >>>    >>> >>> wrote:
> >>>    >>> >>> >
> >>>    >>> >>> >
> >>>    >>> >>> > On Tue, Apr 10, 2012 at
10:19 AM, Kaya Saman
> >>>    <kayasaman@gmail.com
<mailto:kayasaman@gmail.com>>
> >>>
> >>>    >>> >>> > wrote:
> >>>    >>> >>> >>
> >>>    >>> >>> >>
> >>>    >>> >>> >> err: Could not send
report: hostname was not match with
> >>>    the server
> >>>    >>> >>> >> certificate
> >>>    >>> >>> >>
> >>>    >>> >>> >>
> >>>    >>> >>> >
> >>>    >>> >>> >
> >>>    >>> >>> > on the client run the
command
> >>>    >>> >>> >
> >>>    >>> >>> > facter fqdn
> >>>    >>> >>> >
> >>>    >>> >>> > what does the host think its
name is?
> >>>    >>> >>> >
> >>>    >>> >>> >
> >>>    >>> >>> >
> >>>    >>> >>> >
> >>>    >>> >>> >
> >>>    >>> >>> > --
> >>>    >>> >>> > Peter L. Berghold
> >>>    >>> >>> > Owner, Shark River Technical
Solutions LLC
> >>>    >>> >>> >
> >>>    >>> >>> > --
> >>>    >>> >>> > You received this message
because you are subscribed to
> >>>    the Google
> >>>    >>> >>> > Groups
> >>>    >>> >>> > "Puppet Users"
group.
> >>>    >>> >>> > To post to this group, send
email to
> >>>    puppet-users@googlegroups.com
<mailto:puppet-users@googlegroups.com
> >.
> >>>
> >>>    >>> >>> > To unsubscribe from this
group, send email to
> >>>    >>> >>> >
puppet-users+unsubscribe@googlegroups.com
> >>>    <mailto:puppet-users%2Bunsubscribe@googlegroups.com>.
> >>>
> >>>    >>> >>> > For more options, visit this
group at
> >>>    >>> >>> >
http://groups.google.com/group/puppet-users?hl=en.
> >>>    >>> >>>
> >>>    >>> >>> --
> >>>    >>> >>> You received this message because
you are subscribed to
> >>>    the Google
> >>>    >>> >>> Groups
> >>>    >>> >>> "Puppet Users" group.
> >>>    >>> >>> To post to this group, send email
to
> >>>    puppet-users@googlegroups.com
<mailto:puppet-users@googlegroups.com
> >.
> >>>
> >>>    >>> >>> To unsubscribe from this group,
send email to
> >>>    >>> >>>
puppet-users+unsubscribe@googlegroups.com
> >>>    <mailto:puppet-users%2Bunsubscribe@googlegroups.com>.
> >>>
> >>>    >>> >>> For more options, visit this
group at
> >>>    >>> >>>
http://groups.google.com/group/puppet-users?hl=en.
> >>>    >>> >>>
> >>>    >>> >>
> >>>    >>> >>
> >>>    >>> >>
> >>>    >>> >> --
> >>>    >>> >> Peter L. Berghold
> >>>    >>> >> Owner, Shark River Technical
Solutions LLC
> >>>    >>> >>
> >>>    >>> >> --
> >>>    >>> >> You received this message because you
are subscribed to the
> >>>    Google
> >>>    >>> >> Groups
> >>>    >>> >> "Puppet Users" group.
> >>>    >>> >> To post to this group, send email to
> >>>    puppet-users@googlegroups.com
<mailto:puppet-users@googlegroups.com
> >.
> >>>
> >>>    >>> >> To unsubscribe from this group, send
email to
> >>>    >>> >>
puppet-users+unsubscribe@googlegroups.com
> >>>    <mailto:puppet-users%2Bunsubscribe@googlegroups.com>.
> >>>
> >>>    >>> >> For more options, visit this group at
> >>>    >>> >>
http://groups.google.com/group/puppet-users?hl=en.
> >>>    >>>
> >>>    >>> --
> >>>    >>> You received this message because you are
subscribed to the
> >>>    Google Groups
> >>>    >>> "Puppet Users" group.
> >>>    >>> To post to this group, send email to
