Puppet users - Jul 2012 - Certificate verify failed when syncing to self

I am using puppet to control my master, but currently when the agent runs 
(on the master) I am getting "err: Could not retrieve catalog from remote 
server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate 
B: certificate verify failed.  This is often because the time is out of 
sync on the server or client"

What else can be the cause of this? The time can''t be out of sync -
it''s
the same VM that is both Agent and Master.

I have been able to successfully sync this way before but this is a dev 
environment so have been playing with my manifests and modules a lot.

I have not, however, touched my certs since those got working.

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/k6O_o_0TYN0J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Please disregard, my puppet.conf had accidentally gotten overwritten and it 
was trying to pull from the wrong master as a result.

On Tuesday, July 10, 2012 2:04:24 PM UTC-5, llo...@oreillyauto.com
wrote:
>
> I am using puppet to control my master, but currently when the agent runs 
> (on the master) I am getting "err: Could not retrieve catalog from
remote
> server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate 
> B: certificate verify failed.  This is often because the time is out of 
> sync on the server or client"
>
> What else can be the cause of this? The time can''t be out of sync
- it''s
> the same VM that is both Agent and Master.
>
> I have been able to successfully sync this way before but this is a dev 
> environment so have been playing with my manifests and modules a lot.
>
> I have not, however, touched my certs since those got working.
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/7JYxOTLiF1wJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

I''m having this issue, too.

On Tuesday, July 10, 2012 3:04:24 PM UTC-4, llowder
wrote:
>
> I am using puppet to control my master, but currently when the agent runs 
> (on the master) I am getting "err: Could not retrieve catalog from
remote
> server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate 
> B: certificate verify failed.  This is often because the time is out of 
> sync on the server or client"
>
> What else can be the cause of this? The time can''t be out of sync
- it''s
> the same VM that is both Agent and Master.
>
> I have been able to successfully sync this way before but this is a dev 
> environment so have been playing with my manifests and modules a lot.
>
> I have not, however, touched my certs since those got working.
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/7ERovy_zcpQJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Friday, November 2, 2012, hasufel wrote:
> I''m having this issue, too.

What version of Puppet?  Is the master using a different confdir than it
was in a previous version?  The semantics of the default confdir have
changed as of 3.0.

-Jeff
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

I''m using Puppet 2.7.14, on a CentOS 6.3 VM.  I''m using the VM
for both the
master and agent, and I was able to get things running using "puppet apply 
site.pp", but I can''t get things running with "puppet agent
--test"; it
gives me the following errors:

err: Could not retrieve catalog from remote server: SSL_connect returned=1 
errno=0 state=SSLv3 read server certificate B: certificate verify failed.  
This is often because the time is out of sync on the server or client
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read 
server certificate B: certificate verify failed.  This is often because the 
time is out of sync on the server or client

I have another VM (a copy of the original) that I use just as an agent 
(with the first VM as the master), and I''ve been getting that same
error on
there for even longer.

On Friday, November 2, 2012 5:08:52 PM UTC-4, Jeff McCune
wrote:
>
> On Friday, November 2, 2012, hasufel wrote:
>
>> I''m having this issue, too.
>
>
> What version of Puppet?  Is the master using a different confdir than it 
> was in a previous version?  The semantics of the default confdir have 
> changed as of 3.0.
>
> -Jeff 
>
>>  
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/wQDTRtrb-IkJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

I''ve tried clearing out the SSL directory and cleaning the
certificates,
but it''s still giving me the same errors.

On Friday, November 2, 2012 5:22:58 PM UTC-4, hasufel
wrote:
>
> I''m using Puppet 2.7.14, on a CentOS 6.3 VM.  I''m using
the VM for both
> the master and agent, and I was able to get things running using
"puppet
> apply site.pp", but I can''t get things running with
"puppet agent --test";
> it gives me the following errors:
>
> err: Could not retrieve catalog from remote server: SSL_connect returned=1 
> errno=0 state=SSLv3 read server certificate B: certificate verify failed.  
> This is often because the time is out of sync on the server or client
> warning: Not using cache on failed catalog
> err: Could not retrieve catalog; skipping run
> err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 
> read server certificate B: certificate verify failed.  This is often 
> because the time is out of sync on the server or client
>
> I have another VM (a copy of the original) that I use just as an agent 
> (with the first VM as the master), and I''ve been getting that same
error on
> there for even longer.
>
> On Friday, November 2, 2012 5:08:52 PM UTC-4, Jeff McCune wrote:
>>
>> On Friday, November 2, 2012, hasufel wrote:
>>
>>> I''m having this issue, too.
>>
>>
>> What version of Puppet?  Is the master using a different confdir than
it
>> was in a previous version?  The semantics of the default confdir have 
>> changed as of 3.0.
>>
>> -Jeff 
>>
>>>  
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/xCU_1D-vcQsJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Fri, Nov 2, 2012 at 2:24 PM, hasufel <meverett@hammers.com> wrote:
> I''ve tried clearing out the SSL directory and cleaning the
certificates,
> but it''s still giving me the same errors.

How is the master process being started?  Could you paste the exact command
with the complete argument vector if it''s from an init script, or your
rack
configuration if it''s using the rack middleware?

Similarly, How is the agent process being started?  Is it just puppet agent
--test as root?

-Jeff

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

To properly reply to you, I killed my puppet process, and restarted it, and 
somehow everything started working correctly with "puppet agent
--test",
from the master VM.  However, the agent VM is still giving the same error, 
so I guess it''s possible it''s now just a time issue.

The master process I usually start with "puppet master --mkusers", and
the
agent process I usually start with "puppet agent --test", both while
in
root.

On Friday, November 2, 2012 6:25:29 PM UTC-4, Jeff McCune
wrote:
>
> On Fri, Nov 2, 2012 at 2:24 PM, hasufel <meve...@hammers.com
<javascript:>
> > wrote:
>
>> I''ve tried clearing out the SSL directory and cleaning the
certificates,
>> but it''s still giving me the same errors.
>
>
> How is the master process being started?  Could you paste the exact 
> command with the complete argument vector if it''s from an init
script, or
> your rack configuration if it''s using the rack middleware?
>
> Similarly, How is the agent process being started?  Is it just puppet 
> agent --test as root?
>
> -Jeff
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/JAntXS8uf9IJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.