I don''t know why I am having such problems... Anyway... I added a new node to the mix... this being the first node that''s not also the puppetmaster. I see this in the log: Jun 6 14:15:22 lxp6d4m3 puppetmasterd[26987]: Listening on port 8140 Jun 6 14:15:22 lxp6d4m3 puppetmasterd[27011]: Reopening log files Jun 6 14:15:22 lxp6d4m3 puppetmasterd[27011]: Starting Puppet server version 0.24.4 Jun 6 14:15:50 lxp6d4m3 puppetmasterd[27011]: Allowing unauthenticated client lxp6d15m3.etrade.com(::ffff:10.50.52.24) access to puppetca.getcert Jun 6 14:15:50 lxp6d4m3 puppetmasterd[27011]: Host lxp6d15m3.etrade.com has a waiting certificate request So I go over to the puppetmaster and issue: [jleggett@lxp6d4m3 puppet]$ puppetca --list No certificates to sign [jleggett@lxp6d4m3 puppet]$ sudo puppetca --list No certificates to sign [jleggett@lxp6d4m3 puppet]$ sudo puppetca --sign lxp6d15m3.etrade.com No certificates to sign [jleggett@lxp6d4m3 puppet]$ WTF?! So I stop the puppetmaster daemon, and the client and move the ssl directory to a new name, then restart the puppetmaster as per the directions here: http://reductivelabs.com/trac/puppet/wiki/RegenerateSSL Still no go? What am I doing wrong? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Don''t know if this helps but I see: Jun 6 14:33:51 lxp6d4m3 puppetmasterd[27011]: Allowing unauthenticated client lxp6d15m3.etrade.com(::ffff:10.50.52.24) access to puppetca.getcert Jun 6 14:33:51 lxp6d4m3 puppetmasterd[27011]: Not replacing existing request from lxp6d15m3.etrade.com over and over in the log now too. On Jun 6, 2:20 pm, Jeff Leggett <jeffrey.legg...@etrade.com> wrote:> I don''t know why I am having such problems... Anyway... I added a new > node to the mix... this being the first node that''s not also the > puppetmaster. I see this in the log: > > Jun 6 14:15:22 lxp6d4m3 puppetmasterd[26987]: Listening on port 8140 > Jun 6 14:15:22 lxp6d4m3 puppetmasterd[27011]: Reopening log files > Jun 6 14:15:22 lxp6d4m3 puppetmasterd[27011]: Starting Puppet server > version 0.24.4 > Jun 6 14:15:50 lxp6d4m3 puppetmasterd[27011]: Allowing > unauthenticated client lxp6d15m3.etrade.com(::ffff:10.50.52.24) access > to puppetca.getcert > Jun 6 14:15:50 lxp6d4m3 puppetmasterd[27011]: Host > lxp6d15m3.etrade.com has a waiting certificate request > > So I go over to the puppetmaster and issue: > > [jleggett@lxp6d4m3 puppet]$ puppetca --list > No certificates to sign > [jleggett@lxp6d4m3 puppet]$ sudo puppetca --list > No certificates to sign > [jleggett@lxp6d4m3 puppet]$ sudo puppetca --sign lxp6d15m3.etrade.com > No certificates to sign > [jleggett@lxp6d4m3 puppet]$ > > WTF?! > > So I stop the puppetmaster daemon, and the client and move the ssl > directory to a new name, then restart the puppetmaster as per the > directions here: http://reductivelabs.com/trac/puppet/wiki/RegenerateSSL > > Still no go? What am I doing wrong?--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
anyone? Am I being stupid and just missing something obvious? On Jun 6, 2:37 pm, Jeff Leggett <jeffrey.legg...@etrade.com> wrote:> Don''t know if this helps but I see: > > Jun 6 14:33:51 lxp6d4m3 puppetmasterd[27011]: Allowing > unauthenticated client lxp6d15m3.etrade.com(::ffff:10.50.52.24) access > to puppetca.getcert > Jun 6 14:33:51 lxp6d4m3 puppetmasterd[27011]: Not replacing existing > request from lxp6d15m3.etrade.com > > over and over in the log now too. > > On Jun 6, 2:20 pm, Jeff Leggett <jeffrey.legg...