Puppet users - Apr 2011 - err: Could not request certificate: [and then....??]

Google search is failing me today...

I''ve found a ton of troubleshooting guides that tell you what to do
when you get that error message from puppet agent. But all of the
examples include some sort of reason/message following that
string.....I get nothing.

Here''s as much detail on what I''ve done to date and where
I''m having
trouble...

Puppet master=============CentOS 5.x VM hosted at rackspace
let''s just call hostname=master.foo.com
puppet-2.6.7 installed
running the following command:
puppet master --verbose --no-daemonize --debug --logdest=console

I have an extremely simple site.pp located in /etc/puppet/
manifests...took it straight from the book "Pulling String with
Puppet"

file { "/etc/passwd":
 owner => "root",
 group => "bin",
 mode => 644,
}

If i run puppet agent against itself with:
puppet agent --server puppet.retailarchitects.com --verbose --debug --
waitforcert=60 --no-daemonize --test
works fine...

Puppet agent #1==========Centos 5.x VM hosted at rackspace
let''s just call hostname = agent.foo.com
puppet-2.6.7 installed
running the following command:
puppet agent --server=master.foo.com --verbose --debug --
waitforcert=60 --no-daemonize

works fine (i.e. had to sign the cert and all that on the master, but
it worked)

So at this point, I know a) master.foo.com has all TCP ports opened as
necessary, is configured correctly, etc.

Puppet agent #3==============Centos 5.x VM running on Parallels on my laptop.
Networking mode=shared (i.e. treats laptop as router/DHCP server)
puppet-2.6.7 installed
running the following command:
puppet agent --server=master.foo.com --verbose --debug --
waitforcert=60 --no-daemonize

I get the following output:
http://pastebin.com/mDcMdCmv

I''ve tried clearing out the /etc/puppet/ssl directory a couple of
times now. No joy.
I''ve checked that the cert file created on the agent matches the
hostname
I''ve double and triple checked that ''date'' returns
the same date/time
on master/agent.

Also tried switching to "bridged" network mode (i.e. local LAN sees VM
as another host and local router/dhcp assigns as normal). Same result.

Laptop has no firewall running at all, all ports in and out open. VM
has no iptables defined at all. I can ping master.foo.com just fine.

My first thought is...why the heck isn''t it telling me *why* it
can''t
request the cert?? Is there more logging or more verbose logging I
have to turn on to see that? At least that would give me some
clues....

Any help ~~~greatly~~~ appreciated!
-Rob

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

k

*really* weird...

tried it again, but without the no-daemonize....and it worked.

stopped the agent and started it again with no-daemonize, and now
everything''s fine....what the heck?


On Tue, Apr 5, 2011 at 3:54 PM, robneville73
<robertneville73@gmail.com>wrote:
> Google search is failing me today...
>
> I''ve found a ton of troubleshooting guides that tell you what to
do
> when you get that error message from puppet agent. But all of the
> examples include some sort of reason/message following that
> string.....I get nothing.
>
> Here''s as much detail on what I''ve done to date and where
I''m having
> trouble...
>
> Puppet master=============> CentOS 5.x VM hosted at rackspace
> let''s just call hostname=master.foo.com
> puppet-2.6.7 installed
> running the following command:
> puppet master --verbose --no-daemonize --debug --logdest=console
>
> I have an extremely simple site.pp located in /etc/puppet/
> manifests...took it straight from the book "Pulling String with
> Puppet"
>
> file { "/etc/passwd":
>  owner => "root",
>  group => "bin",
>  mode => 644,
> }
>
> If i run puppet agent against itself with:
> puppet agent --server puppet.retailarchitects.com --verbose --debug --
> waitforcert=60 --no-daemonize --test
> works fine...
>
> Puppet agent #1==========> Centos 5.x VM hosted at rackspace
> let''s just call hostname = agent.foo.com
> puppet-2.6.7 installed
> running the following command:
> puppet agent --server=master.foo.com --verbose --debug --
> waitforcert=60 --no-daemonize
>
> works fine (i.e. had to sign the cert and all that on the master, but
> it worked)
>
> So at this point, I know a) master.foo.com has all TCP ports opened as
> necessary, is configured correctly, etc.
>
> Puppet agent #3==============> Centos 5.x VM running on Parallels on my
laptop.
> Networking mode=shared (i.e. treats laptop as router/DHCP server)
> puppet-2.6.7 installed
> running the following command:
> puppet agent --server=master.foo.com --verbose --debug --
> waitforcert=60 --no-daemonize
>
> I get the following output:
> http://pastebin.com/mDcMdCmv
>
> I''ve tried clearing out the /etc/puppet/ssl directory a couple of
> times now. No joy.
> I''ve checked that the cert file created on the agent matches the
> hostname
> I''ve double and triple checked that ''date''
returns the same date/time
> on master/agent.
>
> Also tried switching to "bridged" network mode (i.e. local LAN
sees VM
> as another host and local router/dhcp assigns as normal). Same result.
>
> Laptop has no firewall running at all, all ports in and out open. VM
> has no iptables defined at all. I can ping master.foo.com just fine.
>
> My first thought is...why the heck isn''t it telling me *why* it
can''t
> request the cert?? Is there more logging or more verbose logging I
> have to turn on to see that? At least that would give me some
> clues....
>
> Any help ~~~greatly~~~ appreciated!
> -Rob
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.