Hi all, I ran into the following problem: Until now, i used fqdn as certname (i.e. had no certname defined in puppet.conf, so defaults applied) and everything worked fine. However, I wanted to use tthe short hostname as certname, so I redeployed the puppet.conf file, re-generated the certificates and signed them, and removed the old certificates from the master. Now I have the following status: - errors in dashboard: Could not retrieve catalog from remote server: Error 403 on SERVER: Forbidden request: <FQDN>(<IP>) access to /catalog/<HOSTNAME> [find] authenticated at line 3 - errors on puppet kick <HOSTNAME>: Host <HOSTNAME> failed: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed. This is often because the time is out of sync on the server or client <HOSTNAME> finished with exit code 2 Failed: <HOSTNAME> However, puppet agent --test works ok. Can you help me get to the bottom of this? Thanks. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Hi, On 06/08/2012 10:50 AM, Andrei-Florian Staicu wrote:> so I redeployed the > puppet.conf file, re-generated the certificates and signed them, and > removed the old certificates from the master. > > However, puppet agent --test works ok.are you running in agent mode (as opposed to cron)? Have you tried restarting one of the afflicted puppet agent processes? HTH, Felix -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Andrei-Florian Staicu
2012-Jun-08 09:00 UTC
Re: [Puppet Users] certname=hostname SSL errors
On Fri, Jun 8, 2012 at 11:54 AM, Felix Frank <felix.frank@alumni.tu-berlin.de> wrote:> Hi, > > On 06/08/2012 10:50 AM, Andrei-Florian Staicu wrote: >> so I redeployed the >> puppet.conf file, re-generated the certificates and signed them, and >> removed the old certificates from the master. >> >> However, puppet agent --test works ok. > > are you running in agent mode (as opposed to cron)? > > Have you tried restarting one of the afflicted puppet agent processes? >Naaaah, it couldn''t have been so simple!!! I hate myself. And ... thanks. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Possibly Parallel Threads
- upgrade to 3.0, ruby and rhel 5
- Template variable "hostname" not working with certname= parameter?
- how to trigger puppet run on agents remotely
- How to know the generated certname used by a puppet client, for reuse within erb (because of cloud provisioner) ?
- How can I set certname in managed puppet.conf?