Puppet Agent log messages while CSR is not signed

35 views
Skip to first unread message

bjoern pohl

unread,
Mar 21, 2014, 9:38:00 AM3/21/14
to puppet...@googlegroups.com
Hi,
we're currently deploying a lot of puppet clients, and when a client has been set up it generates a lot of messages ( 1 every 4 minutes ) saying that the CSR has not yet been signed by the master.

Since we're lazy admin's here ( :) ) it might take some days until someone hits the puppet cert sign button, so this messes up the client logs unnessecarily and application owners looking into the logs are scared what this message means :)

Is there any point where I can adjust the intveral where the puppet agent checks this? I think as long as has the client has not been ACked by the server it's enough to try once in an hour....

best regards,
Björn

Josh Cooper

unread,
Mar 21, 2014, 10:07:20 AM3/21/14
to puppet...@googlegroups.com
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/737abd45-ae37-4103-bd4c-362a441bc576%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Increase 'runinterval'. See the configuration reference for more details.

Josh


--
Josh Cooper
Developer, Puppet Labs

Join us at PuppetConf 2014September 23-24 in San Francisco - http://bit.ly/pupconf14
Register now and save $350! 

José Luis Ledesma

unread,
Mar 21, 2014, 10:20:36 AM3/21/14
to puppet...@googlegroups.com

Or you can use autosign.

Regards

To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CA%2Bu97umS6-SNfQN-cwJkBG84kuUVkeTt0mScmV1NT7jCcFycYA%40mail.gmail.com.

bjoern pohl

unread,
Mar 21, 2014, 10:27:00 AM3/21/14
to puppet...@googlegroups.com


Increase 'runinterval'. See the configuration reference for more details.

Josh


Hi Josh, that's what i wondered about. This setting is still default, so would have expected 30 minutes. But it tries every 240secs:
Mar 15 01:21:59 h0001 puppet-agent[14358]: Could not request certificate: execution expired
Mar 15 01:25:59 h0001 puppet-agent[14358]: Could not request certificate: execution expired
Mar 15 01:29:59 h0001 puppet-agent[14358]: Could not request certificate: execution expired
Mar 15 01:33:59 h0001 puppet-agent[14358]: Could not request certificate: execution expired


best regards,
Björn

bjoern pohl

unread,
Mar 21, 2014, 10:31:17 AM3/21/14
to puppet...@googlegroups.com


Am Freitag, 21. März 2014 15:20:36 UTC+1 schrieb Jose Luis Ledesma:

Or you can use autosign.

Regards


Hi Jose,
we're in a not-so-trustworthy network here -  so i can't override this security measurement :)

regards,
Björn
  
Reply all
Reply to author
Forward
0 new messages