Simple newbie question
41 views
Skip to first unread message
Jim Garrison
Mar 30, 2012, 7:06:31 PM3/30/12
to puppet...@googlegroups.com
Trying to set up a simple master/agent configuration on two VMware VMs. I startup the master and then try to start the agent, in waitforcert mode to submit its cert request. After receving the request on the master and signing it, I get this on the agent:
[jhg@vm2 puppet-2.7.12]$ sudo puppet agent --server vm1 --waitforcert 60 --test
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for vm2.jhmg.net
info: Certificate Request fingerprint (md5): E2:79:4A:81:21:56:7E:2A:9B:B2:3C:74:27:15:24:4C
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for vm2.jhmg.net
err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed. This is often because the time is out of sync on the server or client
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed. This is often because the time is out of sync on the server or client
I have already verified that the two VM clocks are synchronized to within a few ms of each other.
What ELSE could cause this?
[jhg@vm2 puppet-2.7.12]$ sudo puppet agent --server vm1 --waitforcert 60 --test
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for vm2.jhmg.net
info: Certificate Request fingerprint (md5): E2:79:4A:81:21:56:7E:2A:9B:B2:3C:74:27:15:24:4C
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for vm2.jhmg.net
err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed. This is often because the time is out of sync on the server or client
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed. This is often because the time is out of sync on the server or client
I have already verified that the two VM clocks are synchronized to within a few ms of each other.
What ELSE could cause this?
Len Rugen
Mar 30, 2012, 11:12:04 PM3/30/12
to puppet...@googlegroups.com
I think your master needs to sign the cert, on the master issue
puppet-ca --sign vm2.jhmg.net
You'll need to verify that syntax, it's from memory :-)
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/qDhj4dblhfAJ.
To post to this group, send email to puppet...@googlegroups.com.
To unsubscribe from this group, send email to puppet-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
John Kennedy
Apr 2, 2012, 5:08:38 AM4/2/12
to puppet...@googlegroups.com
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/qDhj4dblhfAJ.
To post to this group, send email to puppet...@googlegroups.com.
To unsubscribe from this group, send email to puppet-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Potentially talking out my back side...
Have you checked that the time zones are the same and DST is not a factor?
John
Reply all
Reply to author
Forward
0 new messages