h3
2010-Apr-05 03:29 UTC
[Puppet Users] Cannot get puppet master to sign certificate with Ubuntu 10.04
I have a puppet master running on a Ubuntu Hardy. I have some other Ubuntu servers and clients ranging from hardy to karmic that works fine. Now I''ve setuped a fresh Lucid Lynx install (10.04) and I can''t get a certificate for it: Client:> sudo puppetd --waitforcert 60 --test > > info: Creating a new SSL key for h3-desktop > warning: peer certificate won''t be verified in this SSL session > warning: peer certificate won''t be verified in this SSL session > info: Creating a new SSL certificate request for h3-desktop > warning: peer certificate won''t be verified in this SSL session > warning: peer certificate won''t be verified in this SSL session > warning: peer certificate won''t be verified in this SSL session > warning: peer certificate won''t be verified in this SSL session > notice: Did not receive certificate > warning: peer certificate won''t be verified in this SSL session > notice: Did not receive certificateServer:> h3@server:/tmp$ sudo puppetca --list > No certificates to signI''ve tried many things like from regenerating all the certificates , but nothing worked so far.. I don''t know what to try anymore.. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Patrick
2010-Apr-05 04:18 UTC
Re: [Puppet Users] Cannot get puppet master to sign certificate with Ubuntu 10.04
On Apr 4, 2010, at 8:29 PM, h3 wrote:> I have a puppet master running on a Ubuntu Hardy. I have some other > Ubuntu servers and clients ranging from hardy to karmic that works > fine. > > Now I''ve setuped a fresh Lucid Lynx install (10.04) and I can''t get a > certificate for it: > > Client: > >> sudo puppetd --waitforcert 60 --test >> >> info: Creating a new SSL key for h3-desktop >> warning: peer certificate won''t be verified in this SSL session >> warning: peer certificate won''t be verified in this SSL session >> info: Creating a new SSL certificate request for h3-desktop >> warning: peer certificate won''t be verified in this SSL session >> warning: peer certificate won''t be verified in this SSL session >> warning: peer certificate won''t be verified in this SSL session >> warning: peer certificate won''t be verified in this SSL session >> notice: Did not receive certificate >> warning: peer certificate won''t be verified in this SSL session >> notice: Did not receive certificate > > Server: > >> h3@server:/tmp$ sudo puppetca --list >> No certificates to signIs the server version 0.24.x and the client is 0.25.x? 0.24 clients can connect to 0.25 servers, but not the other way around. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
h3
2010-Apr-05 12:23 UTC
[Puppet Users] Re: Cannot get puppet master to sign certificate with Ubuntu 10.04
Yeah .. this seems to be exactly my problem. It would be nice if either the server or client could throw an exception to give a clue about the problem .. I''ve spent last night debugging this problem and couldn''t find any trace of errors .. On 5 avr, 05:18, Patrick <kc7...@gmail.com> wrote:> On Apr 4, 2010, at 8:29 PM, h3 wrote: > > > > > > > I have a puppet master running on a Ubuntu Hardy. I have some other > > Ubuntu servers and clients ranging from hardy to karmic that works > > fine. > > > Now I''ve setuped a fresh Lucid Lynx install (10.04) and I can''t get a > > certificate for it: > > > Client: > > >> sudo puppetd --waitforcert 60 --test > > >> info: Creating a new SSL key for h3-desktop > >> warning: peer certificate won''t be verified in this SSL session > >> warning: peer certificate won''t be verified in this SSL session > >> info: Creating a new SSL certificate request for h3-desktop > >> warning: peer certificate won''t be verified in this SSL session > >> warning: peer certificate won''t be verified in this SSL session > >> warning: peer certificate won''t be verified in this SSL session > >> warning: peer certificate won''t be verified in this SSL session > >> notice: Did not receive certificate > >> warning: peer certificate won''t be verified in this SSL session > >> notice: Did not receive certificate > > > Server: > > >> h3@server:/tmp$ sudo puppetca --list > >> No certificates to sign > > Is the server version 0.24.x and the client is 0.25.x? 0.24 clients can connect to 0.25 servers, but not the other way around.-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
h3
2010-Apr-05 13:15 UTC
