Puppet users - Apr 2010 - Cannot get puppet master to sign certificate with Ubuntu 10.04

I have a puppet master running on a Ubuntu Hardy. I have some other
Ubuntu servers and clients ranging from hardy to karmic that works
fine.

Now I''ve setuped a fresh Lucid Lynx install (10.04) and I
can''t get a
certificate for it:

Client:
> sudo puppetd --waitforcert 60 --test
>
> info: Creating a new SSL key for h3-desktop
> warning: peer certificate won''t be verified in this SSL session
> warning: peer certificate won''t be verified in this SSL session
> info: Creating a new SSL certificate request for h3-desktop
> warning: peer certificate won''t be verified in this SSL session
> warning: peer certificate won''t be verified in this SSL session
> warning: peer certificate won''t be verified in this SSL session
> warning: peer certificate won''t be verified in this SSL session
> notice: Did not receive certificate
> warning: peer certificate won''t be verified in this SSL session
> notice: Did not receive certificate
Server:
> h3@server:/tmp$ sudo puppetca --list
> No certificates to sign
I''ve tried many things like from regenerating all the certificates ,
but nothing worked so far..

I don''t know what to try anymore..

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Apr 4, 2010, at 8:29 PM, h3 wrote:
> I have a puppet master running on a Ubuntu Hardy. I have some other
> Ubuntu servers and clients ranging from hardy to karmic that works
> fine.
> 
> Now I''ve setuped a fresh Lucid Lynx install (10.04) and I
can''t get a
> certificate for it:
> 
> Client:
> 
>> sudo puppetd --waitforcert 60 --test
>> 
>> info: Creating a new SSL key for h3-desktop
>> warning: peer certificate won''t be verified in this SSL
session
>> warning: peer certificate won''t be verified in this SSL
session
>> info: Creating a new SSL certificate request for h3-desktop
>> warning: peer certificate won''t be verified in this SSL
session
>> warning: peer certificate won''t be verified in this SSL
session
>> warning: peer certificate won''t be verified in this SSL
session
>> warning: peer certificate won''t be verified in this SSL
session
>> notice: Did not receive certificate
>> warning: peer certificate won''t be verified in this SSL
session
>> notice: Did not receive certificate
> 
> Server:
> 
>> h3@server:/tmp$ sudo puppetca --list
>> No certificates to sign
Is the server version 0.24.x and the client is 0.25.x?  0.24 clients can connect
to 0.25 servers, but not the other way around.

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Yeah .. this seems to be exactly my problem.

It would be nice if either the server or client could throw an
exception to give a clue about the problem ..

I''ve spent last night debugging this problem and couldn''t find
any
trace of errors ..

On 5 avr, 05:18, Patrick <kc7...@gmail.com> wrote:
> On Apr 4, 2010, at 8:29 PM, h3 wrote:
>
>
>
>
>
> > I have a puppet master running on a Ubuntu Hardy. I have some other
> > Ubuntu servers and clients ranging from hardy to karmic that works
> > fine.
>
> > Now I''ve setuped a fresh Lucid Lynx install (10.04) and I
can''t get a
> > certificate for it:
>
> > Client:
>
> >> sudo puppetd --waitforcert 60 --test
>
> >> info: Creating a new SSL key for h3-desktop
> >> warning: peer certificate won''t be verified in this SSL
session
> >> warning: peer certificate won''t be verified in this SSL
session
> >> info: Creating a new SSL certificate request for h3-desktop
> >> warning: peer certificate won''t be verified in this SSL
session
> >> warning: peer certificate won''t be verified in this SSL
session
> >> warning: peer certificate won''t be verified in this SSL
session
> >> warning: peer certificate won''t be verified in this SSL
session
> >> notice: Did not receive certificate
> >> warning: peer certificate won''t be verified in this SSL
session
> >> notice: Did not receive certificate
>
> > Server:
>
> >> h3@server:/tmp$ sudo puppetca --list
> >> No certificates to sign
>
> Is the server version 0.24.x and the client is 0.25.x?  0.24 clients can
connect to 0.25 servers, but not the other way around.
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

For the record, here''s how I fixed this problem:

On the client (Ubuntu 10.04) I created the file /etc/apt/
sources.list.d/karmic.list

and added the following lines:

deb http://ubuntu.mirror.rafal.ca/ubuntu/ karmic-security main
restricted
deb-src http://ubuntu.mirror.rafal.ca/ubuntu/ karmic-security main
restricted
deb http://ubuntu.mirror.rafal.ca/ubuntu/ karmic-security universe
deb-src http://ubuntu.mirror.rafal.ca/ubuntu/ karmic-security universe
deb http://ubuntu.mirror.rafal.ca/ubuntu/ karmic-security multiverse
deb-src http://ubuntu.mirror.rafal.ca/ubuntu/ karmic-security
multiverse

Then:

$: sudo apt-get update

And finally:

$: sudo aptitude -t karmic install puppet

This installed the right packaged version and will freeze it at the
karmic version for future updates ..

cheers

On 5 avr, 04:29, h3 <hainea...@gmail.com> wrote:
> I have a puppet master running on a Ubuntu Hardy. I have some other
> Ubuntu servers and clients ranging from hardy to karmic that works
> fine.
>
> Now I''ve setuped a fresh Lucid Lynx install (10.04) and I
can''t get a
> certificate for it:
>
> Client:
>
> > sudo puppetd --waitforcert 60 --test
>
> > info: Creating a new SSL key for h3-desktop
> > warning: peer certificate won''t be verified in this SSL
session
> > warning: peer certificate won''t be verified in this SSL
session
> > info: Creating a new SSL certificate request for h3-desktop
> > warning: peer certificate won''t be verified in this SSL
session
> > warning: peer certificate won''t be verified in this SSL
session
> > warning: peer certificate won''t be verified in this SSL
session
> > warning: peer certificate won''t be verified in this SSL
session
> > notice: Did not receive certificate
> > warning: peer certificate won''t be verified in this SSL
session
> > notice: Did not receive certificate
>
> Server:
>
> > h3@server:/tmp$ sudo puppetca --list
> > No certificates to sign
>
> I''ve tried many things like from regenerating all the certificates
,
> but nothing worked so far..
>
> I don''t know what to try anymore..
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Apr 5, 2010, at 5:23 AM, h3 wrote:
> Yeah .. this seems to be exactly my problem.
> 
> It would be nice if either the server or client could throw an
> exception to give a clue about the problem ..
I did get useful messages when I used the --verbose and --debug flags.  Usually
puppet won''t give you any useful information without one or both of
those.

> I''ve spent last night debugging this problem and couldn''t
find any
> trace of errors ..
I just had a lucky guess because I had been working on an upgrade to lucid. 
Usually, people won''t be able to help you much unless you have at least
--verbose turned on.

I ended up solving the problem the other way.  I pulled the Lucid puppet and
factor packages backwords.  I did have a backup ready though.
> On 5 avr, 05:18, Patrick <kc7...@gmail.com> wrote:
>> On Apr 4, 2010, at 8:29 PM, h3 wrote:
>> 
>> 
>> 
>> 
>> 
>>> I have a puppet master running on a Ubuntu Hardy. I have some other
>>> Ubuntu servers and clients ranging from hardy to karmic that works
>>> fine.
>> 
>>> Now I''ve setuped a fresh Lucid Lynx install (10.04) and I
can''t get a
>>> certificate for it:
>> 
>>> Client:
>> 
>>>> sudo puppetd --waitforcert 60 --test
>> 
>>>> info: Creating a new SSL key for h3-desktop
>>>> warning: peer certificate won''t be verified in this
SSL session
>>>> warning: peer certificate won''t be verified in this
SSL session
>>>> info: Creating a new SSL certificate request for h3-desktop
>>>> warning: peer certificate won''t be verified in this
SSL session
>>>> warning: peer certificate won''t be verified in this
SSL session
>>>> warning: peer certificate won''t be verified in this
SSL session
>>>> warning: peer certificate won''t be verified in this
SSL session
>>>> notice: Did not receive certificate
>>>> warning: peer certificate won''t be verified in this
SSL session
>>>> notice: Did not receive certificate
>> 
>>> Server:
>> 
>>>> h3@server:/tmp$ sudo puppetca --list
>>>> No certificates to sign
>> 
>> Is the server version 0.24.x and the client is 0.25.x?  0.24 clients
can connect to 0.25 servers, but not the other way around.
> 
> -- 
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
> 
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.