@etrade.com> wrote: > > > I don''t know why I am having such problems... Anyway... I added a new > > node to the mix... this being the first node that''s not also the > > puppetmaster. I see this in the log: > > > Jun 6 14:15:22 lxp6d4m3 puppetmasterd[26987]: Listening on port 8140 > > Jun 6 14:15:22 lxp6d4m3 puppetmasterd[27011]: Reopening log files > > Jun 6 14:15:22 lxp6d4m3 puppetmasterd[27011]: Starting Puppet server > > version 0.24.4 > > Jun 6 14:15:50 lxp6d4m3 puppetmasterd[27011]: Allowing > > unauthenticated client lxp6d15m3.etrade.com(::ffff:10.50.52.24) access > > to puppetca.getcert > > Jun 6 14:15:50 lxp6d4m3 puppetmasterd[27011]: Host > > lxp6d15m3.etrade.com has a waiting certificate request > > > So I go over to the puppetmaster and issue: > > > [jleggett@lxp6d4m3 puppet]$ puppetca --list > > No certificates to sign > > [jleggett@lxp6d4m3 puppet]$ sudo puppetca --list > > No certificates to sign > > [jleggett@lxp6d4m3 puppet]$ sudo puppetca --sign lxp6d15m3.etrade.com > > No certificates to sign > > [jleggett@lxp6d4m3 puppet]$ > > > WTF?! > > > So I stop the puppetmaster daemon, and the client and move the ssl > > directory to a new name, then restart the puppetmaster as per the > > directions here: http://reductivelabs.com/trac/puppet/wiki/RegenerateSSL > > > Still no go? What am I doing wrong?--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Run ''puppetca --sign <hostname>'', or ''puppetca --clean <hostname>'', on the server. You''ve got an old certificate request on the server and you need to sign it. On Jun 6, 2008, at 10:46 PM, Jeff Leggett wrote:> > anyone? Am I being stupid and just missing something obvious? > > On Jun 6, 2:37 pm, Jeff Leggett <jeffrey.legg...@etrade.com> wrote: >> Don''t know if this helps but I see: >> >> Jun 6 14:33:51 lxp6d4m3 puppetmasterd[27011]: Allowing >> unauthenticated client lxp6d15m3.etrade.com(::ffff:10.50.52.24) >> access >> to puppetca.getcert >> Jun 6 14:33:51 lxp6d4m3 puppetmasterd[27011]: Not replacing existing >> request from lxp6d15m3.etrade.com >> >> over and over in the log now too. >> >> On Jun 6, 2:20 pm, Jeff Leggett <jeffrey.legg...@etrade.com> wrote: >> >>> I don''t know why I am having such problems... Anyway... I added a >>> new >>> node to the mix... this being the first node that''s not also the >>> puppetmaster. I see this in the log: >> >>> Jun 6 14:15:22 lxp6d4m3 puppetmasterd[26987]: Listening on port >>> 8140 >>> Jun 6 14:15:22 lxp6d4m3 puppetmasterd[27011]: Reopening log files >>> Jun 6 14:15:22 lxp6d4m3 puppetmasterd[27011]: Starting Puppet >>> server >>> version 0.24.4 >>> Jun 6 14:15:50 lxp6d4m3 puppetmasterd[27011]: Allowing >>> unauthenticated client lxp6d15m3.etrade.com(::ffff:10.50.52.24) >>> access >>> to puppetca.getcert >>> Jun 6 14:15:50 lxp6d4m3 puppetmasterd[27011]: Host >>> lxp6d15m3.etrade.com has a waiting certificate request >> >>> So I go over to the puppetmaster and issue: >> >>> [jleggett@lxp6d4m3 puppet]$ puppetca --list >>> No certificates to sign >>> [jleggett@lxp6d4m3 puppet]$ sudo puppetca --list >>> No certificates to sign >>> [jleggett@lxp6d4m3 puppet]$ sudo puppetca --sign >>> lxp6d15m3.etrade.com >>> No certificates to sign >>> [jleggett@lxp6d4m3 puppet]$ >> >>> WTF?! >> >>> So I stop the puppetmaster daemon, and the client and move the ssl >>> directory to a new name, then restart the puppetmaster as per the >>> directions here: http://reductivelabs.com/trac/puppet/wiki/RegenerateSSL >> >>> Still no go? What am I doing wrong? > >-- It has recently been discovered that research causes cancer in labratory rats. --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
