I''m running in circles with this issue... I accidentally did a ''puppetca --clean --all'' and lost all certificates. I was able to get the puppetmaster running and re-created certificates for the client system, but I get the following error: warning: peer certificate won''t be verified in this SSL session info: Caching certificate for w0f.lagged.com info: Retrieving plugin err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using ''eval_generate'': certificate verify failed err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of resource: certificate verify failed Could not retrieve file metadata for puppet://puppet.lagged.com/plugins: certificate verify failed info: Loading facts in snmpd info: Loading facts in diskdrives info: Loading facts in snmpd info: Loading facts in diskdrives err: Could not retrieve catalog from remote server: certificate verify failed warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
When I did this in my test environment I removed the entire contents of the ssldir from the client to make sure that both the client & server cert were pulled down anew. On Wed, Nov 2, 2011 at 10:25 AM, TFML <mailinglist@theflux.net> wrote:> I''m running in circles with this issue... I accidentally did a ''puppetca --clean --all'' and lost all certificates. I was able to get the puppetmaster running and re-created certificates for the client system, but I get the following error: > > warning: peer certificate won''t be verified in this SSL session > info: Caching certificate for w0f.lagged.com > info: Retrieving plugin > err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using ''eval_generate'': certificate verify failed > err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of resource: certificate verify failed Could not retrieve file metadata for puppet://puppet.lagged.com/plugins: certificate verify failed > info: Loading facts in snmpd > info: Loading facts in diskdrives > info: Loading facts in snmpd > info: Loading facts in diskdrives > err: Could not retrieve catalog from remote server: certificate verify failed > warning: Not using cache on failed catalog > err: Could not retrieve catalog; skipping run > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
I''ve done that... I''ve checked the ntpd services and they''re sync in time... Here is what I''ve done, On master: rm -rf ssl /etc/rc.d/init.d/puppetmaster start Starting puppetmaster: [ OK ] ls ssl ca certificate_requests certs crl.pem private private_keys public_keys On client: rm -rf ssl puppetd --server=puppet.lagged.com --test info: Creating a new SSL key for w0f.lagged.com warning: peer certificate won''t be verified in this SSL session info: Caching certificate for ca warning: peer certificate won''t be verified in this SSL session warning: peer certificate won''t be verified in this SSL session info: Creating a new SSL certificate request for w0f.lagged.com warning: peer certificate won''t be verified in this SSL session warning: peer certificate won''t be verified in this SSL session warning: peer certificate won''t be verified in this SSL session Exiting; no certificate found and waitforcert is disabled On Master: puppetca --list w0f.lagged.com puppetca --sign w0f.lagged.com notice: Signed certificate request for w0f.lagged.com notice: Removing file Puppet::SSL::CertificateRequest w0f.lagged.com at ''/var/lib/puppet/ssl/ca/requests/w0f.lagged.com.pem'' On client: puppetd -t warning: peer certificate won''t be verified in this SSL session info: Caching certificate for w0f.lagged.com info: Retrieving plugin err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using ''eval_generate'': certificate verify failed err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of resource: certificate verify failed Could not retrieve file metadata for puppet://w0f.lagged.com/plugins: certificate verify failed err: Could not retrieve catalog from remote server: certificate verify failed warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run Any suggestions? On Nov 2, 2011, at 2:01 PM, Aaron Grewell wrote:> When I did this in my test environment I removed the entire contents > of the ssldir from the client to make sure that both the client & > server cert were pulled down anew. > > On Wed, Nov 2, 2011 at 10:25 AM, TFML <mailinglist@theflux.net> wrote: >> I''m running in circles with this issue... I accidentally did a ''puppetca --clean --all'' and lost all certificates. I was able to get the puppetmaster running and re-created certificates for the client system, but I get the following error: >> >> warning: peer certificate won''t be verified in this SSL session >> info: Caching certificate for w0f.lagged.com >> info: Retrieving plugin >> err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using ''eval_generate'': certificate verify failed >> err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of resource: certificate verify failed Could not retrieve file metadata for puppet://puppet.lagged.com/plugins: certificate verify failed >> info: Loading facts in snmpd >> info: Loading facts in diskdrives >> info: Loading facts in snmpd >> info: Loading facts in diskdrives >> err: Could not retrieve catalog from remote server: certificate verify failed >> warning: Not using cache on failed catalog >> err: Could not retrieve catalog; skipping run >> >> -- >> You received this message because you are subscribed to the Google Groups "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. >> For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. >> >> > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
