puppet cert list yields no certs
218 views
Skip to first unread message
Matt Zagrabelny
Jan 7, 2016, 11:17:15 PM1/7/16
to puppet...@googlegroups.com
Greetings,
I am attempting to get a puppet 3.7 install off the ground. Please
don't ask me to upgrade to 4.X series. :)
On the puppet master (puppet-3-7.example.net):
# puppet master --no-daemonize --debug
[...]
Info: Not Found: Could not find certificate puppet-client.example.net
Debug: Routes Registered:
Debug: Route /^\/v2\.0/
Debug: Route /.*/
Debug: Evaluating match for Route /^\/v2\.0/
Debug: Did not match path ("/production/certificate/puppet-client.example.net")
Debug: Evaluating match for Route /.*/
Info: Not Found: Could not find certificate puppet-client.example.net
On the puppet client:
# puppet agent -t --server puppet-3-7 --debug
[...]
Debug: /File[/var/lib/puppet/ssl/private_keys/puppet-client.example.net.pem]:
Autorequiring File[/var/lib/puppet/ssl/private_keys]
Debug: /File[/var/lib/puppet/ssl/public_keys/puppet-client.example.net.pem]:
Autorequiring File[/var/lib/puppet/ssl/public_keys]
Debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring
File[/var/lib/puppet/ssl/certs]
Debug: /File[/var/lib/puppet/facts.d]: Autorequiring File[/var/lib/puppet]
Debug: Finishing transaction 10544780
Debug: Using cached certificate for ca
Debug: Using cached certificate for ca
Debug: Creating new connection for https://puppet-3-7:8140
Debug: Using cached certificate_request for puppet-client.example.net
Debug: Using cached certificate for ca
Debug: Creating new connection for https://puppet-3-7:8140
Debug: Creating new connection for https://puppet-3-7:8140
Debug: Using cached certificate_request for puppet-client.example.net
Debug: Using cached certificate for ca
Debug: Creating new connection for https://puppet-3-7:8140
Debug: Using cached certificate for ca
Debug: Creating new connection for https://puppet-3-7:8140
Exiting; no certificate found and waitforcert is disabled
Then on the master:
# puppet cert list
#
I have a 2.7 puppet environment that works very well and I am well
accustomed to dealing with the certs.
The auth.conf file looks okay, too:
# allow nodes to request a new certificate
path /certificate_request
auth any
method find, save
allow *
Can anyone help interpret the debug messages above? Or point me in the
correct direction?
Thanks!
-m
I am attempting to get a puppet 3.7 install off the ground. Please
don't ask me to upgrade to 4.X series. :)
On the puppet master (puppet-3-7.example.net):
# puppet master --no-daemonize --debug
[...]
Info: Not Found: Could not find certificate puppet-client.example.net
Debug: Routes Registered:
Debug: Route /^\/v2\.0/
Debug: Route /.*/
Debug: Evaluating match for Route /^\/v2\.0/
Debug: Did not match path ("/production/certificate/puppet-client.example.net")
Debug: Evaluating match for Route /.*/
Info: Not Found: Could not find certificate puppet-client.example.net
On the puppet client:
# puppet agent -t --server puppet-3-7 --debug
[...]
Debug: /File[/var/lib/puppet/ssl/private_keys/puppet-client.example.net.pem]:
Autorequiring File[/var/lib/puppet/ssl/private_keys]
Debug: /File[/var/lib/puppet/ssl/public_keys/puppet-client.example.net.pem]:
Autorequiring File[/var/lib/puppet/ssl/public_keys]
Debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring
File[/var/lib/puppet/ssl/certs]
Debug: /File[/var/lib/puppet/facts.d]: Autorequiring File[/var/lib/puppet]
Debug: Finishing transaction 10544780
Debug: Using cached certificate for ca
Debug: Using cached certificate for ca
Debug: Creating new connection for https://puppet-3-7:8140
Debug: Using cached certificate_request for puppet-client.example.net
Debug: Using cached certificate for ca
Debug: Creating new connection for https://puppet-3-7:8140
Debug: Creating new connection for https://puppet-3-7:8140
Debug: Using cached certificate_request for puppet-client.example.net
Debug: Using cached certificate for ca
Debug: Creating new connection for https://puppet-3-7:8140
Debug: Using cached certificate for ca
Debug: Creating new connection for https://puppet-3-7:8140
Exiting; no certificate found and waitforcert is disabled
Then on the master:
# puppet cert list
#
I have a 2.7 puppet environment that works very well and I am well
accustomed to dealing with the certs.