[jleggett@lxp6d4m3 ~]$ puppetca --clean lxp6d15m3.etrade.com Removing /etrade/home/jleggett/.puppet/ssl/ca/signed/ lxp6d15m3.etrade.com.pem Removing /etrade/home/jleggett/.puppet/ssl/private_keys/ lxp6d15m3.etrade.com.pem Removing /etrade/home/jleggett/.puppet/ssl/certs/ lxp6d15m3.etrade.com.pem [jleggett@lxp6d4m3 ~]$ puppetca --sign lxp6d15m3.etrade.com No certificates to sign [jleggett@lxp6d4m3 ~]$ ? On Jun 7, 2:30 am, Luke Kanies <l...@madstop.com> wrote:> Run ''puppetca --sign <hostname>'', or ''puppetca --clean <hostname>'', on > the server. > > You''ve got an old certificate request on the server and you need to > sign it. > > On Jun 6, 2008, at 10:46 PM, Jeff Leggett wrote: > > > > > > > anyone? Am I being stupid and just missing something obvious? > > > On Jun 6, 2:37 pm, Jeff Leggett <jeffrey.legg...@etrade.com> wrote: > >> Don''t know if this helps but I see: > > >> Jun 6 14:33:51 lxp6d4m3 puppetmasterd[27011]: Allowing > >> unauthenticated client lxp6d15m3.etrade.com(::ffff:10.50.52.24) > >> access > >> to puppetca.getcert > >> Jun 6 14:33:51 lxp6d4m3 puppetmasterd[27011]: Not replacing existing > >> request from lxp6d15m3.etrade.com > > >> over and over in the log now too. > > >> On Jun 6, 2:20 pm, Jeff Leggett <jeffrey.legg...@etrade.com> wrote: > > >>> I don''t know why I am having such problems... Anyway... I added a > >>> new > >>> node to the mix... this being the first node that''s not also the > >>> puppetmaster. I see this in the log: > > >>> Jun 6 14:15:22 lxp6d4m3 puppetmasterd[26987]: Listening on port > >>> 8140 > >>> Jun 6 14:15:22 lxp6d4m3 puppetmasterd[27011]: Reopening log files > >>> Jun 6 14:15:22 lxp6d4m3 puppetmasterd[27011]: Starting Puppet > >>> server > >>> version 0.24.4 > >>> Jun 6 14:15:50 lxp6d4m3 puppetmasterd[27011]: Allowing > >>> unauthenticated client lxp6d15m3.etrade.com(::ffff:10.50.52.24) > >>> access > >>> to puppetca.getcert > >>> Jun 6 14:15:50 lxp6d4m3 puppetmasterd[27011]: Host > >>> lxp6d15m3.etrade.com has a waiting certificate request > > >>> So I go over to the puppetmaster and issue: > > >>> [jleggett@lxp6d4m3 puppet]$ puppetca --list > >>> No certificates to sign > >>> [jleggett@lxp6d4m3 puppet]$ sudo puppetca --list > >>> No certificates to sign > >>> [jleggett@lxp6d4m3 puppet]$ sudo puppetca --sign > >>> lxp6d15m3.etrade.com > >>> No certificates to sign > >>> [jleggett@lxp6d4m3 puppet]$ > > >>> WTF?! > > >>> So I stop the puppetmaster daemon, and the client and move the ssl > >>> directory to a new name, then restart the puppetmaster as per the > >>> directions here: http://reductivelabs.com/trac/puppet/wiki/RegenerateSSL > > >>> Still no go? What am I doing wrong? > > -- > It has recently been discovered that research causes cancer in > labratory rats. > --------------------------------------------------------------------- > Luke Kanies |http://reductivelabs.com|http://madstop.com--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