[Puppet Users] Re: Cannot get puppet master to sign certificate with Ubuntu 10.04
For the record, here''s how I fixed this problem: On the client (Ubuntu 10.04) I created the file /etc/apt/ sources.list.d/karmic.list and added the following lines: deb http://ubuntu.mirror.rafal.ca/ubuntu/ karmic-security main restricted deb-src http://ubuntu.mirror.rafal.ca/ubuntu/ karmic-security main restricted deb http://ubuntu.mirror.rafal.ca/ubuntu/ karmic-security universe deb-src http://ubuntu.mirror.rafal.ca/ubuntu/ karmic-security universe deb http://ubuntu.mirror.rafal.ca/ubuntu/ karmic-security multiverse deb-src http://ubuntu.mirror.rafal.ca/ubuntu/ karmic-security multiverse Then: $: sudo apt-get update And finally: $: sudo aptitude -t karmic install puppet This installed the right packaged version and will freeze it at the karmic version for future updates .. cheers On 5 avr, 04:29, h3 <hainea...@gmail.com> wrote:> I have a puppet master running on a Ubuntu Hardy. I have some other > Ubuntu servers and clients ranging from hardy to karmic that works > fine. > > Now I''ve setuped a fresh Lucid Lynx install (10.04) and I can''t get a > certificate for it: > > Client: > > > sudo puppetd --waitforcert 60 --test > > > info: Creating a new SSL key for h3-desktop > > warning: peer certificate won''t be verified in this SSL session > > warning: peer certificate won''t be verified in this SSL session > > info: Creating a new SSL certificate request for h3-desktop > > warning: peer certificate won''t be verified in this SSL session > > warning: peer certificate won''t be verified in this SSL session > > warning: peer certificate won''t be verified in this SSL session > > warning: peer certificate won''t be verified in this SSL session > > notice: Did not receive certificate > > warning: peer certificate won''t be verified in this SSL session > > notice: Did not receive certificate > > Server: > > > h3@server:/tmp$ sudo puppetca --list > > No certificates to sign > > I''ve tried many things like from regenerating all the certificates , > but nothing worked so far.. > > I don''t know what to try anymore..-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Patrick
2010-Apr-05 17:42 UTC
Re: [Puppet Users] Re: Cannot get puppet master to sign certificate with Ubuntu 10.04
On Apr 5, 2010, at 5:23 AM, h3 wrote:> Yeah .. this seems to be exactly my problem. > > It would be nice if either the server or client could throw an > exception to give a clue about the problem ..I did get useful messages when I used the --verbose and --debug flags. Usually puppet won''t give you any useful information without one or both of those.> I''ve spent last night debugging this problem and couldn''t find any > trace of errors ..I just had a lucky guess because I had been working on an upgrade to lucid. Usually, people won''t be able to help you much unless you have at least --verbose turned on. I ended up solving the problem the other way. I pulled the Lucid puppet and factor packages backwords. I did have a backup ready though.> On 5 avr, 05:18, Patrick <kc7...@gmail.com> wrote: >> On Apr 4, 2010, at 8:29 PM, h3 wrote: >> >> >> >> >> >>> I have a puppet master running on a Ubuntu Hardy. I have some other >>> Ubuntu servers and clients ranging from hardy to karmic that works >>> fine. >> >>> Now I''ve setuped a fresh Lucid Lynx install (10.04) and I can''t get a >>> certificate for it: >> >>> Client: >> >>>> sudo puppetd --waitforcert 60 --test >> >>>> info: Creating a new SSL key for h3-desktop >>>> warning: peer certificate won''t be verified in this SSL session >>>> warning: peer certificate won''t be verified in this SSL session >>>> info: Creating a new SSL certificate request for h3-desktop >>>> warning: peer certificate won''t be verified in this SSL session >>>> warning: peer certificate won''t be verified in this SSL session >>>> warning: peer certificate won''t be verified in this SSL session >>>> warning: peer certificate won''t be verified in this SSL session >>>> notice: Did not receive certificate >>>> warning: peer certificate won''t be verified in this SSL session >>>> notice: Did not receive certificate >> >>> Server: >> >>>> h3@server:/tmp$ sudo puppetca --list >>>> No certificates to sign >> >> Is the server version 0.24.x and the client is 0.25.x? 0.24 clients can connect to 0.25 servers, but not the other way around. > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.