Dear all, I just moved my puppet-server [*puppetmaster*] from one machine to another machine and regenerated the certificate(s) for the agent but since then I''m getting these error on the client:> > [root@farm021 puppet]# puppetd -t > info: Retrieving plugin > err: /File[/var/lib/puppet/lib]: Failed to generate additional resources > using ''eval_generate: certificate verify failed. This is often because the > time is out of sync on the server or client > err: /File[/var/lib/puppet/lib]: Could not evaluate: certificate verify > failed. This is often because the time is out of sync on the server or > client Could not retrieve file metadata for > puppet://puppet.xxx.xxx.xxx.ac.uk/plugins: certificate verify failed. This > is often because the time is out of sync on the server or client > info: Loading facts in dmide_code > [ .... ] > info: Loading facts in num_core > err: Could not retrieve catalog from remote server: certificate verify > failed. This is often because the time is out of sync on the server or > client > warning: Not using cache on failed catalog > err: Could not retrieve catalog; skipping run > err: Could not send report: certificate verify failed. This is often > because the time is out of sync on the server or client > >I already checked the date/time on the master and agent and they are synced. Does anyone know what might be the problem here? Cheers, San -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/7aVcX8KSrZ8J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Did you try nuking the certs completely? On Saturday, May 5, 2012 9:53:11 AM UTC-7, Sans wrote:> > Dear all, > > I just moved my puppet-server [*puppetmaster*] from one machine to > another machine and regenerated the certificate(s) for the agent but since > then I''m getting these error on the client: > > > >> >> [root@farm021 puppet]# puppetd -t >> info: Retrieving plugin >> err: /File[/var/lib/puppet/lib]: Failed to generate additional resources >> using ''eval_generate: certificate verify failed. This is often because the >> time is out of sync on the server or client >> err: /File[/var/lib/puppet/lib]: Could not evaluate: certificate verify >> failed. This is often because the time is out of sync on the server or >> client Could not retrieve file metadata for puppet:// >> puppet.xxx.xxx.xxx.ac.uk/plugins: certificate verify failed. This is >> often because the time is out of sync on the server or client >> info: Loading facts in dmide_code >> [ .... ] >> info: Loading facts in num_core >> err: Could not retrieve catalog from remote server: certificate verify >> failed. This is often because the time is out of sync on the server or >> client >> warning: Not using cache on failed catalog >> err: Could not retrieve catalog; skipping run >> err: Could not send report: certificate verify failed. This is often >> because the time is out of sync on the server or client >> >> > > I already checked the date/time on the master and agent and they are > synced. Does anyone know what might be the problem here? > > Cheers, > San > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/WEcEKAS6e_kJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
What exactly the procedure is? On the agent, I did this: # rm -f /var/lib/puppet/ssl/certs/*> # puppet certificate generate farm021.hep.phy.cam.ac.uk --ca-location > remote >and on the server: # puppetca clean --all> # /etc/init.d/puppetmaster star >Is this what did you mean? Cheers!! On Saturday, May 5, 2012 5:55:10 PM UTC+1, iceberg wrote:> > Did you try nuking the certs completely? > > On Saturday, May 5, 2012 9:53:11 AM UTC-7, Sans wrote: >> >> Dear all, >> >> I just moved my puppet-server [*puppetmaster*] from one machine to >> another machine and regenerated the certificate(s) for the agent but since >> then I''m getting these error on the client: >> >> >> >>> >>> [root@farm021 puppet]# puppetd -t >>> info: Retrieving plugin >>> err: /File[/var/lib/puppet/lib]: Failed to generate additional resources >>> using ''eval_generate: certificate verify failed. This is often because the >>> time is out of sync on the server or client >>> err: /File[/var/lib/puppet/lib]: Could not evaluate: certificate verify >>> failed. This is often because the time is out of sync on the server or >>> client Could not retrieve file metadata for puppet:// >>> puppet.xxx.xxx.xxx.ac.uk/plugins: certificate verify failed. This is >>> often because the time is out of sync on the server or client >>> info: Loading facts in dmide_code >>> [ .... ] >>> info: Loading facts in num_core >>> err: Could not retrieve catalog from remote server: certificate verify >>> failed. This is often because the time is out of sync on the server or >>> client >>> warning: Not using cache on failed catalog >>> err: Could not retrieve catalog; skipping run >>> err: Could not send report: certificate verify failed. This is often >>> because the time is out of sync on the server or client >>> >>> >> >> I already checked the date/time on the master and agent and they are >> synced. Does anyone know what might be the problem here? >> >> Cheers, >> San >> >>-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/8il7seKCxv0J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
