Puppet users - Jan 2008 - Puppetmaster doesn''t know itself

I restarted puppetmasterd and it announced that the Cert does not match
existing key !
 
[root@puppet ~]# puppetmasterd --verbose --no-daemonize
info: Starting server for Puppet version 0.24.1
info: mount[files]: allowing 10.100.0.0/16 access
info: mount[files]: allowing *.gridapp.com access
info: mount[files]: allowing *.dev.gridapp.com access
info: Retrieving existing certificate for puppet.dev.gridapp.com
Certificate does not match private key.  Try ''puppetca --clean
puppet.dev.gridapp.com'' on the server.

when I clean, it creates a new one and claims the same thing
 
[root@puppet ~]# puppetca --clean puppet.dev.gridapp.com
Removing /var/lib/puppet/ssl/ca/signed/puppet.dev.gridapp.com.pem
Removing /var/lib/puppet/ssl/public_keys/puppet.dev.gridapp.com.pem
Removing /var/lib/puppet/ssl/private_keys/puppet.dev.gridapp.com.pem

[root@puppet ~]# puppetmasterd --verbose --no-daemonize
info: Starting server for Puppet version 0.24.1
info: mount[files]: allowing 10.100.0.0/16 access
info: mount[files]: allowing *.gridapp.com access
info: mount[files]: allowing *.dev.gridapp.com access
info: authstore: defaulting to no access for puppet.dev.gridapp.com
info: Signing certificate for CA server
info: Signing certificate for puppet.dev.gridapp.com
info: Creating a new SSL key at
/var/lib/puppet/ssl/private_keys/puppet.dev.gridapp.com.pem
Certificate does not match private key.  Try ''puppetca --clean
puppet.dev.gridapp.com'' on the server.

 
Eugene Ventimiglia
Director of Systems
GridApp Systems
e: eventi@gridapp.com
o: 646 452 4081
 


_______________________________________________
Puppet-users mailing list
Puppet-users@madstop.com
https://mail.madstop.com/mailman/listinfo/puppet-users

I''ve had that problem before. Try specifying the full server name on
the
command line.

 

Steven

 

________________________________

From: puppet-users-bounces@madstop.com
[mailto:puppet-users-bounces@madstop.com] On Behalf Of Eugene
Ventimiglia
Sent: Wednesday, January 02, 2008 9:30 AM
To: Puppet User Discussion
Subject: [Puppet-users] Puppetmaster doesn''t know itself

 

I restarted puppetmasterd and it announced that the Cert does not match
existing key !

 

[root@puppet ~]# puppetmasterd --verbose --no-daemonize
info: Starting server for Puppet version 0.24.1
info: mount[files]: allowing 10.100.0.0/16 access
info: mount[files]: allowing *.gridapp.com access
info: mount[files]: allowing *.dev.gridapp.com access
info: Retrieving existing certificate for puppet.dev.gridapp.com
Certificate does not match private key.  Try ''puppetca --clean
puppet.dev.gridapp.com'' on the server.

when I clean, it creates a new one and claims the same thing

 

[root@puppet ~]# puppetca --clean puppet.dev.gridapp.com
Removing /var/lib/puppet/ssl/ca/signed/puppet.dev.gridapp.com.pem
Removing /var/lib/puppet/ssl/public_keys/puppet.dev.gridapp.com.pem
Removing /var/lib/puppet/ssl/private_keys/puppet.dev.gridapp.com.pem

[root@puppet ~]# puppetmasterd --verbose --no-daemonize
info: Starting server for Puppet version 0.24.1
info: mount[files]: allowing 10.100.0.0/16 access
info: mount[files]: allowing *.gridapp.com access
info: mount[files]: allowing *.dev.gridapp.com access
info: authstore: defaulting to no access for puppet.dev.gridapp.com
info: Signing certificate for CA server
info: Signing certificate for puppet.dev.gridapp.com
info: Creating a new SSL key at
/var/lib/puppet/ssl/private_keys/puppet.dev.gridapp.com.pem
Certificate does not match private key.  Try ''puppetca --clean
puppet.dev.gridapp.com'' on the server.

 

Eugene Ventimiglia

Director of Systems

GridApp Systems

e: eventi@gridapp.com

o: 646 452 4081

 



_______________________________________________
Puppet-users mailing list
Puppet-users@madstop.com
https://mail.madstop.com/mailman/listinfo/puppet-users

Which command line? I''ve --cleaned the fqdn from puppetca... 

________________________________

From: puppet-users-bounces@madstop.com
[mailto:puppet-users-bounces@madstop.com] On Behalf Of Steven Nemetz
Sent: Wednesday, January 02, 2008 12:37 PM
To: Puppet User Discussion
Subject: Re: [Puppet-users] Puppetmaster doesn''t know itself



I''ve had that problem before. Try specifying the full server name on
the
command line.