I''m curious... the server FQDN is puppetmaster.lagged.com but I have the server as puppet.lagged.com, can that be the cause of the problem? If so how would I create the certificate to be valid for puppet.lagged.com and not be puppetmaster.lagged.com On Nov 2, 2011, at 2:01 PM, Aaron Grewell wrote:> When I did this in my test environment I removed the entire contents > of the ssldir from the client to make sure that both the client & > server cert were pulled down anew. > > On Wed, Nov 2, 2011 at 10:25 AM, TFML <mailinglist@theflux.net> wrote: >> I''m running in circles with this issue... I accidentally did a ''puppetca --clean --all'' and lost all certificates. I was able to get the puppetmaster running and re-created certificates for the client system, but I get the following error: >> >> warning: peer certificate won''t be verified in this SSL session >> info: Caching certificate for w0f.lagged.com >> info: Retrieving plugin >> err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using ''eval_generate'': certificate verify failed >> err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of resource: certificate verify failed Could not retrieve file metadata for puppet://puppet.lagged.com/plugins: certificate verify failed >> info: Loading facts in snmpd >> info: Loading facts in diskdrives >> info: Loading facts in snmpd >> info: Loading facts in diskdrives >> err: Could not retrieve catalog from remote server: certificate verify failed >> warning: Not using cache on failed catalog >> err: Could not retrieve catalog; skipping run >> >> -- >> You received this message because you are subscribed to the Google Groups "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. >> For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. >> >> > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
What version of Puppet are you using? The old method of doing this had a serious security problem, so the newer releases have a different config method for assigning the acceptable aliases for a cert. On Wed, Nov 2, 2011 at 11:26 AM, TFML <mailinglist@theflux.net> wrote:> I''m curious... the server FQDN is puppetmaster.lagged.com but I have the server as puppet.lagged.com, can that be the cause of the problem? If so how would I create the certificate to be valid for puppet.lagged.com and not be puppetmaster.lagged.com > On Nov 2, 2011, at 2:01 PM, Aaron Grewell wrote: > >> When I did this in my test environment I removed the entire contents >> of the ssldir from the client to make sure that both the client & >> server cert were pulled down anew. >> >> On Wed, Nov 2, 2011 at 10:25 AM, TFML <mailinglist@theflux.net> wrote: >>> I''m running in circles with this issue... I accidentally did a ''puppetca --clean --all'' and lost all certificates. I was able to get the puppetmaster running and re-created certificates for the client system, but I get the following error: >>> >>> warning: peer certificate won''t be verified in this SSL session >>> info: Caching certificate for w0f.lagged.com >>> info: Retrieving plugin >>> err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using ''eval_generate'': certificate verify failed >>> err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of resource: certificate verify failed Could not retrieve file metadata for puppet://puppet.lagged.com/plugins: certificate verify failed >>> info: Loading facts in snmpd >>> info: Loading facts in diskdrives >>> info: Loading facts in snmpd >>> info: Loading facts in diskdrives >>> err: Could not retrieve catalog from remote server: certificate verify failed >>> warning: Not using cache on failed catalog >>> err: Could not retrieve catalog; skipping run >>> >>> -- >>> You received this message because you are subscribed to the Google Groups "Puppet Users" group. >>> To post to this group, send email to puppet-users@googlegroups.com. >>> To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. >>> For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. >>> >>> >> >> -- >> You received this message because you are subscribed to the Google Groups "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. >> For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
I was able to resolve my own issue. It ended up being the SSL certificate, I had to recreate one manually on the master server. Thanks! On Nov 2, 2011, at 2:50 PM, Aaron Grewell wrote:> What version of Puppet are you using? The old method of doing this > had a serious security problem, so the newer releases have a different > config method for assigning the acceptable aliases for a cert. > > On Wed, Nov 2, 2011 at 11:26 AM, TFML <mailinglist@theflux.net> wrote: >> I''m curious... the server FQDN is puppetmaster.lagged.com but I have the server as puppet.lagged.com, can that be the cause of the problem? If so how would I create the certificate to be valid for puppet.lagged.com and not be puppetmaster.lagged.com >> On Nov 2, 2011, at 2:01 PM, Aaron Grewell wrote: >> >>> When I did this in my test environment I removed the entire contents >>> of the ssldir from the client to make sure that both the client & >>> server cert were pulled down anew. >>> >>> On Wed, Nov 2, 2011 at 10:25 AM, TFML <mailinglist@theflux.net> wrote: >>>> I''m running in circles with this issue... I accidentally did a ''puppetca --clean --all'' and lost all certificates. I was able to get the puppetmaster running and re-created certificates for the client system, but I get the following error: >>>> >>>> warning: peer certificate won''t be verified in this SSL session >>>> info: Caching certificate for w0f.lagged.com >>>> info: Retrieving plugin >>>> err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using ''eval_generate'': certificate verify failed >>>> err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of resource: certificate verify failed Could not retrieve file metadata for puppet://puppet.lagged.com/plugins: certificate verify failed >>>> info: Loading facts in snmpd >>>> info: Loading facts in diskdrives >>>> info: Loading facts in snmpd >>>> info: Loading facts in diskdrives >>>> err: Could not retrieve catalog from remote server: certificate verify failed >>>> warning: Not using cache on failed catalog >>>> err: Could not retrieve catalog; skipping run >>>> >>>> -- >>>> You received this message because you are subscribed to the Google Groups "Puppet Users" group. >>>> To post to this group, send email to puppet-users@googlegroups.com. >>>> To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. >>>> For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. >>>> >>>> >>> >>> -- >>> You received this message because you are subscribed to the Google Groups "Puppet Users" group. >>> To post to this group, send email to puppet-users@googlegroups.com. >>> To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. >>> For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. >>> >> >> -- >> You received this message because you are subscribed to the Google Groups "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. >> For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. >> >> > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.