> >>>    puppet-users@googlegroups.com
<mailto:puppet-users@googlegroups.com
> >.
> >>>
> >>>    >>> To unsubscribe from this group, send email to
> >>>    >>> puppet-users+unsubscribe@googlegroups.com
> >>>    <mailto:puppet-users%2Bunsubscribe@googlegroups.com>.
> >>>
> >>>    >>> For more options, visit this group at
> >>>    >>>
http://groups.google.com/group/puppet-users?hl=en.
> >>>    >>>
> >>>    >>
> >>>    >>
> >>>    >>
> >>>    >> --
> >>>    >> Peter L. Berghold
> >>>    >> Owner, Shark River Technical Solutions LLC
> >>>    >>
> >>>    >> --
> >>>    >> You received this message because you are
subscribed to the
> >>>    Google Groups
> >>>    >> "Puppet Users" group.
> >>>    >> To post to this group, send email to
> >>>    puppet-users@googlegroups.com
<mailto:puppet-users@googlegroups.com
> >.
> >>>
> >>>    >> To unsubscribe from this group, send email to
> >>>    >> puppet-users+unsubscribe@googlegroups.com
> >>>    <mailto:puppet-users%2Bunsubscribe@googlegroups.com>.
> >>>
> >>>    >> For more options, visit this group at
> >>>    >> http://groups.google.com/group/puppet-users?hl=en.
> >>>
> >>>    --
> >>>    You received this message because you are subscribed to the
Google
> >>>    Groups "Puppet Users" group.
> >>>    To post to this group, send email to
puppet-users@googlegroups.com
> >>>    <mailto:puppet-users@googlegroups.com>.
> >>>
> >>>    To unsubscribe from this group, send email to
> >>>    puppet-users+unsubscribe@googlegroups.com
> >>>    <mailto:puppet-users%2Bunsubscribe@googlegroups.com>.
> >>>
> >>>    For more options, visit this group at
> >>>    http://groups.google.com/group/puppet-users?hl=en.
> >>>
> >>>
> >>>
> >>>
> >>> --
> >>> Peter L. Berghold
> >>> Owner, Shark River Technical Solutions LLC
> >>>
> >>> --
> >>> You received this message because you are subscribed to the
Google
> >>> Groups "Puppet Users" group.
> >>> To post to this group, send email to
puppet-users@googlegroups.com.
> >>> To unsubscribe from this group, send email to
> >>> puppet-users+unsubscribe@googlegroups.com.
> >>> For more options, visit this group at
> >>> http://groups.google.com/group/puppet-users?hl=en.
> >>
> >>
> >> --
> >> Regards,
> >> Ashish Jaiswal
> >> System Admin
> >>
> >>
> >> --
> >> You received this message because you are subscribed to the Google
> Groups
> >> "Puppet Users" group.
> >> To post to this group, send email to
puppet-users@googlegroups.com.
> >> To unsubscribe from this group, send email to
> >> puppet-users+unsubscribe@googlegroups.com.
> >> For more options, visit this group at
> >> http://groups.google.com/group/puppet-users?hl=en.
> >>
> >
> >
> >
> > --
> > Peter L. Berghold
> > Owner, Shark River Technical Solutions LLC
> >
> > --
> > You received this message because you are subscribed to the Google
Groups
> > "Puppet Users" group.
> > To post to this group, send email to puppet-users@googlegroups.com.
> > To unsubscribe from this group, send email to
> > puppet-users+unsubscribe@googlegroups.com.
> > For more options, visit this group at
> > http://groups.google.com/group/puppet-users?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
Peter L. Berghold
Owner, Shark River Technical Solutions LLC

