hello list!! I''m having an issue where a client is not receiving it''s cert [root@ec2-50-16-98-245 ~]# puppetd -t --waitforcert 15 --server puppet.example.net info: Creating a new SSL key for ec2-xx-xx-xx-xxx.compute-1.amazonaws.com warning: peer certificate won''t be verified in this SSL session info: Caching certificate for ca warning: peer certificate won''t be verified in this SSL session warning: peer certificate won''t be verified in this SSL session info: Creating a new SSL certificate request for ec2-xx-xx-xx-xxx.compute-1.amazonaws.com info: Certificate Request fingerprint (md5): 93:17:4C:99:18:B9:8C:68:4E:2A:89:76:A4:28:04:81 warning: peer certificate won''t be verified in this SSL session warning: peer certificate won''t be verified in this SSL session warning: peer certificate won''t be verified in this SSL session warning: peer certificate won''t be verified in this SSL session notice: Did not receive certificate although the server is running and listening on 8140 [root@puppet ~]# lsof -i :8140 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME puppetmas 1694 puppet 7u IPv4 7222 TCP *:8140 (LISTEN) and nmap confirms port is open Starting Nmap 5.21 ( http://nmap.org ) at 2011-05-12 14:50 EDT Nmap scan report for puppet.example.net (xx.xx.xxx.xxx) Host is up (0.014s latency). rDNS record for xx.xx.xxx.xxx: ec2-xx-xx-xxx-xxx.compute-1.amazonaws.com PORT STATE SERVICE 8140/tcp open unknown Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds http is running [root@puppet puppet]# service httpd status httpd (pid 3606) is running... but the only errors I see are 404''s the only logs in the /var/log/masterhttp.log [2011-05-12 15:35:54] - -> /production/certificate/portero-fs.ec2.internal [2011-05-12 15:35:55] ec2-xx-xx-xxx-xxx.compute-1.amazonaws.com - - [12/May/2011:15:35:55 EDT] "GET /production/certificate/ec2-xx-xx-xxx-xxx.compute-1.amazonaws.com HTTP/1.1" 404 but the puppet client runs well on the puppet server itself... [root@puppet puppet]# puppetd -t info: Loading facts in mysql info: Loading facts in configured_ntp_servers info: Loading facts in mysql info: Loading facts in configured_ntp_servers info: Caching catalog for puppet.acadaca.net info: /Stage[main]/Centos/Tidy[/var/lib/amanda]: File does not exist info: /Stage[main]/Centos/Tidy[/etc/yum.repos.d/c5-media.repo]: File does not exist info: /Stage[main]/Centos/Tidy[/etc/yum.repos.d/CentOS.repo]: File does not exist info: /Stage[main]/Apache/Tidy[/etc/httpd/conf.d/ssl.conf]: File does not exist info: Applying configuration version ''1305227995'' notice: /Stage[main]/Centos/Exec[import dag key]/returns: executed successfully notice: /Stage[main]/Centos/Exec[import webtatic key]/returns: executed successfully notice: /Stage[main]/Centos/Exec[import remi key]/returns: executed successfully notice: Finished catalog run in 4.84 seconds I would appreciate any advice you may have... thanks! tim -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Hi Tim, Perhaps I am missing something in your output. There may be some actions implied that you took but where not shown. So excuse me if I am misunderstanding something. Did you take any actions on the server side while you were running ''puppetd -t --waitforcert 15 --server puppet.example.net''? What I see is you had the client send a certificate to the master in order to be signed, and when it was not signed in the amount of time you specified the client gave up. Did you use ''puppetca'' on the server side to sign the certificate? If not, what you see is the expected behavior, as nothing would be sent back if it was not signed. Marius Shermans Travel Media LLC. On May 12, 3:39 pm, Tim Dunphy <bluethu...