Douglas Garstang
2010-Aug-25 01:22 UTC
[Puppet Users] Could not request certificate: Neither PUB key nor PRIV key
Oh my god.... what is this? Getting this on first boot of new client. Aug 24 01:11:09 app03 puppet-agent[5392]: Reopening log files Aug 24 01:11:09 app03 puppet-agent[5392]: Could not request certificate: Neither PUB key nor PRIV key:: header too long I stop the client, and remove the ssl directory on the client: [root@app03 puppet]# service puppet stop Stopping puppet: [ OK ] [root@app03 puppet]# rm -fR /var/lib/puppet/ssl [root@app03 puppet]# I then go and clean the certificate on the server. prov01 ~:# puppetca --clean app03.pax.livegamer.com notice: Revoked certificate with serial 114 notice: Removing file Puppet::SSL::Certificate app03.pax.livegamer.com at ''/var/lib/puppet/ssl/ca/signed/app03.pax.livegamer.com.pem'' notice: Removing file Puppet::SSL::Certificate app03.pax.livegamer.com at ''/var/lib/puppet/ssl/certs/app03.pax.livegamer.com.pem'' I then restart puppet on the client... [root@app03 puppet]# service puppet start Starting puppet: [ OK ] I then look at the log files on the client. It indicates it is waiting for a certificate to be signed. Actually, this is really a bug. All it ever says is ''Reopening log files" Aug 24 01:19:38 app03 puppet-agent[6098]: Reopening log files Anyway, now I go back to the server, and yes, there''s a request waiting... prov01 ~:# puppetca --list app03.pax.livegamer.com I sign it... prov01 ~:# puppetca --sign app03.pax.livegamer.com notice: Signed certificate request for app03.pax.livegamer.com notice: Removing file Puppet::SSL::CertificateRequest app03.pax.livegamer.com at ''/var/lib/puppet/ssl/ca/requests/app03.pax.livegamer.com.pem'' I then go back to the client and restart puppet: [root@app03 puppet]# service puppet restart Stopping puppet: [ OK ] Starting puppet: [ OK ] and I look at my log files on the client again... Aug 24 01:21:50 app03 puppet-agent[6274]: Starting Puppet client version 2.6.1 Aug 24 01:21:50 app03 puppet-agent[6274]: Could not retrieve catalog from remote server: certificate verify failed Aug 24 01:21:50 app03 puppet-agent[6274]: Not using cache on failed catalog Aug 24 01:21:50 app03 puppet-agent[6274]: Could not retrieve catalog; skipping run What the hell is wrong???? My god this is frustrating. I''ve reinstalled this server 4 times now and this is totally reproducable. Doug. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Douglas Garstang
2010-Aug-25 01:37 UTC
[Puppet Users] Re: Could not request certificate: Neither PUB key nor PRIV key
Arrgh. The clock on the client was 24 hours slow. But... I wonder why that happens when the certificate is valid from Validity Not Before: Jul 13 13:51:08 2010 GMT Not After : Jul 12 13:51:08 2015 GMT Doug. On Tue, Aug 24, 2010 at 6:22 PM, Douglas Garstang <doug.garstang@gmail.com> wrote:> Oh my god.... what is this? > > Getting this on first boot of new client. > Aug 24 01:11:09 app03 puppet-agent[5392]: Reopening log files > Aug 24 01:11:09 app03 puppet-agent[5392]: Could not request > certificate: Neither PUB key nor PRIV key:: header too long > > I stop the client, and remove the ssl directory on the client: > > [root@app03 puppet]# service puppet stop > Stopping puppet: [ OK ] > [root@app03 puppet]# rm -fR /var/lib/puppet/ssl > [root@app03 puppet]# > > I then go and clean the certificate on the server. > > prov01 ~:# puppetca --clean app03.pax.livegamer.com > notice: Revoked certificate with serial 114 > notice: Removing file Puppet::SSL::Certificate app03.pax.livegamer.com > at ''/var/lib/puppet/ssl/ca/signed/app03.pax.livegamer.com.pem'' > notice: Removing file Puppet::SSL::Certificate app03.pax.livegamer.com > at ''/var/lib/puppet/ssl/certs/app03.pax.livegamer.com.pem'' > > I then restart puppet on the client... > > [root@app03 puppet]# service puppet start > Starting puppet: [ OK ] > > I then look at the log files on the client. It indicates it is waiting > for a certificate to be signed. Actually, this is really a bug. All it > ever says is ''Reopening log files" > > Aug 24 01:19:38 app03 puppet-agent[6098]: Reopening log files > > Anyway, now I go back to the server, and yes, there''s a request waiting... > > prov01 ~:# puppetca --list > app03.pax.livegamer.com > > I sign it... > > prov01 ~:# puppetca --sign app03.pax.livegamer.com > notice: Signed certificate request for app03.pax.livegamer.com > notice: Removing file Puppet::SSL::CertificateRequest > app03.pax.livegamer.com at > ''/var/lib/puppet/ssl/ca/requests/app03.pax.livegamer.com.pem'' > > I then go back to the client and restart puppet: > > [root@app03 puppet]# service puppet restart > Stopping puppet: [ OK ] > Starting puppet: [ OK ] > > and I look at my log files on the client again... > > Aug 24 01:21:50 app03 puppet-agent[6274]: Starting Puppet client version 2.6.1 > Aug 24 01:21:50 app03 puppet-agent[6274]: Could not retrieve catalog > from remote server: certificate verify failed > Aug 24 01:21:50 app03 puppet-agent[6274]: Not using cache on failed catalog > Aug 24 01:21:50 app03 puppet-agent[6274]: Could not retrieve catalog; > skipping run > > What the hell is wrong???? My god this is frustrating. I''ve > reinstalled this server 4 times now and this is totally reproducable. > > Doug. >-- Regards, Douglas Garstang http://www.linkedin.com/in/garstang Email: doug.garstang@gmail.com Cell: +1-805-340-5627 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.