OK... I started seeing some issues with the certificates between my clients and the puppetmaster. So I went ahead and removed puppet from the clients and cleaned up /var/lib/puppet and /etc/puppet. Then I reinstalled puppet, signed the new cert and things seemed to go OK after that. Then the shocker the second run started to fail and i have this message: [root@atlcnag0 ~]# puppetd --test err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key Exiting; failed to retrieve certificate and waitforcert is disabled [root@atlcnag0 ~]# puppetd --test --waitforcert 5 err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key notice: Run of Puppet configuration client already in progress; skipping Now... the one thing I can think of that might contribute to this could be the fact of how I set up my systems. This is going to take some explaining: the hostname (in this case) for the cilent is atlcnag0. It''s DNS entry (for its main interface) is atlcnag0-eth0 and there is a CNAME pointing back to its hostname (later there may well be more than one IP address associated with that name) which I didn''t think should cause problems, but maybe it is. Any thoughts? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Nevermind... figured it out... shot myself in the foot big time. I have a centralized puppet.conf file that I distribute. That''s a good thing. Unfortunately in my haste I made a big time mistake and all of the puppet.conf files are pointing to a set of cert files for the repository (puppet master) and not themselves. DOH!! On Jun 29, 2:39 pm, salty.cowd...@gmail.com wrote:> OK... > > I started seeing some issues with the certificates between my clients and > the puppetmaster. So I went ahead and removed puppet from the clients and > cleaned up /var/lib/puppet and /etc/puppet. Then I reinstalled puppet, > signed the new cert and things seemed to go OK after that. > > Then the shocker the second run started to fail and i have this message: > > [root@atlcnag0 ~]# puppetd --test > err: Could not request certificate: Retrieved certificate does not match > private key; please remove certificate from server and regenerate it with > the current key > Exiting; failed to retrieve certificate and waitforcert is disabled > [root@atlcnag0 ~]# puppetd --test --waitforcert 5 > err: Could not request certificate: Retrieved certificate does not match > private key; please remove certificate from server and regenerate it with > the current key > notice: Run of Puppet configuration client already in progress; skipping > > Now... the one thing I can think of that might contribute to this could be > the fact of how I set up my systems. This is going to take some explaining: > > the hostname (in this case) for the cilent is atlcnag0. It''s DNS entry (for > its main interface) is atlcnag0-eth0 and there is a CNAME pointing back to > its hostname (later there may well be more than one IP address associated > with that name) which I didn''t think should cause problems, but maybe it is. > > Any thoughts?-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Jun 29, 2010, at 11:39 AM, salty.cowdawg@gmail.com wrote:> OK... > > I started seeing some issues with the certificates between my clients and the puppetmaster. So I went ahead and removed puppet from the clients and cleaned up /var/lib/puppet and /etc/puppet. Then I reinstalled puppet, signed the new cert and things seemed to go OK after that. > > Then the shocker the second run started to fail and i have this message: > > [root@atlcnag0 ~]# puppetd --test > err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key > Exiting; failed to retrieve certificate and waitforcert is disabled > [root@atlcnag0 ~]# puppetd --test --waitforcert 5 > err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key > notice: Run of Puppet configuration client already in progress; skipping > > > Now... the one thing I can think of that might contribute to this could be the fact of how I set up my systems. This is going to take some explaining: > > the hostname (in this case) for the cilent is atlcnag0. It''s DNS entry (for its main interface) is atlcnag0-eth0 and there is a CNAME pointing back to its hostname (later there may well be more than one IP address associated with that name) which I didn''t think should cause problems, but maybe it is. > > Any thoughts?I would guess that your problem is the same as http://groups.google.com/group/puppet-users/browse_thread/thread/7591866a273dd4ff -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.