Hi My server and clients are not working now. They used to work. What should I look at? server: # /usr/sbin/puppetmasterd --verbose info: Starting server for Puppet version 0.23.2 info: Parsed manifest in 0.84 seconds info: Listening on port 8140 notice: Starting Puppet server version 0.23.2 client: # /usr/sbin/puppetd --server 10.25.215.10 --verbose notice: Starting Puppet client version 0.23.2 err: Could not retrieve configuration: Certificates were not trusted: certificate verify failed err: Could not retrieve configuration: Cannot connect to server and there is no cached configuration server: # /usr/sbin/puppetca --list No certificates to sign Then I un-installed puppet-server and puppet and remvoed the puppet directories under /var. And then re-installed puppet-server and puppet. The behavior of the server and the client was the same above. On the server, locally, puppetd runs, and I can talk with 8140 port with telnet. I tried to look at the FAQ on reductivelabs.com, but it seems it is not running right now. Thanks, Yoshi
On Feb 13, 2008, at 12:17 AM, Tsuchiya Yoshihiro wrote:> client: > # /usr/sbin/puppetd --server 10.25.215.10 --verbose > notice: Starting Puppet client version 0.23.2 > err: Could not retrieve configuration: Certificates were not trusted: > certificate verify failed > err: Could not retrieve configuration: Cannot connect to server and > there is no cached configurationSearch for how to verify ssl certs, then figure out why yours isn''t verifying. It should fail with a marginally useful message, if you''re getting this failure.> > I tried to look at the FAQ on reductivelabs.com, but it seems it is > not > running right now.I''m looking into why it''s down; hopefully it''ll be back up within a few hours. -- Millions long for immortality who do not know what to do with themselves on a rainy Sunday afternoon. -- Susan Ertz --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com
Hi, again. Does this mean, the certificate was expired? It's been a few months since the last time we used puppet. Now our servers do not work at all. On the client: # openssl verify -CAfile /var/lib/puppet//ssl/certs/ca.pem /var/lib/puppet//ssl/certs/xxx.xxx.xxx.pem /var/lib/puppet//ssl/certs/xxx.xxx.xxx..pem: OK OK, probably this is true. Then I copy the xxx.xxx.xxx.pem to server:/tmp, and then on the server # openssl verify -CAfile /etc/puppet/ssl/certs/ca.pem /tmp/xxx.xxx.xxx.pem /tmp/xxx.xxx.xxx.pem: /CN=xxx.xxx.xxx error 7 at 0 depth lookup:certificate signature failure This is because the server ca.pem is different from the client's? I re-installed the client puppet and removed the /var/lib/puppet directory, but this does not work. And I did puppetca --clean on the server. Are their any way to refresh the cert status? And I wonder if you have any way or option to skip these cert/ssl things. Thanks, Yoshi Luke Kanies さんは書きました:> On Feb 13, 2008, at 12:17 AM, Tsuchiya Yoshihiro wrote: > >> client: >> # /usr/sbin/puppetd --server 10.25.215.10 --verbose >> notice: Starting Puppet client version 0.23.2 >> err: Could not retrieve configuration: Certificates were not trusted: >> certificate verify failed >> err: Could not retrieve configuration: Cannot connect to server and >> there is no cached configuration >> > > Search for how to verify ssl certs, then figure out why yours isn't > verifying. It should fail with a marginally useful message, if you're > getting this failure. > > >> I tried to look at the FAQ on reductivelabs.com, but it seems it is >> not >> running right now. >> > > I'm looking into why it's down; hopefully it'll be back up within a > few hours. > >_______________________________________________ Puppet-users mailing list Puppet-users@madstop.com https://mail.madstop.com/mailman/listinfo/puppet-users