I''m using the standard webrick server with puppet, and I just started getting this today (for no apparent reason). info: Loading fact custom_facts info: Retrieving plugins err: /File[/var/puppet/lib]: Failed to generate additional resources during transaction: Certificates were not trusted: tlsv1 alert decrypt error err: /File[/var/puppet/lib]: Failed to retrieve current state of resource: Certificates were not trusted: tlsv1 alert decrypt error Could not describe /plugins: Certificates were not trusted: tlsv1 alert decrypt error info: Loading fact custom_facts err: Could not retrieve catalog: Certificates were not trusted: tlsv1 alert decrypt error warning: Not using cache on failed catalog I''ve deleted my certificate, regenerated it, resigned it, and then this error message came again. Anybody run into this or have any clues what to look for? Thanks, Tim --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
2008/12/31 Tim Harper <timcharper@gmail.com>> I''m using the standard webrick server with puppet, and I just started > getting this today (for no apparent reason). > > info: Loading fact custom_facts > info: Retrieving plugins > err: /File[/var/puppet/lib]: Failed to generate additional resources during > transaction: Certificates were not trusted: tlsv1 alert decrypt error > err: /File[/var/puppet/lib]: Failed to retrieve current state of resource: > Certificates were not trusted: tlsv1 alert decrypt error Could not describe > /plugins: Certificates were not trusted: tlsv1 alert decrypt error > info: Loading fact custom_facts > err: Could not retrieve catalog: Certificates were not trusted: tlsv1 alert > decrypt error > warning: Not using cache on failed catalog > > > I''ve deleted my certificate, regenerated it, resigned it, and then this > error message came again. Anybody run into this or have any clues what to > look for? > > Thanks, > > Tim >What do the puppet client and puppet server think the time is? .r'' --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
That''s an interesting idea: the client and the server are on the same machine.<br><br><div>I wiped out the /var/puppet/ssl directory and /var/puppet, and regenerated the cert from scratch. Still the same error :(</div><div><br></div><div>Tim</div><div><br><div class="gmail_quote">On Wed, Dec 31, 2008 at 12:05 PM, RijilV <span dir="ltr"><rijilv@riji.lv></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><br><br><div class="gmail_quote">2008/12/31 Tim Harper <span dir="ltr"><<a href="mailto:timcharper@gmail.com" target="_blank">timcharper@gmail.com</a>></span><div><div></div><div class="Wj3C7c"><br><blockquote class="gmail_quote" style="border-left:1px solid rgb(204, 204, 204);margin:0pt 0pt 0pt 0.8ex;padding-left:1ex"> <div>I''m using the standard webrick server with puppet, and I just started getting this today (for no apparent reason).</div><div><br></div><div>info: Loading fact custom_facts</div><div>info: Retrieving plugins</div> <div> err: /File[/var/puppet/lib]: Failed to generate additional resources during transaction: Certificates were not trusted: tlsv1 alert decrypt error</div><div>err: /File[/var/puppet/lib]: Failed to retrieve current state of resource: Certificates were not trusted: tlsv1 alert decrypt error Could not describe /plugins: Certificates were not trusted: tlsv1 alert decrypt error</di --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
<span class="Apple-style-span" style="border-collapse: collapse; "><div>GMAIL is driving me crazy... i have no idea why it started to mess up like this.</div><div><br></div>That''s an interesting idea: the client and the server are on the same<br>machine.</span><div><span class="Apple-style-span" style="border-collapse: collapse;"><br></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; ">I wiped out the /var/puppet/ssl directory and<br>/var/puppet, and regenerated the cert from scratch. Still the same<br>error :(</span><br><br><div class="gmail_quote">On Wed, Dec 31, 2008 at 12:07 PM, Tim Harper <span dir="ltr"><timcharper@gmail.com></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">That''s an interesting idea: the client and the server are on the same<br> machine.<br><br><div>I wiped out the /var/puppet/ssl directory and<br> /var/puppet, and regenerated the cert from scratch. Still the same<br> error :(</div><div><br></div><div><wbr>Tim</div><div><br><div<br> class="gmail_quote">On Wed, Dec 31, 2008 at 12:05 PM, RijilV <span<br> dir="ltr">&<a href="mailto:lt%3Brijilv@riji.lv">lt;rijilv@riji.lv</a>><<wbr>/span> wrote:<br><blockquote<br> class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc<br> solid;padding-left: --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
GMAIL is driving me crazy... i have no idea why it started to mess up like this. That''s an interesting idea: the client and the server are on the same machine. I wiped out the /var/puppet/ssl directory and /var/puppet, and regenerated the cert from scratch. Still the same error :( On Wed, Dec 31, 2008 at 12:26 PM, Tim Harper <timcharper@gmail.com> wrote:> > <span class="Apple-style-span" style="border-collapse: collapse; > "><div>GMAIL is driving me crazy... i have no idea why it started to > mess up like this.</div><div><br></div>That''s an interesting idea: the > client and the server are on the same<br>machine.