NOw this is weird: I had to add the --confdir to the puppetca cmd line: [jleggett@lxp6d4m3 requests]$ puppetca --sign lxp6d15m3.etrade.com -- confdir /opt/etrade/p6/puppet/ Signed lxp6d15m3.etrade.com [jleggett@lxp6d4m3 requests]$ On Jun 7, 3:17 am, Jeff Leggett <jeffrey.legg...@etrade.com> wrote:> [jleggett@lxp6d4m3 ~]$ puppetca --clean lxp6d15m3.etrade.com > Removing /etrade/home/jleggett/.puppet/ssl/ca/signed/ > lxp6d15m3.etrade.com.pem > Removing /etrade/home/jleggett/.puppet/ssl/private_keys/ > lxp6d15m3.etrade.com.pem > Removing /etrade/home/jleggett/.puppet/ssl/certs/ > lxp6d15m3.etrade.com.pem > [jleggett@lxp6d4m3 ~]$ puppetca --sign lxp6d15m3.etrade.com > No certificates to sign > [jleggett@lxp6d4m3 ~]$ > > ? > > On Jun 7, 2:30 am, Luke Kanies <l...@madstop.com> wrote: > > > Run ''puppetca --sign <hostname>'', or ''puppetca --clean <hostname>'', on > > the server. > > > You''ve got an old certificate request on the server and you need to > > sign it. > > > On Jun 6, 2008, at 10:46 PM, Jeff Leggett wrote: > > > > anyone? Am I being stupid and just missing something obvious? > > > > On Jun 6, 2:37 pm, Jeff Leggett <jeffrey.legg...@etrade.com> wrote: > > >> Don''t know if this helps but I see: > > > >> Jun 6 14:33:51 lxp6d4m3 puppetmasterd[27011]: Allowing > > >> unauthenticated client lxp6d15m3.etrade.com(::ffff:10.50.52.24) > > >> access > > >> to puppetca.getcert > > >> Jun 6 14:33:51 lxp6d4m3 puppetmasterd[27011]: Not replacing existing > > >> request from lxp6d15m3.etrade.com > > > >> over and over in the log now too. > > > >> On Jun 6, 2:20 pm, Jeff Leggett <jeffrey.legg...@etrade.com> wrote: > > > >>> I don''t know why I am having such problems... Anyway... I added a > > >>> new > > >>> node to the mix... this being the first node that''s not also the > > >>> puppetmaster. I see this in the log: > > > >>> Jun 6 14:15:22 lxp6d4m3 puppetmasterd[26987]: Listening on port > > >>> 8140 > > >>> Jun 6 14:15:22 lxp6d4m3 puppetmasterd[27011]: Reopening log files > > >>> Jun 6 14:15:22 lxp6d4m3 puppetmasterd[27011]: Starting Puppet > > >>> server > > >>> version 0.24.4 > > >>> Jun 6 14:15:50 lxp6d4m3 puppetmasterd[27011]: Allowing > > >>> unauthenticated client lxp6d15m3.etrade.com(::ffff:10.50.52.24) > > >>> access > > >>> to puppetca.getcert > > >>> Jun 6 14:15:50 lxp6d4m3 puppetmasterd[27011]: Host > > >>> lxp6d15m3.etrade.com has a waiting certificate request > > > >>> So I go over to the puppetmaster and issue: > > > >>> [jleggett@lxp6d4m3 puppet]$ puppetca --list > > >>> No certificates to sign > > >>> [jleggett@lxp6d4m3 puppet]$ sudo puppetca --list > > >>> No certificates to sign > > >>> [jleggett@lxp6d4m3 puppet]$ sudo puppetca --sign > > >>> lxp6d15m3.etrade.com > > >>> No certificates to sign > > >>> [jleggett@lxp6d4m3 puppet]$ > > > >>> WTF?! > > > >>> So I stop the puppetmaster daemon, and the client and move the ssl > > >>> directory to a new name, then restart the puppetmaster as per the > > >>> directions here: http://reductivelabs.com/trac/puppet/wiki/RegenerateSSL > > > >>> Still no go? What am I doing wrong? > > > -- > > It has recently been discovered that research causes cancer in > > labratory rats. > > --------------------------------------------------------------------- > > Luke Kanies |http://reductivelabs.com|http://madstop.com--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Jeff Leggett schrieb:> NOw this is weird: I had to add the --confdir to the puppetca cmd > line: > > [jleggett@lxp6d4m3 requests]$ puppetca --sign lxp6d15m3.etrade.com -- > confdir /opt/etrade/p6/puppet/ > Signed lxp6d15m3.etrade.com > [jleggett@lxp6d4m3 requests]$ > > > On Jun 7, 3:17 am, Jeff Leggett <jeffrey.legg...