What exactly the procedure is? On the agent, I did this: # rm -f /var/lib/puppet/ssl/certs/*> # puppet certificate generate farm021 --ca-location remote >and on the server: # puppetca clean --all> # /etc/init.d/puppetmaster start >Is that what you meant? Cheers!! On Saturday, May 5, 2012 5:55:10 PM UTC+1, iceberg wrote:> > Did you try nuking the certs completely? > > On Saturday, May 5, 2012 9:53:11 AM UTC-7, Sans wrote: >> >> Dear all, >> >> I just moved my puppet-server [*puppetmaster*] from one machine to >> another machine and regenerated the certificate(s) for the agent but since >> then I''m getting these error on the client: >> >> >> >>> >>> [root@farm021 puppet]# puppetd -t >>> info: Retrieving plugin >>> err: /File[/var/lib/puppet/lib]: Failed to generate additional resources >>> using ''eval_generate: certificate verify failed. This is often because the >>> time is out of sync on the server or client >>> err: /File[/var/lib/puppet/lib]: Could not evaluate: certificate verify >>> failed. This is often because the time is out of sync on the server or >>> client Could not retrieve file metadata for puppet:// >>> puppet.xxx.xxx.xxx.ac.uk/plugins: certificate verify failed. This is >>> often because the time is out of sync on the server or client >>> info: Loading facts in dmide_code >>> [ .... ] >>> info: Loading facts in num_core >>> err: Could not retrieve catalog from remote server: certificate verify >>> failed. This is often because the time is out of sync on the server or >>> client >>> warning: Not using cache on failed catalog >>> err: Could not retrieve catalog; skipping run >>> err: Could not send report: certificate verify failed. This is often >>> because the time is out of sync on the server or client >>> >>> >> >> I already checked the date/time on the master and agent and they are >> synced. Does anyone know what might be the problem here? >> >> Cheers, >> San >> >>-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/p8zleKSucwwJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Yes, but nuke the certs on the master too - delete the /var/lib/puppet/ssl/certs/*. You want everything regenerated. On Saturday, May 5, 2012 10:22:47 AM UTC-7, Sans wrote:> > What exactly the procedure is? On the agent, I did this: > > # rm -f /var/lib/puppet/ssl/certs/* >> # puppet certificate generate farm021 --ca-location remote >> > > and on the server: > > # puppetca clean --all >> # /etc/init.d/puppetmaster start >> > > > Is that what you meant? Cheers!! > > > > On Saturday, May 5, 2012 5:55:10 PM UTC+1, iceberg wrote: >> >> Did you try nuking the certs completely? >> >> On Saturday, May 5, 2012 9:53:11 AM UTC-7, Sans wrote: >>> >>> Dear all, >>> >>> I just moved my puppet-server [*puppetmaster*] from one machine to >>> another machine and regenerated the certificate(s) for the agent but since >>> then I''m getting these error on the client: >>> >>> >>> >>>> >>>> [root@farm021 puppet]# puppetd -t >>>> info: Retrieving plugin >>>> err: /File[/var/lib/puppet/lib]: Failed to generate additional >>>> resources using ''eval_generate: certificate verify failed. This is often >>>> because the time is out of sync on the server or client >>>> err: /File[/var/lib/puppet/lib]: Could not evaluate: certificate verify >>>> failed. This is often because the time is out of sync on the server or >>>> client Could not retrieve file metadata for puppet:// >>>> puppet.xxx.xxx.xxx.ac.uk/plugins: certificate verify failed. This is >>>> often because the time is out of sync on the server or client >>>> info: Loading facts in dmide_code >>>> [ .... ] >>>> info: Loading facts in num_core >>>> err: Could not retrieve catalog from remote server: certificate verify >>>> failed. This is often because the time is out of sync on the server or >>>> client >>>> warning: Not using cache on failed catalog >>>> err: Could not retrieve catalog; skipping run >>>> err: Could not send report: certificate verify failed. This is often >>>> because the time is out of sync on the server or client >>>> >>>> >>> >>> I already checked the date/time on the master and agent and they are >>> synced. Does anyone know what might be the problem here? >>> >>> Cheers, >>> San >>> >>>-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/14STQvi-CPkJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Thanks! That part is working now. cheers!! On Monday, May 7, 2012 5:42:57 PM UTC+1, iceberg wrote:> > Yes, but nuke the certs on the master too - delete the > /var/lib/puppet/ssl/certs/*. You want everything regenerated. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/dFSroETQ8W4J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.