@gmail.com> wrote:> hello list!! > > I''m having an issue where a client is not receiving it''s cert > > [root@ec2-50-16-98-245 ~]# puppetd -t --waitforcert 15 --server > puppet.example.net > info: Creating a new SSL key for ec2-xx-xx-xx-xxx.compute-1.amazonaws.com > warning: peer certificate won''t be verified in this SSL session > info: Caching certificate for ca > warning: peer certificate won''t be verified in this SSL session > warning: peer certificate won''t be verified in this SSL session > info: Creating a new SSL certificate request for > ec2-xx-xx-xx-xxx.compute-1.amazonaws.com > info: Certificate Request fingerprint (md5): > 93:17:4C:99:18:B9:8C:68:4E:2A:89:76:A4:28:04:81 > warning: peer certificate won''t be verified in this SSL session > warning: peer certificate won''t be verified in this SSL session > warning: peer certificate won''t be verified in this SSL session > warning: peer certificate won''t be verified in this SSL session > notice: Did not receive certificate > > although the server is running and listening on 8140 > > [root@puppet ~]# lsof -i :8140 > COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME > puppetmas 1694 puppet 7u IPv4 7222 TCP *:8140 (LISTEN) > > and nmap confirms port is open > > Starting Nmap 5.21 (http://nmap.org) at 2011-05-12 14:50 EDT > Nmap scan report for puppet.example.net (xx.xx.xxx.xxx) > Host is up (0.014s latency). > rDNS record for xx.xx.xxx.xxx: ec2-xx-xx-xxx-xxx.compute-1.amazonaws.com > PORT STATE SERVICE > 8140/tcp open unknown > > Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds > > http is running > > [root@puppet puppet]# service httpd status > httpd (pid 3606) is running... > > but the only errors I see are 404''s the only logs in the > /var/log/masterhttp.log > > [2011-05-12 15:35:54] - -> /production/certificate/portero-fs.ec2.internal > [2011-05-12 15:35:55] ec2-xx-xx-xxx-xxx.compute-1.amazonaws.com - - > [12/May/2011:15:35:55 EDT] "GET > /production/certificate/ec2-xx-xx-xxx-xxx.compute-1.amazonaws.com > HTTP/1.1" 404 > > but the puppet client runs well on the puppet server itself... > > [root@puppet puppet]# puppetd -t > info: Loading facts in mysql > info: Loading facts in configured_ntp_servers > info: Loading facts in mysql > info: Loading facts in configured_ntp_servers > info: Caching catalog for puppet.acadaca.net > info: /Stage[main]/Centos/Tidy[/var/lib/amanda]: File does not exist > info: /Stage[main]/Centos/Tidy[/etc/yum.repos.d/c5-media.repo]: File > does not exist > info: /Stage[main]/Centos/Tidy[/etc/yum.repos.d/CentOS.repo]: File > does not exist > info: /Stage[main]/Apache/Tidy[/etc/httpd/conf.d/ssl.conf]: File does not exist > info: Applying configuration version ''1305227995'' > notice: /Stage[main]/Centos/Exec[import dag key]/returns: executed successfully > notice: /Stage[main]/Centos/Exec[import webtatic key]/returns: > executed successfully > notice: /Stage[main]/Centos/Exec[import remi key]/returns: executed successfully > notice: Finished catalog run in 4.84 seconds > > I would appreciate any advice you may have... > > thanks! > > tim > -- > GPG me!! > > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Hello Marius, Thank you very much indeed for your prompt reply! It seems that I was under the impression that autosigning had been turned on on the puppet server. I see now that I was mistaken. Best regards, and be well good sir! tim On Thu, May 12, 2011 at 4:41 PM, Saurval <saurval@gmail.com> wrote:> Hi Tim, > > Perhaps I am missing something in your output. There may be some > actions implied that you took but where not shown. So excuse me if I > am misunderstanding something. > > Did you take any actions on the server side while you were running > ''puppetd -t --waitforcert 15 --server puppet.example.net''? What I see > is you had the client send a certificate to the master in order to be > signed, and when it was not signed in the amount of time you specified > the client gave up. Did you use ''puppetca'' on the server side to sign > the certificate? If not, what you see is the expected behavior, as > nothing would be sent back if it was not signed. > > Marius > Shermans Travel Media LLC. > > On May 12, 3:39 pm, Tim Dunphy <bluethu...