Hi, I am using OS X 10.5.4 PPC Mac ruby version 1.8.6: bash-3.2# ruby --version ruby 1.8.6 (2008-03-03 patchlevel 114) [universal-darwin9.0] I have been trying to follow the InstallationGuide http://reductivelabs.com/trac/puppet/wiki/InstallationGuide after downloading and installing: facter-1.5.1.pkg.tar.gz -and- puppet-0.24.5.pkg.tar.gz I am having ssl certificate trouble. I am running everything as the puppet user with /etc/puppet and /var/ puppet ownerships set accordingly. please advise if this is incorrect assumption as I am not using the root user NOTE: This is the 1st time I have ever tried puppet, i am familiar with cfengine although it''s been a while..... I am just trying to get a single node working in minimal state configuration Running both puppetmasterd and puppetd in foreground debug/verbose mode: charles-scotts-power-mac-g5:log puppet$ puppetmasterd --debug -- verbose notice: Allowing unauthenticated client charles-scotts-power-mac- g5.local(192.168.1.100) access to puppetca.getcert info: Retrieving existing certificate for charles-scotts-power-mac- g5.local err: Certificate request does not match existing certificate; run ''puppetca --clean charles-scotts-power-mac-g5.local''. charles-scotts-power-mac-g5:log puppet$ puppetd --debug --server charles-scotts-power-mac-g5.local --waitforcert 60 --test --verbose warning: peer certificate won''t be verified in this SSL session /Library/Ruby/Site/1.8/puppet/network/client/ca.rb:31:in `request_cert'': Certificate retrieval failed: Certificate request does not match existing certificate; run ''puppetca --clean charles-scotts- power-mac-g5.local''. (Puppet::Error) from /usr/bin/puppetd:345 I keep getting this error: /Library/Ruby/Site/1.8/puppet/network/client/ca.rb:31:in `request_cert'': Certificate retrieval failed: Certificate request does not match existing certificate; run ''puppetca --clean charles-scotts- power-mac-g5.local''. (Puppet::Error) from /usr/bin/puppetd:345 openssl says that this certificate is valid: charles-scotts-power-mac-g5:puppet puppet$ openssl verify -CAfile /etc/ puppet/ssl/certs/ca.pem /etc/puppet/ssl/certs/charles-scotts-power-mac- g5.local.pem /etc/puppet/ssl/certs/charles-scotts-power-mac-g5.local.pem: OK I have reinstalled a few times with no difference, can you explain what''s going on? I have tried to execute the "clean" procedure from the error message however it does not seem to make any difference. Here is some directory info relating to how puppet was installed and the file listing for the ssl directory: charles-scotts-power-mac-g5:OSX chuck$ ls -ld /var/puppet drwxr-xr-x 10 puppet puppet 340 Sep 4 09:15 /var/puppet charles-scotts-power-mac-g5:OSX chuck$ ls -ld /etc/puppet drwxr-xr-x 5 puppet puppet 170 Sep 4 09:11 /etc/puppet bash-3.2# find /etc/puppet/ssl /etc/puppet/ssl /etc/puppet/ssl/ca /etc/puppet/ssl/ca/ca_crl.pem /etc/puppet/ssl/ca/ca_crt.pem /etc/puppet/ssl/ca/ca_key.pem /etc/puppet/ssl/ca/ca_pub.pem /etc/puppet/ssl/ca/inventory.txt /etc/puppet/ssl/ca/private /etc/puppet/ssl/ca/private/ca.pass /etc/puppet/ssl/ca/requests /etc/puppet/ssl/ca/serial /etc/puppet/ssl/ca/signed /etc/puppet/ssl/ca/signed/charles-scotts-power-mac-g5.local.pem /etc/puppet/ssl/certs /etc/puppet/ssl/certs/ca.pem /etc/puppet/ssl/certs/charles-scotts-power-mac-g5.local.pem /etc/puppet/ssl/csr_charles-scotts-power-mac-g5.local.pem /etc/puppet/ssl/private /etc/puppet/ssl/private_keys /etc/puppet/ssl/private_keys/charles-scotts-power-mac-g5.local.pem /etc/puppet/ssl/public_keys /etc/puppet/ssl/public_keys/charles-scotts-power-mac-g5.local.pem and the puppetmasterd running as the puppet user: puppet 46191 0.3 2.0 105984 31472 s001 S+ 9:15AM 0:07.26 /usr/bin/ruby /usr/bin/puppetmasterd --debug --verbose perhaps more information of interest, not sure if this is of any help: charles-scotts-power-mac-g5:~ puppet$ puppetca --list No certificates to sign Thanks in advance, Charles Scott --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Andrew Shafer
2008-Sep-04 18:01 UTC
[Puppet Users] Re: first time puppet install / cert trouble