 

Steven

 

________________________________

From: puppet-users-bounces@madstop.com
[mailto:puppet-users-bounces@madstop.com] On Behalf Of Eugene
Ventimiglia
Sent: Wednesday, January 02, 2008 9:30 AM
To: Puppet User Discussion
Subject: [Puppet-users] Puppetmaster doesn''t know itself

 

I restarted puppetmasterd and it announced that the Cert does not match
existing key !

 

[root@puppet ~]# puppetmasterd --verbose --no-daemonize
info: Starting server for Puppet version 0.24.1
info: mount[files]: allowing 10.100.0.0/16 access
info: mount[files]: allowing *.gridapp.com access
info: mount[files]: allowing *.dev.gridapp.com access
info: Retrieving existing certificate for puppet.dev.gridapp.com
Certificate does not match private key.  Try ''puppetca --clean
puppet.dev.gridapp.com'' on the server.

when I clean, it creates a new one and claims the same thing

 

[root@puppet ~]# puppetca --clean puppet.dev.gridapp.com
Removing /var/lib/puppet/ssl/ca/signed/puppet.dev.gridapp.com.pem
Removing /var/lib/puppet/ssl/public_keys/puppet.dev.gridapp.com.pem
Removing /var/lib/puppet/ssl/private_keys/puppet.dev.gridapp.com.pem

[root@puppet ~]# puppetmasterd --verbose --no-daemonize
info: Starting server for Puppet version 0.24.1
info: mount[files]: allowing 10.100.0.0/16 access
info: mount[files]: allowing *.gridapp.com access
info: mount[files]: allowing *.dev.gridapp.com access
info: authstore: defaulting to no access for puppet.dev.gridapp.com
info: Signing certificate for CA server
info: Signing certificate for puppet.dev.gridapp.com
info: Creating a new SSL key at
/var/lib/puppet/ssl/private_keys/puppet.dev.gridapp.com.pem
Certificate does not match private key.  Try ''puppetca --clean
puppet.dev.gridapp.com'' on the server.

 

Eugene Ventimiglia

Director of Systems

GridApp Systems

e: eventi@gridapp.com

o: 646 452 4081

 



_______________________________________________
Puppet-users mailing list
Puppet-users@madstop.com
https://mail.madstop.com/mailman/listinfo/puppet-users

So - I snapshotted the machine (yay vmware), deleted /etc/puppet/ssl and
/var/lib/puppet/ssl
started the puppetmaster:

[root@puppet puppet]# puppetmasterd --verbose --no-daemonize
info: Creating a new certificate request for puppet.dev.gridapp.com
info: Creating a new SSL key at
/var/lib/puppet/ssl/private_keys/puppet.dev.gridapp.com.pem
info: Signing certificate for CA server
info: Signing certificate for puppet.dev.gridapp.com

and then the puppetd:
 
[root@puppet lib]# puppetd --test
warning: peer certificate won''t be verified in this SSL session
info: Creating a new certificate request for puppet.dev.gridapp.com
info: Creating a new SSL key at
/etc/puppet/ssl/private_keys/puppet.dev.gridapp.com.pem
/usr/lib/ruby/site_ruby/1.8/puppet/network/client/ca.rb:31:in
`request_cert'': Certificate retrieval failed: Certificate request does
not match existing certificate; run ''puppetca --clean
puppet.dev.gridapp.com''. (Puppet::Error)
        from /usr/sbin/puppetd:346
 
removing both ssl directories, running the puppetmaster first, then
copying the /var/lib/puppet/ssl directory to /etc/puppet worked

 

________________________________

From: puppet-users-bounces@madstop.com
[mailto:puppet-users-bounces@madstop.com] On Behalf Of Eugene
Ventimiglia
Sent: Wednesday, January 02, 2008 12:43 PM
To: Puppet User Discussion
Subject: Re: [Puppet-users] Puppetmaster doesn''t know itself


Which command line? I''ve --cleaned the fqdn from puppetca... 

________________________________

From: puppet-users-bounces@madstop.com
[mailto:puppet-users-bounces@madstop.com] On Behalf Of Steven Nemetz
Sent: Wednesday, January 02, 2008 12:37 PM
To: Puppet User Discussion
Subject: Re: [Puppet-users] Puppetmaster doesn''t know itself



I''ve had that problem before. Try specifying the full server name on
the
command line.

 

Steven

 

________________________________

From: puppet-users-bounces@madstop.com
[mailto:puppet-users-bounces@madstop.com] On Behalf Of Eugene
Ventimiglia
Sent: Wednesday, January 02, 2008 9:30 AM
To: Puppet User Discussion
Subject: [Puppet-users] Puppetmaster doesn''t know itself

 

I restarted puppetmasterd and it announced that the Cert does not match
existing key !

