Any light someone can shed sure would be appreciated. I start with 1 cert -- the master''s, where I am running this: jblaine@ip-10-191-115-140:~$ sudo puppet cert list --all + "ip-10-191-115-140.ec2.internal" (74:8B:7B:EF:41:E6:F9:98:93:15:42:6A:4C:2F:28:CC) (alt names: "DNS:ip-10-191-115-140.ec2.internal", "DNS:puppet", "DNS:puppet.ec2.internal") jblaine@ip-10-191-115-140:~$ I have quadruple-confirmed that is the only certificate in existence in /var/lib/puppet/ssl. I create a brand new EC2 instance and bootstrap it with the Cloud Provisioner: jblaine@ip-10-191-115-140:~$ puppet node_aws bootstrap --group=hadoop-nodes \ --keyname=jblaine --image=ami-82fa58eb --type=t1.micro \ --puppet-version=2.7.20 --login=ubuntu \ --keyfile=~/.ssh/jblaine-bld.pem \ --server=ip-10-191-115-140.ec2.internal --verbose ... notice: Waiting for SSH response ... Done info: Executing remote command ... info: Executing remote command ... Done notice: Installing Puppet ... info: Executing remote command ... info: Executing remote command ... Done info: Executing remote command ... info: Executing remote command ... Done notice: Puppet is now installed on: ec2-23-21-34-131.compute-1.amazonaws.com notice: No classification method selected notice: Signing certificate ... err: Signing certificate ... Failed err: Signing certificate error: Could not render to pson: The certificate retrieved from the master does not match the agent''s private key. Certificate fingerprint: E2:B3:43:ED:74:80:F7:6E:C0:3F:68:C2:95:74:40:AA Say what? jblaine@ip-10-191-115-140:~$ sudo puppet cert list jblaine@ip-10-191-115-140:~$ sudo puppet cert list --all + "ec2-23-21-34-131.compute-1.amazonaws.com-fc73179f-951d-88dc-9477-d4dcddc6f585" (01:FD:22:FA:90:76:78:AF:91:90:77:69:1A:7A:41:95) + "ip-10-191-115-140.ec2.internal" (74:8B:7B:EF:41:E6:F9:98:93:15:42:6A:4C:2F:28:CC) (alt names: "DNS:ip-10-191-115-140.ec2.internal", "DNS:puppet", "DNS:puppet.ec2.internal") jblaine@ip-10-191-115-140:~$ -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/O8UpAGKg8fcJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
I have even gone so far on the master as to completely uninstall the puppetmaster package, sudo rm -rf /var/lib/puppet/ssl, and reinstall the puppetmaster package on the master. Then provision a brand new EC2 instance with "puppet node_aws bootstrap..." Same result: The certificate retrieved from the master does not match the agent''s private key. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/nkShZrC8QR4J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Jens Fahnenbruck
2013-Apr-11 21:49 UTC
[Puppet Users] Re: Strange signing problem in AWS - stumped
I seem to have the same problem, did you solve it? On Thursday, December 13, 2012 6:05:00 PM UTC+1, jblaine wrote:> > I have even gone so far on the master as to completely uninstall the > puppetmaster package, > sudo rm -rf /var/lib/puppet/ssl, and reinstall the puppetmaster package on > the master. Then > provision a brand new EC2 instance with "puppet node_aws bootstrap..." > > Same result: The certificate retrieved from the master does not match the > agent''s private key. >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
On Thursday, April 11, 2013 5:49:16 PM UTC-4, Jens Fahnenbruck wrote:> I seem to have the same problem, did you solve it? >I did not solve the actual problem, no. I moved forward with the project by going to master-less Puppet.> > On Thursday, December 13, 2012 6:05:00 PM UTC+1, jblaine wrote: >> >> I have even gone so far on the master as to completely uninstall the >> puppetmaster package, >> sudo rm -rf /var/lib/puppet/ssl, and reinstall the puppetmaster package >> on the master. Then >> provision a brand new EC2 instance with "puppet node_aws bootstrap..." >> >> Same result: The certificate retrieved from the master does not match the >> agent''s private key. >> >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Michael O''Dea
2013-Apr-24 02:09 UTC
[Puppet Users] Re: Strange signing problem in AWS - stumped
I see this error all the time when I forget to sudo a puppet run. My only guess is that puppet agent is being run twice, once as root and once as ubuntu, and you''re seeing the results of the second run. I''m not familiar with the node_aws stuff however, I''ve worked up userdata profiles to do the same bootstrapping that is done with that facility. On Wednesday, December 12, 2012 8:56:26 PM UTC-5, jblaine wrote:> > Any light someone can shed sure would be appreciated. > > I start with 1 cert -- the master''s, where I am running this: > > jblaine@ip-10-191-115-140:~$ sudo puppet cert list --all > + "ip-10-191-115-140.ec2.internal" (74:8B:7B:EF:41:E6:F9:98:93:15:42:6A:4C:2F:28:CC) (alt names: "DNS:ip-10-191-115-140.ec2.internal", "DNS:puppet", "DNS:puppet.ec2.internal") > > jblaine@ip-10-191-115-140:~$ > > > I have quadruple-confirmed that is the only certificate in existence in /var/lib/puppet/ssl. > > > I create a brand new EC2 instance and bootstrap it with the Cloud Provisioner: > > > jblaine@ip-10-191-115-140:~$ puppet node_aws bootstrap --group=hadoop-nodes \ > > --keyname=jblaine --image=ami-82fa58eb --type=t1.micro \ > > --puppet-version=2.7.20 --login=ubuntu \ > > --keyfile=~/.ssh/jblaine-bld.pem \ > > --server=ip-10-191-115-140.ec2.internal --verbose > > ... > notice: Waiting for SSH response ... Done > info: Executing remote command ... > info: Executing remote command ... Done > notice: Installing Puppet ... > info: Executing remote command ... > info: Executing remote command ... Done > info: Executing remote command ... > info: Executing remote command ... Done > notice: Puppet is now installed on: ec2-23-21-34-131.compute-1.amazonaws.com > notice: No classification method selected > notice: Signing certificate ... > err: Signing certificate ... Failed > err: Signing certificate error: Could not render to pson: The certificate retrieved from the master does not match the agent''s private key. > Certificate fingerprint: E2:B3:43:ED:74:80:F7:6E:C0:3F:68:C2:95:74:40:AA > > > Say what? > > > jblaine@ip-10-191-115-140:~$ sudo puppet cert list > > jblaine@ip-10-191-115-140:~$ sudo puppet cert list --all > + "ec2-23-21-34-131.compute-1.amazonaws.com-fc73179f-951d-88dc-9477-d4dcddc6f585" (01:FD:22:FA:90:76:78:AF:91:90:77:69:1A:7A:41:95) > + "ip-10-191-115-140.ec2.internal" (74:8B:7B:EF:41:E6:F9:98:93:15:42:6A:4C:2F:28:CC) (alt names: "DNS:ip-10-191-115-140.ec2.internal", "DNS:puppet", "DNS:puppet.ec2.internal") > jblaine@ip-10-191-115-140:~$ > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Apparently Analagous Threads
- Not able to install puppet enterprise onn agent node using install command.
- Puppet Node Create?
- err: Signing certificate error
- err: Signing certificate error: Could not render to pson: getaddrinfo: Name or service not known
- Trouble using the dns_alt_names config option