Douglas Garstang
2010-Aug-25 01:22 UTC
[Puppet Users] Could not request certificate: Neither PUB key nor PRIV key
Oh my god.... what is this? Getting this on first boot of new client. Aug 24 01:11:09 app03 puppet-agent[5392]: Reopening log files Aug 24 01:11:09 app03 puppet-agent[5392]: Could not request certificate: Neither PUB key nor PRIV key:: header too long I stop the client, and remove the ssl directory on the client: [root@app03 puppet]# service puppet stop Stopping puppet: [ OK ] [root@app03 puppet]# rm -fR /var/lib/puppet/ssl [root@app03 puppet]# I then go and clean the certificate on the server. prov01 ~:# puppetca --clean app03.pax.livegamer.com notice: Revoked certificate with serial 114 notice: Removing file Puppet::SSL::Certificate app03.pax.livegamer.com at ''/var/lib/puppet/ssl/ca/signed/app03.pax.livegamer.com.pem'' notice: Removing file Puppet::SSL::Certificate app03.pax.livegamer.com at ''/var/lib/puppet/ssl/certs/app03.pax.livegamer.com.pem'' I then restart puppet on the client... [root@app03 puppet]# service puppet start Starting puppet: [ OK ] I then look at the log files on the client. It indicates it is waiting for a certificate to be signed. Actually, this is really a bug. All it ever says is ''Reopening log files" Aug 24 01:19:38 app03 puppet-agent[6098]: Reopening log files Anyway, now I go back to the server, and yes, there''s a request waiting... prov01 ~:# puppetca --list app03.pax.livegamer.com I sign it... prov01 ~:# puppetca --sign app03.pax.livegamer.com notice: Signed certificate request for app03.pax.livegamer.com notice: Removing file Puppet::SSL::CertificateRequest app03.pax.livegamer.com at ''/var/lib/puppet/ssl/ca/requests/app03.pax.livegamer.com.pem'' I then go back to the client and restart puppet: [root@app03 puppet]# service puppet restart Stopping puppet: [ OK ] Starting puppet: [ OK ] and I look at my log files on the client again... Aug 24 01:21:50 app03 puppet-agent[6274]: Starting Puppet client version 2.6.1 Aug 24 01:21:50 app03 puppet-agent[6274]: Could not retrieve catalog from remote server: certificate verify failed Aug 24 01:21:50 app03 puppet-agent[6274]: Not using cache on failed catalog Aug 24 01:21:50 app03 puppet-agent[6274]: Could not retrieve catalog; skipping run What the hell is wrong???? My god this is frustrating. I''ve reinstalled this server 4 times now and this is totally reproducable. Doug. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Douglas Garstang
2010-Aug-25 01:37 UTC
[Puppet Users] Re: Could not request certificate: Neither PUB key nor PRIV key
Arrgh. The clock on the client was 24 hours slow. But... I wonder why
that happens when the certificate is valid from
Validity
Not Before: Jul 13 13:51:08 2010 GMT
Not After : Jul 12 13:51:08 2015 GMT
Doug.
On Tue, Aug 24, 2010 at 6:22 PM, Douglas Garstang
<doug.garstang@gmail.com> wrote:> Oh my god.... what is this?
>
> Getting this on first boot of new client.
> Aug 24 01:11:09 app03 puppet-agent[5392]: Reopening log files
> Aug 24 01:11:09 app03 puppet-agent[5392]: Could not request
> certificate: Neither PUB key nor PRIV key:: header too long
>
> I stop the client, and remove the ssl directory on the client:
>
> [root@app03 puppet]# service puppet stop
> Stopping puppet: [ OK ]
> [root@app03 puppet]# rm -fR /var/lib/puppet/ssl
> [root@app03 puppet]#
>
> I then go and clean the certificate on the server.
>
> prov01 ~:# puppetca --clean app03.pax.livegamer.com
> notice: Revoked certificate with serial 114
> notice: Removing file Puppet::SSL::Certificate app03.pax.livegamer.com
> at
''/var/lib/puppet/ssl/ca/signed/app03.pax.livegamer.com.pem''
> notice: Removing file Puppet::SSL::Certificate app03.pax.livegamer.com
> at
''/var/lib/puppet/ssl/certs/app03.pax.livegamer.com.pem''
>
> I then restart puppet on the client...
>
> [root@app03 puppet]# service puppet start
> Starting puppet: [ OK ]
>
> I then look at the log files on the client. It indicates it is waiting
> for a certificate to be signed. Actually, this is really a bug. All it
> ever says is ''Reopening log files"
>
> Aug 24 01:19:38 app03 puppet-agent[6098]: Reopening log files
>
> Anyway, now I go back to the server, and yes, there''s a request
waiting...
>
> prov01 ~:# puppetca --list
> app03.pax.livegamer.com
>
> I sign it...
>
> prov01 ~:# puppetca --sign app03.pax.livegamer.com
> notice: Signed certificate request for app03.pax.livegamer.com
> notice: Removing file Puppet::SSL::CertificateRequest
> app03.pax.livegamer.com at
>
''/var/lib/puppet/ssl/ca/requests/app03.pax.livegamer.com.pem''
>
> I then go back to the client and restart puppet:
>
> [root@app03 puppet]# service puppet restart
> Stopping puppet: [ OK ]
> Starting puppet: [ OK ]
>
> and I look at my log files on the client again...
>
> Aug 24 01:21:50 app03 puppet-agent[6274]: Starting Puppet client version
2.6.1
> Aug 24 01:21:50 app03 puppet-agent[6274]: Could not retrieve catalog
> from remote server: certificate verify failed
> Aug 24 01:21:50 app03 puppet-agent[6274]: Not using cache on failed catalog
> Aug 24 01:21:50 app03 puppet-agent[6274]: Could not retrieve catalog;
> skipping run
>
> What the hell is wrong???? My god this is frustrating. I''ve
> reinstalled this server 4 times now and this is totally reproducable.
>
> Doug.
>
--
Regards,
Douglas Garstang
http://www.linkedin.com/in/garstang
Email: doug.garstang@gmail.com
Cell: +1-805-340-5627
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.