I am attempting to implement puppet for a server block of 20. Have set it up and used for 2 months now. All of a sudden i get SSL problems. Here is what ive done: Server - removed Server SSL directory completely(/var/lib/puppetmaster/ssl). Server(Client) - removed Client SSL directory completely(/var/lib/puppet/ssl). Client - removed SSL directory completely(/var/lib/puppet/ssl). I have restarted puppetmaster. Verified its status. *snip* [root@puppet-server thomasjones]# /usr/sbin/puppetca --clean --all [root@puppet-server thomasjones]# /sbin/service puppetmaster start Starting puppetmaster: [ OK ] [root@puppet-server thomasjones]# /sbin/service puppetmaster status puppetmasterd (pid 19464) is running... *end snip* On the external client i have issued /usr/sbin/puppetd --server puppet-server.domain.com --verbose --no-daemonize --waitforcert 60 I receive: *snip* err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key *end snip* I check the puppetca: *snip* [root@puppet-server thomasjones]# /usr/sbin/puppetca --list --all + puppet-server.hitcents.com (D4:CE:87:80:3B:12:8B:94:48:B4:58:04:B6:F8:6D:68) *end snip* I would gladly do that if a key existed and i could sign a new one!!! ugh..... Versions are: [thomasjones@webserver htdocs]$ rpm -qi puppet Name : puppet Relocations: (not relocatable) Version : 2.7.5 Vendor: Dag Apt Repository, http://dag.wieers.com/apt/ Release : 1.el5.rf Build Date: Sun 16 Oct 2011 12:38:48 PM CDT [root@puppet-server thomasjones]# rpm -qi puppet-server Name : puppet-server Relocations: (not relocatable) Version : 2.7.5 Vendor: Dag Apt Repository, http://dag.wieers.com/apt/ Release : 1.el5.rf Build Date: Sun 16 Oct 2011 12:38:48 PM CDT -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Hi, sorry for following up late. On 02/02/2012 08:06 PM, Thomas Jones wrote:> /usr/sbin/puppetd --server puppet-server.domain.com --verbose > --no-daemonize --waitforcert 60It appears to me that your master...> [root@puppet-server thomasjones]# /usr/sbin/puppetca --list --all > + puppet-server.hitcents.com (D4:CE:87:80:3B:12:8B:94:48:B4:58:04:B6:F8:6D:68)...feels it has an FQDN that is not puppet-server.domain.com, but puppet-server.hitcents.com instead. Not sure if that''s your problem though. On the agent machine that complains about the mismatch, do a find /var/lib/puppet/ssl -type f Scrutinize the certs and keys you find. If in doubt, move them to a safe location and try again. HTH, Felix -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.