thr3ads.net - Puppet users - [Puppet Users] Initial agent setup

If this information is useful, please help other people find it:
Share via:
Andthepharaohs
2013-May-22 08:30 UTC
[Puppet Users] Initial agent setup - signing procedure fails.

I''m following the instructions at 
http://docs.puppetlabs.com/guides/setting_up.html from "Start the Central 
Daemon",
but the signing procedure didn''t work first time and nothing happens on
a
rerun after cleaning up as instructed. 
I can''t see what (if anything!) I''ve done wrong, so
suggestions as to what
to investigate would be appreciated. Thanks.

Master and agent logs are interpolated below - I''m fairly certain
it''s as
chronological as is reasonably possible!

[root@ncqd-isghub01 ~]# id puppet
uid=52(puppet) gid=52(puppet) groups=52(puppet)
[root@ncqd-isghub01 ~]# pgrep pup
[root@ncqd-isghub01 ~]# ps -ef | grep puppet
root     29444 29421  0 07:32 pts/0    00:00:00 grep puppet
[root@ncqd-isghub01 ~]# puppet master
[root@ncqd-isghub01 ~]# ps -ef | grep puppet
puppet   29454     1  0 07:32 ?        00:00:00 /usr/bin/ruby 
/usr/bin/puppet master
root     29458 29421  0 07:32 pts/0    00:00:00 grep puppet

# puppet agent --server puppet --waitforcert 60 --test
info: Creating a new SSL key for ntm-igdev02.nott.ime.mycompany.com
warning: peer certificate won''t be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won''t be verified in this SSL session
warning: peer certificate won''t be verified in this SSL session
info: Caching certificate_request for ntm-igdev02.nott.ime.mycompany.com
warning: peer certificate won''t be verified in this SSL session
warning: peer certificate won''t be verified in this SSL session
warning: peer certificate won''t be verified in this SSL session
notice: Did not receive certificate
warning: peer certificate won''t be verified in this SSL session
info: Caching certificate for ntm-igdev02.nott.ime.mycompany.com
[root@ncqd-isghub01 ~]# puppet cert list
  "ntm-igdev02.nott.ime.mycompany.com" (MD5) 
DF:FA:7F:ED:B3:C6:EB:A7:15:6E:66:07:E3:D4:55:D1
[root@ncqd-isghub01 ~]# puppet cert --sign 
ntm-igdev02.nott.ime.mycompany.com
Notice: Signed certificate request for ntm-igdev02.nott.ime.mycompany.com
Notice: Removing file Puppet::SSL::CertificateRequest 
ntm-igdev02.nott.ime.mycompany.com at 
''/var/lib/puppet/ssl/ca/requests/ntm-igdev02.nott.ime.mycompany.com.pem''

err: Could not request certificate: The certificate retrieved from the 
master does not match the agent''s private key.
Certificate fingerprint: F5:9E:07:34:4B:59:AA:A9:7E:B1:78:A3:D2:CA:F9:52
To fix this, remove the certificate from both the master and the agent and 
then start a puppet run, which will automatically regenerate a certficate.
On the master:
  puppet cert clean ntm-igdev02.nott.ime.mycompany.com
On the agent:
  rm -f /var/opt/csw/puppet/ssl/certs/ntm-igdev02.nott.ime.mycompany.com.pem
  puppet agent -t
 err: Could not retrieve catalog from remote server: The certificate 
retrieved from the master does not match the agent''s private key.
Certificate fingerprint: F5:9E:07:34:4B:59:AA:A9:7E:B1:78:A3:D2:CA:F9:52
To fix this, remove the certificate from both the master and the agent and 
then start a puppet run, which will automatically regenerate a certficate.
On the master:
  puppet cert clean ntm-igdev02.nott.ime.mycompany.com
On the agent:
  rm -f /var/opt/csw/puppet/ssl/certs/ntm-igdev02.nott.ime.mycompany.com.pem
  puppet agent -t
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
err: Could not send report: SSL_CTX_use_PrivateKey:: key values mismatch

[root@ncqd-isghub01 ~]# puppet cert clean ntm-igdev02.nott.ime.mycompany.com
Notice: Revoked certificate with serial 3
Notice: Removing file Puppet::SSL::Certificate 
ntm-igdev02.nott.ime.mycompany.com at 
''/var/lib/puppet/ssl/ca/signed/ntm-igdev02.nott.ime.mycompany.com.pem''
Notice: Removing file Puppet::SSL::Certificate 
ntm-igdev02.nott.ime.mycompany.com at 
''/var/lib/puppet/ssl/certs/ntm-igdev02.nott.ime.mycompany.com.pem''
[root@ncqd-isghub01 ~]# puppet cert list
[root@ncqd-isghub01 ~

[root@ncqd-isghub01 init.d]# ./puppetmaster stop
Stopping puppetmaster: [  OK  ]
[root@ncqd-isghub01 init.d]# ps -ef | grep puppet
root     29552 29421  0 07:46 pts/0    00:00:00 grep puppet
[root@ncqd-isghub01 init.d]# ./puppetmaster start
Starting puppetmaster: [  OK  ]


# rm -f /var/opt/csw/puppet/ssl/certs/ntm-igdev02.nott.ime.mycompany.com.pem
# puppet agent -t
warning: peer certificate won''t be verified in this SSL session
warning: peer certificate won''t be verified in this SSL session
warning: peer certificate won''t be verified in this SSL session
Exiting; no certificate found and waitforcert is disabled
# puppet agent --server puppet --waitforcert 60 --test                    
warning: peer certificate won''t be verified in this SSL session
warning: peer certificate won''t be verified in this SSL session
warning: peer certificate won''t be verified in this SSL session
warning: peer certificate won''t be verified in this SSL session
notice: Did not receive certificate
warning: peer certificate won''t be verified in this SSL session
notice: Did not receive certificate
warning: peer certificate won''t be verified in this SSL session
notice: Did not receive certificate
warning: peer certificate won''t be verified in this SSL session
notice: Did not receive certificate
warning: peer certificate won''t be verified in this SSL session
notice: Did not receive certificate
err: Could not request certificate: Connection refused - connect(2)
^CCancelling startup
# puppet agent --server puppet --waitforcert 60 --test
warning: peer certificate won''t be verified in this SSL session
warning: peer certificate won''t be verified in this SSL session
warning: peer certificate won''t be verified in this SSL session
warning: peer certificate won''t be verified in this SSL session
notice: Did not receive certificate
warning: peer certificate won''t be verified in this SSL session
notice: Did not receive certificate
warning: peer certificate won''t be verified in this SSL session
notice: Did not receive certificate
warning: peer certificate won''t be verified in this SSL session
notice: Did not receive certificate
warning: peer certificate won''t be verified in this SSL session
notice: Did not receive certificate
warning: peer certificate won''t be verified in this SSL session
notice: Did not receive certificate
warning: peer certificate won''t be verified in this SSL session
notice: Did not receive certificate
warning: peer certificate won''t be verified in this SSL session
notice: Did not receive certificate
^CCancelling startup
# ]# 

[root@ncqd-isghub01 init.d]# puppet cert list
[root@ncqd-isghub01 init.d]# puppet cert list
[root@ncqd-isghub01 init.d]# puppet cert list
[root@ncqd-isghub01 init.d]# puppet cert list
[root@ncqd-isghub01 init.d]# 

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Puppet users - May 2013 - Initial agent setup - signing procedure fails.

[Puppet Users] Initial agent setup - signing procedure fails.