The auth.conf file looks okay, too:
# allow nodes to request a new certificate
path /certificate_request
auth any
method find, save
allow *
Can anyone help interpret the debug messages above? Or point me in the
correct direction?
Thanks!
-m
Peter Kristolaitis
Jan 7, 2016, 11:28:38 PM1/7/16
to puppet...@googlegroups.com
'puppet cert list' only shows unsigned certs.
'puppet cert list --all' will show all certs.
'puppet cert list --all' will show all certs.
Matt Zagrabelny
Jan 7, 2016, 11:35:01 PM1/7/16
to puppet...@googlegroups.com
Hey Peter,
On Thu, Jan 7, 2016 at 5:28 PM, Peter Kristolaitis <alt...@alter3d.ca> wrote:
> 'puppet cert list' only shows unsigned certs.
>
> 'puppet cert list --all' will show all certs.
I failed to mention it explicitly:
The client does not have a signed cert. I'm try to get the master to
"accept" the CSR from the client.
-m
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/568EF4A3.4020607%40alter3d.ca.
> For more options, visit https://groups.google.com/d/optout.
On Thu, Jan 7, 2016 at 5:28 PM, Peter Kristolaitis <alt...@alter3d.ca> wrote:
> 'puppet cert list' only shows unsigned certs.
>
> 'puppet cert list --all' will show all certs.
The client does not have a signed cert. I'm try to get the master to
"accept" the CSR from the client.
-m
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/568EF4A3.4020607%40alter3d.ca.
> For more options, visit https://groups.google.com/d/optout.
Peter Kristolaitis
Jan 7, 2016, 11:35:14 PM1/7/16
to puppet...@googlegroups.com
Apparently I was a little too quick on the send button. :(
To continue my previous email:
Does 'puppet cert list --all' show any certs at all?
From looking at your debug output, I suspect it won't show the client
cert you're looking for, but I just want to make sure.
To continue my previous email:
Does 'puppet cert list --all' show any certs at all?
From looking at your debug output, I suspect it won't show the client
cert you're looking for, but I just want to make sure.
Matt Zagrabelny
Jan 7, 2016, 11:41:31 PM1/7/16
to puppet...@googlegroups.com
On Thu, Jan 7, 2016 at 5:35 PM, Peter Kristolaitis <alt...@alter3d.ca> wrote:
> Apparently I was a little too quick on the send button. :(
>
> To continue my previous email:
>
> Does 'puppet cert list --all' show any certs at all?
Yep:
> Apparently I was a little too quick on the send button. :(
>
> To continue my previous email:
>
> Does 'puppet cert list --all' show any certs at all?
# puppet cert list --all
+ "puppet-client-1.example.net" (SHA256)
A3:73:DC:89:B2:13:D4:C5:7A:58:B9:EB:7E:6A:22:1C:36:97:BD:8F:4C:AD:18:39:2E:F8:10:2C:29:36:F6:82
+ "puppet-3-7.example.net" (SHA256)
E6:F6:7D:6C:D8:30:6C:AC:1E:B5:5D:29:E8:11:0C:CB:54:22:BA:B3:96:C1:E2:49:7A:48:CF:3E:F8:12:43:24
(alt names: "DNS:puppet-3-7", "DNS:puppet-3-7.example.net")
I don't remember what I did to get the master to accept the CSR of
puppet-client-1 earlier, but I did have similar issues where I ran the
client and the master didn't show any unsigned certs when running
"puppet cert list".
That was a few weeks ago. I'm just coming back to puppet 3.7 now.
-m
Felix Frank
Feb 7, 2016, 3:56:41 PM2/7/16
to puppet...@googlegroups.com
Hi,
is this issue still unresolved?
is this issue still unresolved?
Felix Frank
Feb 7, 2016, 3:59:04 PM2/7/16
to puppet...@googlegroups.com
On 02/07/2016 04:56 PM, Felix Frank wrote:
> Hi,
>
> is this issue still unresolved?
Ah, ignore please - getting back in the game, getting used to
> Hi,
>
> is this issue still unresolved?
Thunderbird (or Google Groups) breaking the threading on occasion :)
Reply all
Reply to author
Forward
0 new messages