@etrade.com> wrote: >> [jleggett@lxp6d4m3 ~]$ puppetca --clean lxp6d15m3.etrade.com >> Removing /etrade/home/jleggett/.puppet/ssl/ca/signed/ >> lxp6d15m3.etrade.com.pem >> Removing /etrade/home/jleggett/.puppet/ssl/private_keys/ >> lxp6d15m3.etrade.com.pem >> Removing /etrade/home/jleggett/.puppet/ssl/certs/ >> lxp6d15m3.etrade.com.pem >> [jleggett@lxp6d4m3 ~]$ puppetca --sign lxp6d15m3.etrade.com >> No certificates to sign >> [jleggett@lxp6d4m3 ~]$Yeah all the puppet tools behave differently when run as root (System-Mode) vs. when run as User (User-Mode). I''m quite amazed that your jleggett user has sufficient privileges to write into puppet''s $ssldir. Regards, DavidS>> ? >> >> On Jun 7, 2:30 am, Luke Kanies <l...@madstop.com> wrote: >> >>> Run ''puppetca --sign <hostname>'', or ''puppetca --clean <hostname>'', on >>> the server. >>> You''ve got an old certificate request on the server and you need to >>> sign it. >>> On Jun 6, 2008, at 10:46 PM, Jeff Leggett wrote: >>>> anyone? Am I being stupid and just missing something obvious? >>>> On Jun 6, 2:37 pm, Jeff Leggett <jeffrey.legg...@etrade.com> wrote: >>>>> Don''t know if this helps but I see: >>>>> Jun 6 14:33:51 lxp6d4m3 puppetmasterd[27011]: Allowing >>>>> unauthenticated client lxp6d15m3.etrade.com(::ffff:10.50.52.24) >>>>> access >>>>> to puppetca.getcert >>>>> Jun 6 14:33:51 lxp6d4m3 puppetmasterd[27011]: Not replacing existing >>>>> request from lxp6d15m3.etrade.com >>>>> over and over in the log now too. >>>>> On Jun 6, 2:20 pm, Jeff Leggett <jeffrey.legg...@etrade.com> wrote: >>>>>> I don''t know why I am having such problems... Anyway... I added a >>>>>> new >>>>>> node to the mix... this being the first node that''s not also the >>>>>> puppetmaster. I see this in the log: >>>>>> Jun 6 14:15:22 lxp6d4m3 puppetmasterd[26987]: Listening on port >>>>>> 8140 >>>>>> Jun 6 14:15:22 lxp6d4m3 puppetmasterd[27011]: Reopening log files >>>>>> Jun 6 14:15:22 lxp6d4m3 puppetmasterd[27011]: Starting Puppet >>>>>> server >>>>>> version 0.24.4 >>>>>> Jun 6 14:15:50 lxp6d4m3 puppetmasterd[27011]: Allowing >>>>>> unauthenticated client lxp6d15m3.etrade.com(::ffff:10.50.52.24) >>>>>> access >>>>>> to puppetca.getcert >>>>>> Jun 6 14:15:50 lxp6d4m3 puppetmasterd[27011]: Host >>>>>> lxp6d15m3.etrade.com has a waiting certificate request >>>>>> So I go over to the puppetmaster and issue: >>>>>> [jleggett@lxp6d4m3 puppet]$ puppetca --list >>>>>> No certificates to sign >>>>>> [jleggett@lxp6d4m3 puppet]$ sudo puppetca --list >>>>>> No certificates to sign >>>>>> [jleggett@lxp6d4m3 puppet]$ sudo puppetca --sign >>>>>> lxp6d15m3.etrade.com >>>>>> No certificates to sign >>>>>> [jleggett@lxp6d4m3 puppet]$ >>>>>> WTF?! >>>>>> So I stop the puppetmaster daemon, and the client and move the ssl >>>>>> directory to a new name, then restart the puppetmaster as per the >>>>>> directions here: http://reductivelabs.com/trac/puppet/wiki/RegenerateSSL >>>>>> Still no go? What am I doing wrong? >>> -- >>> It has recently been discovered that research causes cancer in >>> labratory rats. >>> --------------------------------------------------------------------- >>> Luke Kanies |http://reductivelabs.com|http://madstop.com > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
