Christian
2010-Oct-12 17:32 UTC
[Puppet Users] Puppetrun reports certificates were not trusted
Hi all, All my nodes are signed successfully with the puppetmaster. A manual puppetd run works perfectly on every node. A report is generated for each run in puppet-dashboard. All machines are correctly synchronised via ntp. Using puppetrun on one of my node works without problem. However using puppetrun on the rest of the nodes does suddenly not work. Following is reported: <HOSTNAME> Certificates were not trusted: certificate erify failed. <HOSTNAME> finished with exit code 2 Under [puppetmasterd] i set the certname = <PUPPETMASTERHOST> I tried as well to delete the /ssl folder on the client and regenerated them but with out success on the puppetrun result. Has somebody an idea what is going wrong here. Thanks a lot Christian -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Douglas Garstang
2010-Oct-14 04:10 UTC
Re: [Puppet Users] Puppetrun reports certificates were not trusted
On Tue, Oct 12, 2010 at 10:32 AM, Christian < berwangerchristian@googlemail.com> wrote:> Hi all, > > All my nodes are signed successfully with the puppetmaster. A manual > puppetd run works perfectly on every node. A report is generated for > each run in puppet-dashboard. > > All machines are correctly synchronised via ntp. > > Using puppetrun on one of my node works without problem. However using > puppetrun on the rest of the nodes does suddenly not work. > > Following is reported: > > <HOSTNAME> Certificates were not trusted: certificate erify failed. > <HOSTNAME> finished with exit code 2 > > Under [puppetmasterd] i set the certname = <PUPPETMASTERHOST> > > I tried as well to delete the /ssl folder on the client and > regenerated them but with out success on the puppetrun result. > > Has somebody an idea what is going wrong here. > >I''ve seen this too. Did your time change during a previous puppet run on your client? Doug. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Christian
2010-Oct-14 11:52 UTC
[Puppet Users] Re: Puppetrun reports certificates were not trusted
Hi Doug, What i did with my manual puppet runs was a copy of the ntp.conf files to the clients and restart the ntp service. So if you would declare that as a time change... yeah i did change it. Times on server and clients are complete identically. I checked the validity of the certificate regarding the valid time range. And the time range seems correct for me. The most problems with that were due to wrong time synchronisation which ends up to a time on the client outside the certificate time validity treshold. That however seems not the case for me. I dont understand what is the difference between the working node and the rest of the node... Thanks a lot Christian On 14 Okt., 06:10, Douglas Garstang <doug.garst...@gmail.com> wrote:> On Tue, Oct 12, 2010 at 10:32 AM, Christian < > > > > berwangerchrist...@googlemail.com> wrote: > > Hi all, > > > All my nodes are signed successfully with the puppetmaster. A manual > > puppetd run works perfectly on every node. A report is generated for > > each run in puppet-dashboard. > > > All machines are correctly synchronised via ntp. > > > Using puppetrun on one of my node works without problem. However using > > puppetrun on the rest of the nodes does suddenly not work. > > > Following is reported: > > > <HOSTNAME> Certificates were not trusted: certificate erify failed. > > <HOSTNAME> finished with exit code 2 > > > Under [puppetmasterd] i set the certname = <PUPPETMASTERHOST> > > > I tried as well to delete the /ssl folder on the client and > > regenerated them but with out success on the puppetrun result. > > > Has somebody an idea what is going wrong here. > > I''ve seen this too. Did your time change during a previous puppet run on > your client? > > Doug.-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Christian
2010-Oct-19 13:48 UTC
[Puppet Users] Re: Puppetrun reports certificates were not trusted
Actually that problem were solved by simply rebooting all machines. After a restart suddenly it worked for all of them. From time to time i experience however that single nodes produces following errors even if i havent run puppetrun very short before that run: "Host <hostname> is already running finished with exit code 3" If i run puppetrun a second time than the same node does not report problems anymore. Does anybody know what is the background of that problem? Christian -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.