</span><div><span > class="Apple-style-span" style="border-collapse: > collapse;"><br></span></div><div><span class="Apple-style-span" > style="border-collapse: collapse; ">I wiped out the /var/puppet/ssl > directory and<br>/var/puppet, and regenerated the cert from scratch. > Still the same<br>error :(</span><br><br><div class="gmail_quote">On > Wed, Dec 31, 2008 at 12:07 PM, Tim Harper <span > dir="ltr"><timcharper@gmail.com></span> wrote:<br><blockquote > class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc > solid;padding-left:1ex;">That''s an interesting idea: the client and > the server are on the same<br> > machine.<br><br><div>I wiped out the /var/puppet/ssl directory and<br> > /var/puppet, and regenerated the cert from scratch. Still the same<br>> error :(</div><div><br></div><div><wbr>Tim</div><div><br><div<br> > class="gmail_quote">On Wed, Dec 31, 2008 at 12:05 PM, RijilV <span<br> > dir="ltr">&<a > href="mailto:lt%3Brijilv@riji.lv">lt;rijilv@riji.lv</a>><<wbr>/span> > wrote:<br><blockquote<br> > class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc<br> > solid;padding-left:--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
It also may be noteworthy to mention that I''m using the same cert for more than one machine. It looks like this may be what''s messing things up. I was hoping to have a way to automatically connect a new machine to puppet with out having to pair a new cert. I guess I''m wrong in my approach. Tim On Wed, Dec 31, 2008 at 12:27 PM, Tim Harper <timcharper@gmail.com> wrote:> GMAIL is driving me crazy... i have no idea why it started to > mess up like this. > > That''s an interesting idea: the client and the server are on the same machine. > > I wiped out the /var/puppet/ssl directory and /var/puppet, and > regenerated the cert from scratch. Still the same error :( > > On Wed, Dec 31, 2008 at 12:26 PM, Tim Harper <timcharper@gmail.com> wrote: >> >> <span class="Apple-style-span" style="border-collapse: collapse; >> "><div>GMAIL is driving me crazy... i have no idea why it started to >> mess up like this.</div><div><br></div>That''s an interesting idea: the >> client and the server are on the same<br>machine.</span><div><span >> class="Apple-style-span" style="border-collapse: >> collapse;"><br></span></div><div><span class="Apple-style-span" >> style="border-collapse: collapse; ">I wiped out the /var/puppet/ssl >> directory and<br>/var/puppet, and regenerated the cert from scratch. >> Still the same<br>error :(</span><br><br><div class="gmail_quote">On >> Wed, Dec 31, 2008 at 12:07 PM, Tim Harper <span>> dir="ltr"><timcharper@gmail.com></span> wrote:<br><blockquote >> class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc >> solid;padding-left:1ex;">That''s an interesting idea: the client and >> the server are on the same<br> >> machine.<br><br><div>I wiped out the /var/puppet/ssl directory and<br> >> /var/puppet, and regenerated the cert f > rom scratch. Still the same<br> >> error :(</div><div><br></div><div><wbr>Tim</div><div><br><div<br> >> class="gmail_quote">On Wed, Dec 31, 2008 at 12:05 PM, RijilV <span<br> >> dir="ltr">&<a >> href="mailto:lt%3Brijilv@riji.lv">lt;rijilv@riji.lv</a>><<wbr>/span> >> wrote:<br><blockquote<br> >> class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc<br> >> solid;padding-left: >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
I found the issue: my mass propagation script was blowing away the server cert information when deploying the client certs to the machines. Making me feel really, really silly, and wishing I had the last 2 hours back. Tim On Wed, Dec 31, 2008 at 12:30 PM, Tim Harper <timcharper@gmail.com> wrote:> It also may be noteworthy to mention that I''m using the same cert for > more than one machine. It looks like this may be what''s messing > things up. I was hoping to have a way to automatically connect a new > machine to puppet with out having to pair a new cert. I guess I''m > wrong in my approach. > > Tim > > On Wed, Dec 31, 2008 at 12:27 PM, Tim Harper <timcharper@gmail.com> wrote: >> GMAIL is driving me crazy... i have no idea why it started to >> mess up like this. >> >> That''s an interesting idea: the client and the server are on the same machine. >> >> I wiped out the /var/puppet/ssl directory and /var/puppet, and >> regenerated the cert from scratch. Still the same error :( >> >> On Wed, Dec 31, 2008 at 12:26 PM, Tim Harper <timcharper@gmail.com> wrote: >>> >>> <span class="Apple-style-span" style="border-collapse: collapse; >>> "><div>GMAIL is driving me crazy... i have no idea why it started to >>> mess up like this.</div><div><br></div>That''s an interesting idea: the >>> client and the server are on the same<br>machine.</span><div><span >>> class="Apple-style-span" style="border-collapse:>>> collapse;"><br></span></div><div><span class="Apple-style-span" >>> style="border-collapse: collapse; ">I wiped out the /var/puppet/ssl >>> directory and<br>/var/puppet, and regenerated the cert from scratch. >>> Still the same<br>error :(</span><br><br><div class="gmail_quote">On >>> Wed, Dec 31 > , 2008 at 12:07 PM, Tim Harper <span >>> dir="ltr"><timcharper@gmail.com></span> wrote:<br><blockquote >>> class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc >>> solid;padding-left:1ex;">That''s an interesting idea: the client and >>> the server are on the same<br> >>> machine.<br><br><div>I wiped out the /var/puppet/ssl directory and<br> >>> /var/puppet, and regenerated the cert f >> rom scratch. Still the same<br> >>> error :(</div><div><br></div><div><wbr>Tim</div><div><br><div<br> >>> class="gmail_quote">On Wed, Dec 31, 2008 at 12:05 PM, RijilV <span<br> >>> dir="ltr">&<a >>> href="mailto:lt%3Brijilv@riji.lv">lt;rijilv@riji.lv</a>><<wbr>/span> >>> wrote:<br><blockquote<br> >>> class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc<br> >>> solid;padding-left: >> >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---