Puppet users - Oct 2013 - 'eval_generate: SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: tlsv1 alert unknown ca

Hi, ppl

I dont know what to do.
I configure a new client do sync with my server. the server accept de 
client_cert without errors and then when i run the "puppet agent -t"
agaion
i got this error output

info: Retrieving plugin
err: /File[/var/lib/puppet/lib]: Failed to generate additional resources 
using ''eval_generate: SSL_connect returned=1 errno=0 state=SSLv3 read 
server session ticket A: tlsv1 alert unknown ca
err: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect returned=1 
errno=0 state=SSLv3 read server session ticket A: tlsv1 alert unknown ca 
Could not retrieve file metadata for puppet://gfn-puppetmaster/plugins: 
SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: 
tlsv1 alert unknown ca
err: Could not retrieve catalog from remote server: SSL_connect returned=1 
errno=0 state=SSLv3 read server session ticket A: tlsv1 alert unknown ca
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read 
server session ticket A: tlsv1 alert unknown ca

What i already checked the /etc/config of the client and de server. And the 
config files, but maybe i m missing something.

Could you help me, thank.

*## Client config*
*- hosts*
.....
*192.168.0.112 doforte.geofusion doforte
192.168.0.107 gfn-puppetmaster*
.....
*-puppet.config*
*[agent]
certname = generic-gfn-puppetmaster.pem
certificate_revocation = false
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
server = gfn-puppetmaster
report = true
pluginsync = true
certname = doforte.geofusion*

*### Server config*
*-host*
...
*192.168.0.107   gfn-puppetmaster
192.168.0.112   doforte.geofusion doforte*
...
*-puppet.config*
*[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates
prerun_command=/etc/puppet/etckeeper-commit-pre
postrun_command=/etc/puppet/etckeeper-commit-post

[master]
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
server = gfn-puppetmaster
report = true
pluginsync = true
certname = gfn-puppetmaster*

Thank you very much!


-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

I solved de problem. I dont use the best way, but worked.

on the client: rm -rf /etc/puppet/ssl/*
on the server rm -rf /var/lib/puppet/ssl/*

yes I know, I deleted all cert files of all servers. After that a sign all 
the certs.

--thank

Em sexta-feira, 18 de outubro de 2013 15h45min10s UTC-3, Havary
escreveu:
>
> Hi, ppl
>
> I dont know what to do.
> I configure a new client do sync with my server. the server accept de 
> client_cert without errors and then when i run the "puppet agent
-t" agaion
> i got this error output
>
> info: Retrieving plugin
> err: /File[/var/lib/puppet/lib]: Failed to generate additional resources 
> using ''eval_generate: SSL_connect returned=1 errno=0 state=SSLv3
read
> server session ticket A: tlsv1 alert unknown ca
> err: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect 
> returned=1 errno=0 state=SSLv3 read server session ticket A: tlsv1 alert 
> unknown ca Could not retrieve file metadata for 
> puppet://gfn-puppetmaster/plugins: SSL_connect returned=1 errno=0 
> state=SSLv3 read server session ticket A: tlsv1 alert unknown ca
> err: Could not retrieve catalog from remote server: SSL_connect returned=1 
> errno=0 state=SSLv3 read server session ticket A: tlsv1 alert unknown ca
> warning: Not using cache on failed catalog
> err: Could not retrieve catalog; skipping run
> err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 
> read server session ticket A: tlsv1 alert unknown ca
>
> What i already checked the /etc/config of the client and de server. And 
> the config files, but maybe i m missing something.
>
> Could you help me, thank.
>
> *## Client config*
> *- hosts*
> .....
> *192.168.0.112 doforte.geofusion doforte
> 192.168.0.107 gfn-puppetmaster*
> .....
> *-puppet.config*
> *[agent]
> certname = generic-gfn-puppetmaster.pem
> certificate_revocation = false
> ssl_client_header = SSL_CLIENT_S_DN
> ssl_client_verify_header = SSL_CLIENT_VERIFY
> server = gfn-puppetmaster
> report = true
> pluginsync = true
> certname = doforte.geofusion*
>
> *### Server config*
> *-host*
> ...
> *192.168.0.107   gfn-puppetmaster
> 192.168.0.112   doforte.geofusion doforte*
> ...
> *-puppet.config*
> *[main]
> logdir=/var/log/puppet
> vardir=/var/lib/puppet
> ssldir=/var/lib/puppet/ssl
> rundir=/var/run/puppet
> factpath=$vardir/lib/facter
> templatedir=$confdir/templates
> prerun_command=/etc/puppet/etckeeper-commit-pre
> postrun_command=/etc/puppet/etckeeper-commit-post
>
> [master]
> # These are needed when the puppetmaster is run by passenger
> # and can safely be removed if webrick is used.
> ssl_client_header = SSL_CLIENT_S_DN
> ssl_client_verify_header = SSL_CLIENT_VERIFY
> server = gfn-puppetmaster
> report = true
> pluginsync = true
> certname = gfn-puppetmaster*
>
> Thank you very much!
>
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.