i''m testing things here and had to change the hostname of my puppetmaster VM. pointing a client to it generates "info: Could not find certificate for ''host.domain.com''" errors on the master and the following on the client: debug: Using cached certificate for ca warning: peer certificate won''t be verified in this SSL session puppetmaster is running centos 5.4 with puppet 0.25.5. the client right now is os x running puppet 2.6, but i have the same issues with another centos VM and 0.25.5. so i tarred up the /var/puppet directory on the client, recreated it, successfully requested a cert again, signed it on the master, then got the following from the client: debug: OpenSSL: Error(19): self signed certificate in certificate chain debug: OpenSSL: Cert: /CN=ca /Library/Ruby/Site/1.8/puppet/network/http_pool.rb:68: [BUG] Segmentation fault ruby 1.8.7 (2009-06-12 patchlevel 174) [universal-darwin10.0] on the master, i''m getting webrick errors like so: [2010-09-04 22:51:07] DEBUG close: 10.11.10.99:50292 [2010-09-04 22:51:08] DEBUG accept: 10.11.10.99:50293 [2010-09-04 22:51:09] ERROR OpenSSL::SSL::SSLError: /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:44:in `accept'' /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:44:in `listen'' /usr/lib/ruby/1.8/webrick/server.rb:173:in `call'' /usr/lib/ruby/1.8/webrick/server.rb:173:in `start_thread'' /usr/lib/ruby/1.8/webrick/server.rb:162:in `start'' /usr/lib/ruby/1.8/webrick/server.rb:162:in `start_thread'' /usr/lib/ruby/1.8/webrick/server.rb:95:in `start'' /usr/lib/ruby/1.8/webrick/server.rb:92:in `each'' /usr/lib/ruby/1.8/webrick/server.rb:92:in `start'' /usr/lib/ruby/1.8/webrick/server.rb:23:in `start'' /usr/lib/ruby/1.8/webrick/server.rb:82:in `start'' /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:42:in `listen'' /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in `initialize'' /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in `new'' /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in `listen'' /usr/lib/ruby/1.8/thread.rb:135:in `synchronize'' /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:38:in `listen'' /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:131:in `listen'' /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:146:in `start'' /usr/lib/ru after the hostname change, what''s the best way to wipe the slate clean? the setup has worked for me recently. i''d just like to get back to a working state. thanks for any help. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
nate
2010-Sep-05 03:11 UTC
[Puppet Users] Re: starting from scratch after changed hostname
quick followup… i''ve wiped /etc/puppet/ssl and /var/lib/puppet/ssl on the server. firing up puppetmasterd properly signs its own cert. that should give me a clean slate there, correct? on the client, i did the same. requesting a cert with puppetd -d -v -- no-daemonize --test --waitforcert 60 produces the following: err: Could not retrieve catalog from remote server: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run so… what''s cached here, and where do i resolve this? how do i regenerate the cert with the current key, and which key is it talking about here? On Sep 4, 10:55 pm, nate <foil...@gmail.com> wrote:> i''m testing things here and had to change the hostname of my > puppetmaster VM. pointing a client to it generates "info: Could not > find certificate for ''host.domain.com''" errors on the master and the > following on the client: > > debug: Using cached certificate for ca > warning: peer certificate won''t be verified in this SSL session > > puppetmaster is running centos 5.4 with puppet 0.25.5. the client > right now is os x running puppet 2.6, but i have the same issues with > another centos VM and 0.25.5. > > so i tarred up the /var/puppet directory on the client, recreated it, > successfully requested a cert again, signed it on the master, then got > the following from the client: > > debug: OpenSSL: Error(19): self signed certificate in certificate > chain > debug: OpenSSL: Cert: /CN=ca > /Library/Ruby/Site/1.8/puppet/network/http_pool.rb:68: [BUG] > Segmentation fault > ruby 1.8.7 (2009-06-12 patchlevel 174) [universal-darwin10.0] > > on the master, i''m getting webrick errors like so: > > [2010-09-04 22:51:07] DEBUG close: 10.11.10.99:50292 > [2010-09-04 22:51:08] DEBUG accept: 10.11.10.99:50293 > [2010-09-04 22:51:09] ERROR OpenSSL::SSL::SSLError: > /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:44:in > `accept'' > /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:44:in > `listen'' > /usr/lib/ruby/1.8/webrick/server.rb:173:in `call'' > /usr/lib/ruby/1.8/webrick/server.rb:173:in `start_thread'' > /usr/lib/ruby/1.8/webrick/server.rb:162:in `start'' > /usr/lib/ruby/1.8/webrick/server.rb:162:in `start_thread'' > /usr/lib/ruby/1.8/webrick/server.rb:95:in `start'' > /usr/lib/ruby/1.8/webrick/server.rb:92:in `each'' > /usr/lib/ruby/1.8/webrick/server.rb:92:in `start'' > /usr/lib/ruby/1.8/webrick/server.rb:23:in `start'' > /usr/lib/ruby/1.8/webrick/server.rb:82:in `start'' > /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:42:in > `listen'' > /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in > `initialize'' > /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in > `new'' > /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in > `listen'' > /usr/lib/ruby/1.8/thread.rb:135:in `synchronize'' > /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:38:in > `listen'' > /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:131:in `listen'' > /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:146:in `start'' > /usr/lib/ru > > after the hostname change, what''s the best way to wipe the slate > clean? the setup has worked for me recently. i''d just like to get back > to a working state. thanks for any help.-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
nate
2010-Sep-05 03:21 UTC
[Puppet Users] Re: starting from scratch after changed hostname
ugh… disregard the above. i blew away the /etc/puppet and /var/lib/puppet directories on the client, regenerated certs again on the server, and they''re talking again. thanks, all. On Sep 4, 11:11 pm, nate <foil...@gmail.com> wrote:> quick followup… > > i''ve wiped /etc/puppet/ssl and /var/lib/puppet/ssl on the server. > firing up puppetmasterd properly signs its own cert. that should give > me a clean slate there, correct? > > on the client, i did the same. requesting a cert with puppetd -d -v -- > no-daemonize --test --waitforcert 60 produces the following: > > err: Could not retrieve catalog from remote server: Retrieved > certificate does not match private key; please remove certificate from > server and regenerate it with the current key > warning: Not using cache on failed catalog > err: Could not retrieve catalog; skipping run > > so… what''s cached here, and where do i resolve this? how do i > regenerate the cert with the current key, and which key is it talking > about here? > > On Sep 4, 10:55 pm, nate <foil...@gmail.com> wrote: > > > > > i''m testing things here and had to change the hostname of my > > puppetmaster VM. pointing a client to it generates "info: Could not > > find certificate for ''host.domain.com''" errors on the master and the > > following on the client: > > > debug: Using cached certificate for ca > > warning: peer certificate won''t be verified in this SSL session > > > puppetmaster is running centos 5.4 with puppet 0.25.5. the client > > right now is os x running puppet 2.6, but i have the same issues with > > another centos VM and 0.25.5. > > > so i tarred up the /var/puppet directory on the client, recreated it, > > successfully requested a cert again, signed it on the master, then got > > the following from the client: > > > debug: OpenSSL: Error(19): self signed certificate in certificate > > chain > > debug: OpenSSL: Cert: /CN=ca > > /Library/Ruby/Site/1.8/puppet/network/http_pool.rb:68: [BUG] > > Segmentation fault > > ruby 1.8.7 (2009-06-12 patchlevel 174) [universal-darwin10.0] > > > on the master, i''m getting webrick errors like so: > > > [2010-09-04 22:51:07] DEBUG close: 10.11.10.99:50292 > > [2010-09-04 22:51:08] DEBUG accept: 10.11.10.99:50293 > > [2010-09-04 22:51:09] ERROR OpenSSL::SSL::SSLError: > > /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:44:in > > `accept'' > > /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:44:in > > `listen'' > > /usr/lib/ruby/1.8/webrick/server.rb:173:in `call'' > > /usr/lib/ruby/1.8/webrick/server.rb:173:in `start_thread'' > > /usr/lib/ruby/1.8/webrick/server.rb:162:in `start'' > > /usr/lib/ruby/1.8/webrick/server.rb:162:in `start_thread'' > > /usr/lib/ruby/1.8/webrick/server.rb:95:in `start'' > > /usr/lib/ruby/1.8/webrick/server.rb:92:in `each'' > > /usr/lib/ruby/1.8/webrick/server.rb:92:in `start'' > > /usr/lib/ruby/1.8/webrick/server.rb:23:in `start'' > > /usr/lib/ruby/1.8/webrick/server.rb:82:in `start'' > > /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:42:in > > `listen'' > > /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in > > `initialize'' > > /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in > > `new'' > > /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in > > `listen'' > > /usr/lib/ruby/1.8/thread.rb:135:in `synchronize'' > > /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:38:in > > `listen'' > > /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:131:in `listen'' > > /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:146:in `start'' > > /usr/lib/ru > > > after the hostname change, what''s the best way to wipe the slate > > clean? the setup has worked for me recently. i''d just like to get back > > to a working state. thanks for any help.-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.