puppet-users-br err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=unknown sta

[Caio Pedroso]

Just installed the puppet master server in

and the client just installed the puppet

I managed to sign the certificates

root@Puppetmaster:/etc/puppet# puppet cert --list --all

+ "puppetclient" (96:9A:C3:8D:B6:72:A4:5F:01:AA:40:A9:95:3E:FB:D2)

+ "puppetmaster" (12:92:DF:EB:72:E5:DF:99:D8:22:CA:5F:22:3A:1D:61)

at the time I create the file site.pp in / etc / puppet / manifests / puppetmaster in

and will apply the client through the command puppet agent - test

the following message appears

root@Puppetclient:~#  puppet agent --test

err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: puppetmaster]

warning: Not using cache on failed catalog

err: Could not retrieve catalog; skipping run

err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: puppetmaster]

My hosts are well on the client

#.55 eh o cliente

#.145 eh o master

192.168.0.55     puppet 

192.168.0.145    puppetmaster

127.0.0.1       localhost

127.0.1.1       Puppetclient

# The following lines are desirable for IPv6 capable hosts

::1     localhost ip6-localhost ip6-loopback

ff02::1 ip6-allnodes

ff02::2 ip6-allrouters

And in the master hosts is well

192.168.0.55     puppet               

192.168.0.145    puppetmaster

127.0.0.1       localhost

127.0.1.1       Puppetmaster

# The following lines are desirable for IPv6 capable hosts

::1     localhost ip6-localhost ip6-loopback

ff02::1 ip6-allnodes

ff02::2 ip6-allrouters

AS site.pp settings are well on master

node puppetclient {

        include ntp

}

class ntpd {

        package { 'ntp':

                ensure => present,

        }

        service { 'ntp':

                ensure     => running,

        }

}

 

the File: / etc / puppet / puppet.conf the client is well

[main]

logdir=/var/log/puppet

vardir=/var/lib/puppet

ssldir=/var/lib/puppet/ssl

rundir=/var/run/puppet

factpath=$vardir/lib/facter

templatedir=$confdir/templates

prerun_command=/etc/puppet/etckeeper-commit-pre

postrun_command=/etc/puppet/etckeeper-commit-post

server=puppetmaster

[master]

# These are needed when the puppetmaster is run by passenger

# and can safely be removed if webrick is used.

ssl_client_header = SSL_CLIENT_S_DN

ssl_client_verify_header = SSL_CLIENT_VERIFY

And so in this MASTER

[main]

logdir=/var/log/puppet

vardir=/var/lib/puppet

ssldir=/var/lib/puppet/ssl

rundir=/var/run/puppet

factpath=$vardir/lib/facter

templatedir=$confdir/templates

prerun_command=/etc/puppet/etckeeper-commit-pre

postrun_command=/etc/puppet/etckeeper-commit-post

[master]

# These are needed when the puppetmaster is run by passenger

# and can safely be removed if webrick is used.

ssl_client_header = SSL_CLIENT_S_DN

ssl_client_verify_header = SSL_CLIENT_VERIFY

I do not know what to do anymore :/ already searched on google this error and nothing, if anyone can help me please, it's been awhile that I'm fighting with the puppet, the tutorial did not understand English very well, I am following the link we mentioned above, since thanks guys, sorry there anything.

[Felix Frank]

Hi,

on this agent machine, is there a /var/lib/puppet/ssl/certs/ca.pem?

If so, what is the output of

openssl x509 -issuer -subject -noout -in /var/lib/puppet/ssl/certs/ca.pem

Thanks,
Felix