# puppetd --test warning: peer certificate won''t be verified in this SSL session. info: Creating a new certificate request for asmc2n1.dev.gridapp.com info: Creating a new SSL key at /var/lib/puppet/ssl/private_keys/asmc2n1.dev.gridapp.com.pem /usr/lib64/site_ruby/1.8/puppet/network/client/ca.rb:31:in `request_cert'': Certificate retrieval failed: Permission denied - /var/lib/puppet/ssl/ca/serial (Puppet::Error) from /usr/sbin/puppetd:346 And how can I be rid of it? Eugene Ventimiglia Director of Systems GridApp Systems e: eventi@gridapp.com o: 646 452 4081 _______________________________________________ Puppet-users mailing list Puppet-users@madstop.com https://mail.madstop.com/mailman/listinfo/puppet-users
It means that either puppet or puppetmaster does not have permission to /var/lib/puppet/ssl/ca/serial. I would guess this is likely on the puppetmaster side, so make sure that the directory exists and the puppetmaster user has permission to read/write this directory or change the location of the ca certs in the puppet configs. Others may have more incite. Thanks Brian On 1/29/08, Eugene Ventimiglia <eventi@gridapp.com> wrote:> > # puppetd --test > warning: peer certificate won''t be verified in this SSL session. > info: Creating a new certificate request for asmc2n1.dev.gridapp.com > info: Creating a new SSL key at > /var/lib/puppet/ssl/private_keys/asmc2n1.dev.gridapp.com.pem > /usr/lib64/site_ruby/1.8/puppet/network/client/ca.rb:31:in `request_cert'': > Certificate retrieval failed: Permission denied - > /var/lib/puppet/ssl/ca/serial (Puppet::Error) > from /usr/sbin/puppetd:346 > And how can I be rid of it? > > Eugene Ventimiglia > Director of Systems > GridApp Systems > e: eventi@gridapp.com > o: 646 452 4081 > > > _______________________________________________ > Puppet-users mailing list > Puppet-users@madstop.com > https://mail.madstop.com/mailman/listinfo/puppet-users > >_______________________________________________ Puppet-users mailing list Puppet-users@madstop.com https://mail.madstop.com/mailman/listinfo/puppet-users
On Jan 30, 2008, at 9:04 AM, Eugene Ventimiglia wrote:> # puppetd --test > warning: peer certificate won''t be verified in this SSL session. > info: Creating a new certificate request for asmc2n1.dev.gridapp.com > info: Creating a new SSL key at /var/lib/puppet/ssl/private_keys/ > asmc2n1.dev.gridapp.com.pem > /usr/lib64/site_ruby/1.8/puppet/network/client/ca.rb:31:in > `request_cert'': Certificate retrieval failed: Permission denied - / > var/lib/puppet/ssl/ca/serial (Puppet::Error) > from /usr/sbin/puppetd:346 > And how can I be rid of it?It means that your server is running as a user who doesn''t have the right to modify that file. You can fix it by chowning the file. I recently ran into this problem too, and I don''t really understand why it''s cropping up, since I''m specifically managing the ownership of that file. -- He played the king as if afraid someone else would play the ace. --John Mason Brown --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com
On Wed, Jan 30, 2008 at 10:41:20AM +1100, Luke Kanies wrote:> I recently ran into this problem too, and I don''t really understand > why it''s cropping up, since I''m specifically managing the ownership of > that file.Another /me too here: I had the same problem, but with puppetmaster complaining about not being able to chown... It seems to happen when you run a 0.24 puppetd and puppetmaster side by side on the same ssl directory. Didn''t have this problem in 0.23 IIRC... A. -- Wherever they''s a fight so hungry people can eat, I''ll be there. Wherever they''s a cop beatin'' up a guy, I''ll be there. If Casy knowed, why, I''ll be in the way guys yell when they''re mad an'' I''ll be in the way kids laugh when they''re hungry an'' they know supper''s ready. An'' when our folks eat the stuff they raise an'' live in the house they build, why I''ll be there. - John Steinbeck, The Grapes of Wrath _______________________________________________ Puppet-users mailing list Puppet-users@madstop.com https://mail.madstop.com/mailman/listinfo/puppet-users