Chuck, That message means you already have a signed cert for that host when the request is made. what is the output from: puppetmasterd --configprint ssldir and: puppetca --configprint ssldir I suspect they will be different. What about sudo puppetca --configprint ssldir? Try sudo puppetca --clean hostname On Thu, Sep 4, 2008 at 11:02 AM, Chuck <connaryscott@gmail.com> wrote:> > Hi, > I am using OS X 10.5.4 PPC Mac > > > ruby version 1.8.6: > > bash-3.2# ruby --version > ruby 1.8.6 (2008-03-03 patchlevel 114) [universal-darwin9.0] > > I have been trying to follow the InstallationGuide > http://reductivelabs.com/trac/puppet/wiki/InstallationGuide after > downloading and installing: > > facter-1.5.1.pkg.tar.gz > -and- > puppet-0.24.5.pkg.tar.gz > > I am having ssl certificate trouble. > > I am running everything as the puppet user with /etc/puppet and /var/ > puppet ownerships set accordingly. please advise if this is > incorrect assumption as I am not using the root user > > > > NOTE: This is the 1st time I have ever tried puppet, i am familiar > with cfengine although it''s been a while..... > I am just trying to get a single node working in minimal state > configuration > > Running both puppetmasterd and puppetd in foreground debug/verbose > mode: > > charles-scotts-power-mac-g5:log puppet$ puppetmasterd --debug -- > verbose > notice: Allowing unauthenticated client charles-scotts-power-mac- > g5.local(192.168.1.100) access to puppetca.getcert > info: Retrieving existing certificate for charles-scotts-power-mac- > g5.local > err: Certificate request does not match existing certificate; run > ''puppetca --clean charles-scotts-power-mac-g5.local''. > > > charles-scotts-power-mac-g5:log puppet$ puppetd --debug --server > charles-scotts-power-mac-g5.local --waitforcert 60 --test --verbose > warning: peer certificate won''t be verified in this SSL session > /Library/Ruby/Site/1.8/puppet/network/client/ca.rb:31:in > `request_cert'': Certificate retrieval failed: Certificate request does > not match existing certificate; run ''puppetca --clean charles-scotts- > power-mac-g5.local''. (Puppet::Error) > from /usr/bin/puppetd:345 > > I keep getting this error: > > /Library/Ruby/Site/1.8/puppet/network/client/ca.rb:31:in > `request_cert'': Certificate retrieval failed: Certificate request does > not match existing certificate; run ''puppetca --clean charles-scotts- > power-mac-g5.local''. (Puppet::Error) > from /usr/bin/puppetd:345 > > > openssl says that this certificate is valid: > > charles-scotts-power-mac-g5:puppet puppet$ openssl verify -CAfile /etc/ > puppet/ssl/certs/ca.pem /etc/puppet/ssl/certs/charles-scotts-power-mac- > g5.local.pem > /etc/puppet/ssl/certs/charles-scotts-power-mac-g5.local.pem: OK > > > > > I have reinstalled a few times with no difference, can you explain > what''s going on? > > I have tried to execute the "clean" procedure from the error message > however it does not seem to make any difference. > > Here is some directory info relating to how puppet was installed and > the file listing for the ssl directory: > > charles-scotts-power-mac-g5:OSX chuck$ ls -ld /var/puppet > drwxr-xr-x 10 puppet puppet 340 Sep 4 09:15 /var/puppet > > > charles-scotts-power-mac-g5:OSX chuck$ ls -ld /etc/puppet > drwxr-xr-x 5 puppet puppet 170 Sep 4 09:11 /etc/puppet > > > bash-3.2# find /etc/puppet/ssl > /etc/puppet/ssl > /etc/puppet/ssl/ca > /etc/puppet/ssl/ca/ca_crl.pem > /etc/puppet/ssl/ca/ca_crt.pem > /etc/puppet/ssl/ca/ca_key.pem > /etc/puppet/ssl/ca/ca_pub.pem > /etc/puppet/ssl/ca/inventory.txt > /etc/puppet/ssl/ca/private > /etc/puppet/ssl/ca/private/ca.pass > /etc/puppet/ssl/ca/requests > /etc/puppet/ssl/ca/serial > /etc/puppet/ssl/ca/signed > /etc/puppet/ssl/ca/signed/charles-scotts-power-mac-g5.local.pem > /etc/puppet/ssl/certs > /etc/puppet/ssl/certs/ca.pem > /etc/puppet/ssl/certs/charles-scotts-power-mac-g5.local.pem > /etc/puppet/ssl/csr_charles-scotts-power-mac-g5.local.pem > /etc/puppet/ssl/private > /etc/puppet/ssl/private_keys > /etc/puppet/ssl/private_keys/charles-scotts-power-mac-g5.local.pem > /etc/puppet/ssl/public_keys > /etc/puppet/ssl/public_keys/charles-scotts-power-mac-g5.local.pem > > > > > and the puppetmasterd running as the puppet user: > > puppet 46191 0.3 2.0 105984 31472 s001 S+ 9:15AM > 0:07.26 /usr/bin/ruby /usr/bin/puppetmasterd --debug --verbose > > > > perhaps more information of interest, not sure if this is of any help: > > charles-scotts-power-mac-g5:~ puppet$ puppetca --list > No certificates to sign > > > Thanks in advance, > > Charles Scott > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---