FAQ
Hi

I've been struggling with Puppet 3.3.0 in what appears to be a bug so I'm
hoping this post invites some assistance.

My setup is 100% stock standard default..... with the exception of a single
dns entry (cname) of "puppet" which point to my master "adm6....."

I 've been running puppet 2.7.23 without any problems and decided to
upgrade to the latest version. In order to test 3.3.0, I installed to new
RHEL 6.4
boxes, added the puppetlabs-products repository and installed the latest
puppet (3.3.0)

Everything appears to work ...until I sign a test clients key....
  immediately after singing a client key, the puppetmaster (adm6.xx.xx.xx)
decided that I need
to clean it's OWEN client key.

[root@puppetmaster ~]#
[root@puppetmaster ~]#
[root@puppetmaster ~]# puppet ca list --all
+ adm6.xxx.xxx.xxx (SHA256)
9B:71:FB:A4:C2:06:F2:83:3E:40:55:CF:41:39:91:4F:F7:5C:45:8D:79:8E:D3:68:63:FD:B0:14:A6:AC:FE:59
   bbushby-linux.xxx.xxx.xxx (SHA256)
FF:11:53:FE:3C:85:75:33:2E:C0:8A:A1:00:BD:23:96:62:73:64:1F:8B:C8:5C:7D:65:7D:04:7F:8F:89:89:13
[root@puppetmaster ~]#

[root@puppetmaster ~]# puppet cert list
   "bbushby-linux.xxx.xxx.xxx" (SHA256)
FF:11:53:FE:3C:85:75:33:2E:C0:8A:A1:00:BD:23:96:62:73:64:1F:8B:C8:5C:7D:65:7D:04:7F:8F:89:89:13
[root@puppetmaster ~]#

[root@puppetmaster ~]# puppet cert sign bbushby-linux.xxx.xxx.xxx
Notice: Signed certificate request for bbushby-linux.xxx.xxx.xxx
Notice: Removing file Puppet::SSL::CertificateRequest
bbushby-linux.xxx.xxx.xxx at
'/var/lib/puppet/ssl/ca/requests/bbushby-linux.xxx.xxx.xxx.pem'
[root@puppetmaster ~]#

[root@puppetmaster ~]# puppet cert list -all
+ "adm6.xxx.xxx.xxx" (SHA256)
9B:71:FB:A4:C2:06:F2:83:3E:40:55:CF:41:39:91:4F:F7:5C:45:8D:79:8E:D3:68:63:FD:B0:14:A6:AC:FE:59
(alt names: "DNS:xxx.xxx.xxx.xxx", "DNS:puppet", "DNS:puppet.xxx.xxx.xxx")
+ "bbushby-linux.xxx.xxx.xxx" (SHA256)
B5:B7:2D:44:52:07:CA:DC:5C:99:3A:AC:24:29:85:A6:88:E9:0C:3B:54:30:71:4D:D0:FC:DC:3A:D5:E8:E2:52
[root@puppetmaster ~]#

[root@puppetmaster ~]# puppet ca list --all
Error: The certificate retrieved from the master does not match the agent's
private key.
Certificate fingerprint:
B5:B7:2D:44:52:07:CA:DC:5C:99:3A:AC:24:29:85:A6:88:E9:0C:3B:54:30:71:4D:D0:FC:DC:3A:D5:E8:E2:52
To fix this, remove the certificate from both the master and the agent and
then start a puppet run, which will automatically regenerate a certficate.
On the master:
   puppet cert clean adm6.xxx.xxx.xxx
On the agent:
   rm -f /var/lib/puppet/ssl/certs/adm6.xxx.xxx.xxx.pem
   puppet agent -t

Error: Try 'puppet help ca list' for usage
[root@puppetmaster ~]#


I have tried so many different setups, fresh OS installs ... all of it and
I am unable to sign a key and then run "pupppet ca list --all"


Anybody else have this issue?

Both my machines are RHEL 6.4
Both have ntp and correct UTC time
Both have exact same versions of rpms (puppetmaster has an extra rpm
"puppet-server")

I then dropped my puppet and puppet-server versions down to 3.2.4 ....same
problem (now I'm wondering if it is a bug...since it's happening across
versions)


These people appear to experience similar problems:
http://www.mail-archive.com/puppet-bugs@googlegroups.com/msg46757.html
http://projects.puppetlabs.com/issues/19680
http://comments.gmane.org/gmane.comp.sysutils.puppet.user/46356
http://thr3ads.net/puppet-users/2012/12/2238067-puppet-ca-list-all-ERROR
http://thr3ads.net/puppet-users/2007/10/186450-puppetca-is-unable-to-sign-certificate



Any ideas?

Thanks
Bruce



--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Search Discussions

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppuppet-users @
categoriespuppet
postedSep 19, '13 at 12:39p
activeSep 19, '13 at 12:39p
posts1
users1
websitepuppetlabs.com

1 user in discussion

Bruce Bushby: 1 post

People

Translate

site design / logo © 2022 Grokbase