You made me curious enought to look - here''s why: drwxrwx--x 7 root etrade 4096 Jun 6 14:15 ssl I am in the etrade group, so had permission.. I will need to delve into that a lot further before any kind of prd roll. On Jun 8, 4:48 am, David Schmitt <da...@schmitt.edv-bus.at> wrote:> Jeff Leggett schrieb: > > > > > NOw this is weird: I had to add the --confdir to the puppetca cmd > > line: > > > [jleggett@lxp6d4m3 requests]$ puppetca --sign lxp6d15m3.etrade.com -- > > confdir /opt/etrade/p6/puppet/ > > Signed lxp6d15m3.etrade.com > > [jleggett@lxp6d4m3 requests]$ > > > On Jun 7, 3:17 am, Jeff Leggett <jeffrey.legg...@etrade.com> wrote: > >> [jleggett@lxp6d4m3 ~]$ puppetca --clean lxp6d15m3.etrade.com > >> Removing /etrade/home/jleggett/.puppet/ssl/ca/signed/ > >> lxp6d15m3.etrade.com.pem > >> Removing /etrade/home/jleggett/.puppet/ssl/private_keys/ > >> lxp6d15m3.etrade.com.pem > >> Removing /etrade/home/jleggett/.puppet/ssl/certs/ > >> lxp6d15m3.etrade.com.pem > >> [jleggett@lxp6d4m3 ~]$ puppetca --sign lxp6d15m3.etrade.com > >> No certificates to sign > >> [jleggett@lxp6d4m3 ~]$ > > Yeah all the puppet tools behave differently when run as root > (System-Mode) vs. when run as User (User-Mode). I''m quite amazed that > your jleggett user has sufficient privileges to write into puppet''s > $ssldir. > > Regards, DavidS > > >> ? > > >> On Jun 7, 2:30 am, Luke Kanies <l...@madstop.com> wrote: > > >>> Run ''puppetca --sign <hostname>'', or ''puppetca --clean <hostname>'', on > >>> the server. > >>> You''ve got an old certificate request on the server and you need to > >>> sign it. > >>> On Jun 6, 2008, at 10:46 PM, Jeff Leggett wrote: > >>>> anyone? Am I being stupid and just missing something obvious? > >>>> On Jun 6, 2:37 pm, Jeff Leggett <jeffrey.legg...@etrade.com> wrote: > >>>>> Don''t know if this helps but I see: > >>>>> Jun 6 14:33:51 lxp6d4m3 puppetmasterd[27011]: Allowing > >>>>> unauthenticated client lxp6d15m3.etrade.com(::ffff:10.50.52.24) > >>>>> access > >>>>> to puppetca.getcert > >>>>> Jun 6 14:33:51 lxp6d4m3 puppetmasterd[27011]: Not replacing existing > >>>>> request from lxp6d15m3.etrade.com > >>>>> over and over in the log now too. > >>>>> On Jun 6, 2:20 pm, Jeff Leggett <jeffrey.legg...@etrade.com> wrote: > >>>>>> I don''t know why I am having such problems... Anyway... I added a > >>>>>> new > >>>>>> node to the mix... this being the first node that''s not also the > >>>>>> puppetmaster. I see this in the log: > >>>>>> Jun 6 14:15:22 lxp6d4m3 puppetmasterd[26987]: Listening on port > >>>>>> 8140 > >>>>>> Jun 6 14:15:22 lxp6d4m3 puppetmasterd[27011]: Reopening log files > >>>>>> Jun 6 14:15:22 lxp6d4m3 puppetmasterd[27011]: Starting Puppet > >>>>>> server > >>>>>> version 0.24.4 > >>>>>> Jun 6 14:15:50 lxp6d4m3 puppetmasterd[27011]: Allowing > >>>>>> unauthenticated client lxp6d15m3.etrade.com(::ffff:10.50.52.24) > >>>>>> access > >>>>>> to puppetca.getcert > >>>>>> Jun 6 14:15:50 lxp6d4m3 puppetmasterd[27011]: Host > >>>>>> lxp6d15m3.etrade.com has a waiting certificate request > >>>>>> So I go over to the puppetmaster and issue: > >>>>>> [jleggett@lxp6d4m3 puppet]$ puppetca --list > >>>>>> No certificates to sign > >>>>>> [jleggett@lxp6d4m3 puppet]$ sudo puppetca --list > >>>>>> No certificates to sign > >>>>>> [jleggett@lxp6d4m3 puppet]$ sudo puppetca --sign > >>>>>> lxp6d15m3.etrade.com > >>>>>> No certificates to sign > >>>>>> [jleggett@lxp6d4m3 puppet]$ > >>>>>> WTF?! > >>>>>> So I stop the puppetmaster daemon, and the client and move the ssl > >>>>>> directory to a new name, then restart the puppetmaster as per the > >>>>>> directions here: http://reductivelabs.com/trac/puppet/wiki/RegenerateSSL > >>>>>> Still no go? What am I doing wrong? > >>> -- > >>> It has recently been discovered that research causes cancer in > >>> labratory rats. > >>> --------------------------------------------------------------------- > >>> Luke Kanies |http://reductivelabs.com|http://madstop.com--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---