Puppet users - Mar 2011 - err: Could not retrieve catalog from remote server: certificate verify failed

So set up new node, ran on the client

puppetd --server puppetmaster --waitforcert 60 --test

on the puppetmaster itself I ran

puppetca --list

saw the hostname

and then ran:

puppetca --sign hostname.domain.com

and on the puppet node itself I went back and ran puppetd -tv

and get the following error:

err: Could not retrieve catalog from remote server: certificate verify failed
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run


If I do a puppetca --list --all on the puppetmaster, the server is
registered with a mac address.


Just curious has anyone seen this and how to resolve?

Thanks

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

I was fighting with this issue today. Try to use FQDN in
''server'' directive.

On 24.03.2011 16:50, Mike Franon wrote:
> So set up new node, ran on the client
>
> puppetd --server puppetmaster --waitforcert 60 --test
>
> on the puppetmaster itself I ran
>
> puppetca --list
>
> saw the hostname
>
> and then ran:
>
> puppetca --sign hostname.domain.com
>
> and on the puppet node itself I went back and ran puppetd -tv
>
> and get the following error:
>
> err: Could not retrieve catalog from remote server: certificate verify
failed
> warning: Not using cache on failed catalog
> err: Could not retrieve catalog; skipping run
>
>
> If I do a puppetca --list --all on the puppetmaster, the server is
> registered with a mac address.
>
>
> Just curious has anyone seen this and how to resolve?
>
> Thanks
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Thanks,

Do you mean on the puppetmaster?



On Thu, Mar 24, 2011 at 11:22 AM, Sergey Zhuga <sergey.zhuga@gmail.com>
wrote:
> I was fighting with this issue today. Try to use FQDN in
''server'' directive.
>
> On 24.03.2011 16:50, Mike Franon wrote:
>>
>> So set up new node, ran on the client
>>
>> puppetd --server puppetmaster --waitforcert 60 --test
>>
>> on the puppetmaster itself I ran
>>
>> puppetca --list
>>
>> saw the hostname
>>
>> and then ran:
>>
>> puppetca --sign hostname.domain.com
>>
>> and on the puppet node itself I went back and ran puppetd -tv
>>
>> and get the following error:
>>
>> err: Could not retrieve catalog from remote server: certificate verify
>> failed
>> warning: Not using cache on failed catalog
>> err: Could not retrieve catalog; skipping run
>>
>>
>> If I do a puppetca --list --all on the puppetmaster, the server is
>> registered with a mac address.
>>
>>
>> Just curious has anyone seen this and how to resolve?
>>
>> Thanks
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On 03/24/2011 04:53 PM, Mike Franon wrote:
> Thanks,
> 
> Do you mean on the puppetmaster?
Hi,

probably not. It''s important that the client calls the puppetmaster by
the name that''s in the master''s certificate. So either user
--server=puppet.mydomain.org or the equivalent in puppet.conf.

If this doesn''t help, take a close look at your master''s
certificates to
determine what you should use for "server" in the client conf.

HTH,
Felix
> 
> 
> On Thu, Mar 24, 2011 at 11:22 AM, Sergey Zhuga
<sergey.zhuga@gmail.com> wrote:
>> I was fighting with this issue today. Try to use FQDN in
''server'' directive.
>>
>> On 24.03.2011 16:50, Mike Franon wrote:
>>>
>>> So set up new node, ran on the client
>>>
>>> puppetd --server puppetmaster --waitforcert 60 --test
>>>
>>> on the puppetmaster itself I ran
>>>
>>> puppetca --list
>>>
>>> saw the hostname
>>>
>>> and then ran:
>>>
>>> puppetca --sign hostname.domain.com
>>>
>>> and on the puppet node itself I went back and ran puppetd -tv
>>>
>>> and get the following error:
>>>
>>> err: Could not retrieve catalog from remote server: certificate
verify
>>> failed
>>> warning: Not using cache on failed catalog
>>> err: Could not retrieve catalog; skipping run
>>>
>>>
>>> If I do a puppetca --list --all on the puppetmaster, the server is
>>> registered with a mac address.
>>>
>>>
>>> Just curious has anyone seen this and how to resolve?
>>>
>>> Thanks
>>>
>>
>> --
>> You received this message because you are subscribed to the Google
Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscribe@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>>
> 
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.