I have one puppet complaining - Could not retrieve configuration: Certificates were not trusted: block type is not 01 Puppetmaster and puppet''s are CentOS 4.5 and I use the Lutter rpms of 23.2, anyone ever see this? Thx Tim
On Nov 2, 2007, at 7:36 AM, <Tim.Metz@cox.com> wrote:> I have one puppet complaining - > > Could not retrieve configuration: Certificates were not trusted: block > type is not 01 > > Puppetmaster and puppet''s are CentOS 4.5 and I use the Lutter rpms of > 23.2, anyone ever see this?I haven''t seen that, but have you run the verify command from the FAQ? -- I am not young enough to know everything. -- Oscar Wilde --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com
[xxxxx@dukesrvi01 temp]# sudo openssl verify -CAfile
/etc/puppet/ssl/certs/ca.pem
/etc/puppet/ssl/certs/dukesrvi01.xx.xx.xxx.xxx.pem
/etc/puppet/ssl/certs/dukesrvi01.xx.xx.xxx.xxx.pem: OK
[xxxxx@dukesrvi01 temp]#
I even we as far as a yum erase, deleted /etc/puppet and
/var/lib/puppet. Now, the client cert isn''t showing up on the
puppetmaster for signing and I''m getting:
warning: peer certificate won''t be verified in this SSL session.
/usr/lib/site_ruby/1.8/puppet/network/client/ca.rb:31:in
`request_cert'':
Certificate retrieval failed: Certificates were not trusted:
(Puppet::Error)
from /usr/sbin/puppetd:346
Hope this isn''t a n00b issue.
Tim
-----Original Message-----
From: puppet-users-bounces@madstop.com
[mailto:puppet-users-bounces@madstop.com] On Behalf Of Luke Kanies
Sent: Friday, November 02, 2007 10:11 AM
To: Puppet User Discussion
Subject: Re: [Puppet-users] Odd SSL Error
On Nov 2, 2007, at 7:36 AM, <Tim.Metz@cox.com> wrote:
> I have one puppet complaining -
>
> Could not retrieve configuration: Certificates were not trusted: block
> type is not 01
>
> Puppetmaster and puppet''s are CentOS 4.5 and I use the Lutter rpms
of
> 23.2, anyone ever see this?
I haven''t seen that, but have you run the verify command from the FAQ?
--
I am not young enough to know everything. -- Oscar Wilde
---------------------------------------------------------------------
Luke Kanies | http://reductivelabs.com | http://madstop.com
_______________________________________________
Puppet-users mailing list
Puppet-users@madstop.com
https://mail.madstop.com/mailman/listinfo/puppet-users
On Nov 2, 2007, at 11:31 AM, <Tim.Metz@cox.com> <Tim.Metz@cox.com> wrote:> [xxxxx@dukesrvi01 temp]# sudo openssl verify -CAfile > /etc/puppet/ssl/certs/ca.pem > /etc/puppet/ssl/certs/dukesrvi01.xx.xx.xxx.xxx.pem > /etc/puppet/ssl/certs/dukesrvi01.xx.xx.xxx.xxx.pem: OK > [xxxxx@dukesrvi01 temp]# > > I even we as far as a yum erase, deleted /etc/puppet and > /var/lib/puppet. Now, the client cert isn''t showing up on the > puppetmaster for signing and I''m getting: > > warning: peer certificate won''t be verified in this SSL session. > /usr/lib/site_ruby/1.8/puppet/network/client/ca.rb:31:in > `request_cert'': > Certificate retrieval failed: Certificates were not trusted: > (Puppet::Error) > from /usr/sbin/puppetd:346 > > Hope this isn''t a n00b issue.It looks like your client can''t even request its cert, which is... strange. Did you clean out the certificate on your server, using puppetca --clean? -- I never think of the future. It comes soon enough. --Albert Einstein --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com
Yep, I sure did. I''m back up now, I''m fairly certain this had to do with the location change of ssl certs when I upgraded. Just to restate, I don''t know if the location change was something between puppet versions or between rpms (dag vs lutter), it''s not important to me, I just don''t want anyone to think I''m pointing fingers. My recovery procedure was: backup file server dir backup manifest dir yum erase puppet-server rm -fr /etc/puppet, /var/puppet and /var/lib/puppet yum install puppet-server (lutter rpm) set to on via chkconfig and start I then ran the below as a script on all my clients: /etc/init.d/puppet stop yum -y erase puppet rm -fr /etc/puppet/ rm -fr /var/puppet/ rm -fr /var/lib/puppet/ yum -y install puppet /sbin/chkconfig puppet on /etc/init.d/puppet start I then sat on the puppet master and signed certs as they came in. It wasn''t too bad and now I have a 100% clean install with no deprecated conf files laying around. Tim -----Original Message----- From: puppet-users-bounces@madstop.com [mailto:puppet-users-bounces@madstop.com] On Behalf Of Luke Kanies Sent: Saturday, November 03, 2007 11:19 AM To: Puppet User Discussion Subject: Re: [Puppet-users] Odd SSL Error On Nov 2, 2007, at 11:31 AM, <Tim.Metz@cox.com> <Tim.Metz@cox.com> wrote:> [xxxxx@dukesrvi01 temp]# sudo openssl verify -CAfile > /etc/puppet/ssl/certs/ca.pem > /etc/puppet/ssl/certs/dukesrvi01.xx.xx.xxx.xxx.pem > /etc/puppet/ssl/certs/dukesrvi01.xx.xx.xxx.xxx.pem: OK > [xxxxx@dukesrvi01 temp]# > > I even we as far as a yum erase, deleted /etc/puppet and > /var/lib/puppet. Now, the client cert isn''t showing up on the > puppetmaster for signing and I''m getting: > > warning: peer certificate won''t be verified in this SSL session. > /usr/lib/site_ruby/1.8/puppet/network/client/ca.rb:31:in > `request_cert'': > Certificate retrieval failed: Certificates were not trusted: > (Puppet::Error) > from /usr/sbin/puppetd:346 > > Hope this isn''t a n00b issue.It looks like your client can''t even request its cert, which is... strange. Did you clean out the certificate on your server, using puppetca --clean? -- I never think of the future. It comes soon enough. --Albert Einstein --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com _______________________________________________ Puppet-users mailing list Puppet-users@madstop.com https://mail.madstop.com/mailman/listinfo/puppet-users
Oh.. Left out the restore file server and manifest directories. Tim -----Original Message----- From: puppet-users-bounces@madstop.com [mailto:puppet-users-bounces@madstop.com] On Behalf Of Tim.Metz@cox.com Sent: Saturday, November 03, 2007 1:35 PM To: puppet-users@madstop.com Subject: Re: [Puppet-users] Odd SSL Error Yep, I sure did. I''m back up now, I''m fairly certain this had to do with the location change of ssl certs when I upgraded. Just to restate, I don''t know if the location change was something between puppet versions or between rpms (dag vs lutter), it''s not important to me, I just don''t want anyone to think I''m pointing fingers. My recovery procedure was: backup file server dir backup manifest dir yum erase puppet-server rm -fr /etc/puppet, /var/puppet and /var/lib/puppet yum install puppet-server (lutter rpm) set to on via chkconfig and start I then ran the below as a script on all my clients: /etc/init.d/puppet stop yum -y erase puppet rm -fr /etc/puppet/ rm -fr /var/puppet/ rm -fr /var/lib/puppet/ yum -y install puppet /sbin/chkconfig puppet on /etc/init.d/puppet start I then sat on the puppet master and signed certs as they came in. It wasn''t too bad and now I have a 100% clean install with no deprecated conf files laying around. Tim -----Original Message----- From: puppet-users-bounces@madstop.com [mailto:puppet-users-bounces@madstop.com] On Behalf Of Luke Kanies Sent: Saturday, November 03, 2007 11:19 AM To: Puppet User Discussion Subject: Re: [Puppet-users] Odd SSL Error On Nov 2, 2007, at 11:31 AM, <Tim.Metz@cox.com> <Tim.Metz@cox.com> wrote:> [xxxxx@dukesrvi01 temp]# sudo openssl verify -CAfile > /etc/puppet/ssl/certs/ca.pem > /etc/puppet/ssl/certs/dukesrvi01.xx.xx.xxx.xxx.pem > /etc/puppet/ssl/certs/dukesrvi01.xx.xx.xxx.xxx.pem: OK > [xxxxx@dukesrvi01 temp]# > > I even we as far as a yum erase, deleted /etc/puppet and > /var/lib/puppet. Now, the client cert isn''t showing up on the > puppetmaster for signing and I''m getting: > > warning: peer certificate won''t be verified in this SSL session. > /usr/lib/site_ruby/1.8/puppet/network/client/ca.rb:31:in > `request_cert'': > Certificate retrieval failed: Certificates were not trusted: > (Puppet::Error) > from /usr/sbin/puppetd:346 > > Hope this isn''t a n00b issue.It looks like your client can''t even request its cert, which is... strange. Did you clean out the certificate on your server, using puppetca --clean? -- I never think of the future. It comes soon enough. --Albert Einstein --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com _______________________________________________ Puppet-users mailing list Puppet-users@madstop.com https://mail.madstop.com/mailman/listinfo/puppet-users _______________________________________________ Puppet-users mailing list Puppet-users@madstop.com https://mail.madstop.com/mailman/listinfo/puppet-users