 

[root@puppet ~]# puppetmasterd --verbose --no-daemonize
info: Starting server for Puppet version 0.24.1
info: mount[files]: allowing 10.100.0.0/16 access
info: mount[files]: allowing *.gridapp.com access
info: mount[files]: allowing *.dev.gridapp.com access
info: Retrieving existing certificate for puppet.dev.gridapp.com
Certificate does not match private key.  Try ''puppetca --clean
puppet.dev.gridapp.com'' on the server.

when I clean, it creates a new one and claims the same thing

 

[root@puppet ~]# puppetca --clean puppet.dev.gridapp.com
Removing /var/lib/puppet/ssl/ca/signed/puppet.dev.gridapp.com.pem
Removing /var/lib/puppet/ssl/public_keys/puppet.dev.gridapp.com.pem
Removing /var/lib/puppet/ssl/private_keys/puppet.dev.gridapp.com.pem

[root@puppet ~]# puppetmasterd --verbose --no-daemonize
info: Starting server for Puppet version 0.24.1
info: mount[files]: allowing 10.100.0.0/16 access
info: mount[files]: allowing *.gridapp.com access
info: mount[files]: allowing *.dev.gridapp.com access
info: authstore: defaulting to no access for puppet.dev.gridapp.com
info: Signing certificate for CA server
info: Signing certificate for puppet.dev.gridapp.com
info: Creating a new SSL key at
/var/lib/puppet/ssl/private_keys/puppet.dev.gridapp.com.pem
Certificate does not match private key.  Try ''puppetca --clean
puppet.dev.gridapp.com'' on the server.

 

Eugene Ventimiglia

Director of Systems

GridApp Systems

e: eventi@gridapp.com

o: 646 452 4081

 



_______________________________________________
Puppet-users mailing list
Puppet-users@madstop.com
https://mail.madstop.com/mailman/listinfo/puppet-users

On the puppetmasterd command line add --server fqdn

I had to do that to all my servers when I installed some ruby packages

 

Steven

 

________________________________

From: puppet-users-bounces@madstop.com
[mailto:puppet-users-bounces@madstop.com] On Behalf Of Eugene
Ventimiglia
Sent: Wednesday, January 02, 2008 9:43 AM
To: Puppet User Discussion
Subject: Re: [Puppet-users] Puppetmaster doesn''t know itself

 

Which command line? I''ve --cleaned the fqdn from puppetca... 

 

________________________________

From: puppet-users-bounces@madstop.com
[mailto:puppet-users-bounces@madstop.com] On Behalf Of Steven Nemetz
Sent: Wednesday, January 02, 2008 12:37 PM
To: Puppet User Discussion
Subject: Re: [Puppet-users] Puppetmaster doesn''t know itself

I''ve had that problem before. Try specifying the full server name on
the
command line.

 

Steven

 

________________________________

From: puppet-users-bounces@madstop.com
[mailto:puppet-users-bounces@madstop.com] On Behalf Of Eugene
Ventimiglia
Sent: Wednesday, January 02, 2008 9:30 AM
To: Puppet User Discussion
Subject: [Puppet-users] Puppetmaster doesn''t know itself

 

I restarted puppetmasterd and it announced that the Cert does not match
existing key !

 

[root@puppet ~]# puppetmasterd --verbose --no-daemonize
info: Starting server for Puppet version 0.24.1
info: mount[files]: allowing 10.100.0.0/16 access
info: mount[files]: allowing *.gridapp.com access
info: mount[files]: allowing *.dev.gridapp.com access
info: Retrieving existing certificate for puppet.dev.gridapp.com
Certificate does not match private key.  Try ''puppetca --clean
puppet.dev.gridapp.com'' on the server.

when I clean, it creates a new one and claims the same thing

 

[root@puppet ~]# puppetca --clean puppet.dev.gridapp.com
Removing /var/lib/puppet/ssl/ca/signed/puppet.dev.gridapp.com.pem
Removing /var/lib/puppet/ssl/public_keys/puppet.dev.gridapp.com.pem
Removing /var/lib/puppet/ssl/private_keys/puppet.dev.gridapp.com.pem

[root@puppet ~]# puppetmasterd --verbose --no-daemonize
info: Starting server for Puppet version 0.24.1
info: mount[files]: allowing 10.100.0.0/16 access
info: mount[files]: allowing *.gridapp.com access
info: mount[files]: allowing *.dev.gridapp.com access
info: authstore: defaulting to no access for puppet.dev.gridapp.com
info: Signing certificate for CA server
info: Signing certificate for puppet.dev.gridapp.com
info: Creating a new SSL key at
/var/lib/puppet/ssl/private_keys/puppet.dev.gridapp.com.pem
Certificate does not match private key.  Try ''puppetca --clean
puppet.dev.gridapp.com'' on the server.

 

Eugene Ventimiglia

Director of Systems

GridApp Systems

e: eventi@gridapp.com

o: 646 452 4081

 



_______________________________________________
Puppet-users mailing list
Puppet-users@madstop.com
https://mail.madstop.com/mailman/listinfo/puppet-users