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Wed, Apr 11, 2012 at 1:20 PM, Peter Berghold <salty.cowdawg@gmail.com>
wrote:
> Kaya,
>
> Did you clean out:
>
> /var/lib/puppet
> /etc/puppet/ssl
>
>
> before you re-ran?
>
>
> The error you are seeing indicates there is a mismatch between hostname is
> associated with the server''s certificate and what notion the
client has for
> the server''s name.
>
> Do you have DNS configured on the client (and server) and what does your
> resolv.conf have in it?  That could effect what the client sees as its own
> name as well as the server''s name.
>
> If you do not have DNS configured on the client then there are other things
> to look at.  What do you see if you run the command
>
> ping puppet -c 1
>
> This should answer a lot..
>
>
>
Ok well here is the DNS info:

From the server ps.jabber.com {as it''s test FQDN name}

[root@ps ~]# nslookup ps.jabber.com
Server:		10.0.0.1
Address:	10.0.0.1#53

Name:	ps.jabber.com
Address: 10.0.0.6

[root@ps ~]# nslookup pc.jabber.com
Server:		10.0.0.1
Address:	10.0.0.1#53

Name:	pc.jabber.com
Address: 10.0.0.4


From the client pc.jabber.com {as it''s test FQDN name}


[root@pc ~]# nslookup ps.jabber.com
Server:		10.0.0.1
Address:	10.0.0.1#53

Name:	ps.jabber.com
Address: 10.0.0.6

[root@pc ~]# nslookup pc.jabber.com
Server:		10.0.0.1
Address:	10.0.0.1#53

Name:	pc.jabber.com
Address: 10.0.0.4



Here is the Ping info:


[root@pc ~]# ping puppet -c 1
PING ps.jabber.com (10.0.0.6) 56(84) bytes of data.
64 bytes from ps.jabber.com (10.0.0.6): icmp_req=1 ttl=64 time=0.520 ms

--- ps.jabber.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.520/0.520/0.520/0.000 ms



Additionally I did clean out:
> /var/lib/puppet
> /etc/puppet/ss

on the client and server.....


But still same issues.


I will keep playing but not sure if it''s an internal puppet thing or
an OS think?


Regards,


Kaya

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

what''s in your resolv.conf?



On Fri, Apr 13, 2012 at 6:59 AM, Kaya Saman <kayasaman@gmail.com> wrote:
> On Wed, Apr 11, 2012 at 1:20 PM, Peter Berghold
<salty.cowdawg@gmail.com>
> wrote:
> > Kaya,
> >
> > Did you clean out:
> >
> > /var/lib/puppet
> > /etc/puppet/ssl
> >
> >
> > before you re-ran?
> >
> >
> > The error you are seeing indicates there is a mismatch between
hostname
> is
> > associated with the server''s certificate and what notion the
client has
> for
> > the server''s name.
> >
> > Do you have DNS configured on the client (and server) and what does
your
> > resolv.conf have in it?  That could effect what the client sees as its
> own
> > name as well as the server''s name.
> >
> > If you do not have DNS configured on the client then there are other
> things
> > to look at.  What do you see if you run the command
> >
> > ping puppet -c 1
> >
> > This should answer a lot..
> >
> >
> >
>
> Ok well here is the DNS info:
>
> From the server ps.jabber.com {as it''s test FQDN name}
>
> [root@ps ~]# nslookup ps.jabber.com
> Server:         10.0.0.1
> Address:        10.0.0.1#53
>
> Name:   ps.jabber.com
> Address: 10.0.0.6
>
> [root@ps ~]# nslookup pc.jabber.com
> Server:         10.0.0.1
> Address:        10.0.0.1#53
>
> Name:   pc.jabber.com
> Address: 10.0.0.4
>
>
> From the client pc.jabber.com {as it''s test FQDN name}
>
>
> [root@pc ~]# nslookup ps.jabber.com
> Server:         10.0.0.1
> Address:        10.0.0.1#53
>
> Name:   ps.jabber.com
> Address: 10.0.0.6
>
> [root@pc ~]# nslookup pc.jabber.com
> Server:         10.0.0.1
> Address:        10.0.0.1#53
>
> Name:   pc.jabber.com
> Address: 10.0.0.4
>
>
>
> Here is the Ping info:
>
>
> [root@pc ~]# ping puppet -c 1
> PING ps.jabber.com (10.0.0.6) 56(84) bytes of data.
> 64 bytes from ps.jabber.com (10.0.0.6): icmp_req=1 ttl=64 time=0.520 ms
>
> --- ps.jabber.com ping statistics ---
> 1 packets transmitted, 1 received, 0% packet loss, time 0ms
> rtt min/avg/max/mdev = 0.520/0.520/0.520/0.000 ms
>
>
>
> Additionally I did clean out:
>
> > /var/lib/puppet
> > /etc/puppet/ss
>
>
> on the client and server.....
>
>
> But still same issues.
>
>
> I will keep playing but not sure if it''s an internal puppet thing
or
> an OS think?
>
>
> Regards,
>
>
> Kaya
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
Peter L. Berghold
Owner, Shark River Technical Solutions LLC

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.