@gmail.com> wrote: >> hello list!! >> >> I''m having an issue where a client is not receiving it''s cert >> >> [root@ec2-50-16-98-245 ~]# puppetd -t --waitforcert 15 --server >> puppet.example.net >> info: Creating a new SSL key for ec2-xx-xx-xx-xxx.compute-1.amazonaws.com >> warning: peer certificate won''t be verified in this SSL session >> info: Caching certificate for ca >> warning: peer certificate won''t be verified in this SSL session >> warning: peer certificate won''t be verified in this SSL session >> info: Creating a new SSL certificate request for >> ec2-xx-xx-xx-xxx.compute-1.amazonaws.com >> info: Certificate Request fingerprint (md5): >> 93:17:4C:99:18:B9:8C:68:4E:2A:89:76:A4:28:04:81 >> warning: peer certificate won''t be verified in this SSL session >> warning: peer certificate won''t be verified in this SSL session >> warning: peer certificate won''t be verified in this SSL session >> warning: peer certificate won''t be verified in this SSL session >> notice: Did not receive certificate >> >> although the server is running and listening on 8140 >> >> [root@puppet ~]# lsof -i :8140 >> COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME >> puppetmas 1694 puppet 7u IPv4 7222 TCP *:8140 (LISTEN) >> >> and nmap confirms port is open >> >> Starting Nmap 5.21 (http://nmap.org) at 2011-05-12 14:50 EDT >> Nmap scan report for puppet.example.net (xx.xx.xxx.xxx) >> Host is up (0.014s latency). >> rDNS record for xx.xx.xxx.xxx: ec2-xx-xx-xxx-xxx.compute-1.amazonaws.com >> PORT STATE SERVICE >> 8140/tcp open unknown >> >> Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds >> >> http is running >> >> [root@puppet puppet]# service httpd status >> httpd (pid 3606) is running... >> >> but the only errors I see are 404''s the only logs in the >> /var/log/masterhttp.log >> >> [2011-05-12 15:35:54] - -> /production/certificate/portero-fs.ec2.internal >> [2011-05-12 15:35:55] ec2-xx-xx-xxx-xxx.compute-1.amazonaws.com - - >> [12/May/2011:15:35:55 EDT] "GET >> /production/certificate/ec2-xx-xx-xxx-xxx.compute-1.amazonaws.com >> HTTP/1.1" 404 >> >> but the puppet client runs well on the puppet server itself... >> >> [root@puppet puppet]# puppetd -t >> info: Loading facts in mysql >> info: Loading facts in configured_ntp_servers >> info: Loading facts in mysql >> info: Loading facts in configured_ntp_servers >> info: Caching catalog for puppet.acadaca.net >> info: /Stage[main]/Centos/Tidy[/var/lib/amanda]: File does not exist >> info: /Stage[main]/Centos/Tidy[/etc/yum.repos.d/c5-media.repo]: File >> does not exist >> info: /Stage[main]/Centos/Tidy[/etc/yum.repos.d/CentOS.repo]: File >> does not exist >> info: /Stage[main]/Apache/Tidy[/etc/httpd/conf.d/ssl.conf]: File does not exist >> info: Applying configuration version ''1305227995'' >> notice: /Stage[main]/Centos/Exec[import dag key]/returns: executed successfully >> notice: /Stage[main]/Centos/Exec[import webtatic key]/returns: >> executed successfully >> notice: /Stage[main]/Centos/Exec[import remi key]/returns: executed successfully >> notice: Finished catalog run in 4.84 seconds >> >> I would appreciate any advice you may have... >> >> thanks! >> >> tim >> -- >> GPG me!! >> >> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. > >-- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.