Strange signing problem in AWS - stumped
107 views
Skip to first unread message
jblaine
Dec 12, 2012, 8:56:26 PM12/12/12
to puppet...@googlegroups.com
Any light someone can shed sure would be appreciated.
jblaine@ip-10-191-115-140:~$ sudo puppet cert list --all + "ip-10-191-115-140.ec2.internal" (74:8B:7B:EF:41:E6:F9:98:93:15:42:6A:4C:2F:28:CC) (alt names: "DNS:ip-10-191-115-140.ec2.internal", "DNS:puppet", "DNS:puppet.ec2.internal")
jblaine@ip-10-191-115-140:~$
I have quadruple-confirmed that is the only certificate in existence in /var/lib/puppet/ssl.
I create a brand new EC2 instance and bootstrap it with the Cloud Provisioner:
jblaine@ip-10-191-115-140:~$ puppet node_aws bootstrap --group=hadoop-nodes \
--keyname=jblaine --image=ami-82fa58eb --type=t1.micro \
--puppet-version=2.7.20 --login=ubuntu \
--keyfile=~/.ssh/jblaine-bld.pem \
--server=ip-10-191-115-140.ec2.internal --verbose
... notice: Waiting for SSH response ... Done info: Executing remote command ... info: Executing remote command ... Done notice: Installing Puppet ... info: Executing remote command ... info: Executing remote command ... Done info: Executing remote command ... info: Executing remote command ... Done notice: Puppet is now installed on: ec2-23-21-34-131.compute-1.amazonaws.com notice: No classification method selected notice: Signing certificate ... err: Signing certificate ... Failed err: Signing certificate error: Could not render to pson: The certificate retrieved from the master does not match the agent's private key. Certificate fingerprint: E2:B3:43:ED:74:80:F7:6E:C0:3F:68:C2:95:74:40:AA
Say what?
jblaine@ip-10-191-115-140:~$ sudo puppet cert list
jblaine@ip-10-191-115-140:~$ sudo puppet cert list --all + "ec2-23-21-34-131.compute-1.amazonaws.com-fc73179f-951d-88dc-9477-d4dcddc6f585" (01:FD:22:FA:90:76:78:AF:91:90:77:69:1A:7A:41:95) + "ip-10-191-115-140.ec2.internal" (74:8B:7B:EF:41:E6:F9:98:93:15:42:6A:4C:2F:28:CC) (alt names: "DNS:ip-10-191-115-140.ec2.internal", "DNS:puppet", "DNS:puppet.ec2.internal") jblaine@ip-10-191-115-140:~$
jblaine
Dec 13, 2012, 12:05:00 PM12/13/12
to puppet...@googlegroups.com
I have even gone so far on the master as to completely uninstall the puppetmaster package,
sudo rm -rf /var/lib/puppet/ssl, and reinstall the puppetmaster package on the master. Then
provision a brand new EC2 instance with "puppet node_aws bootstrap..."
Same result: The certificate retrieved from the master does not match the agent's private key.
jblaine
Apr 12, 2013, 12:37:50 PM4/12/13
to puppet...@googlegroups.com
On Thursday, April 11, 2013 5:49:16 PM UTC-4, Jens Fahnenbruck wrote:
I seem to have the same problem, did you solve it?
I did not solve the actual problem, no.
I moved forward with the project by going to master-less Puppet.
Michael O'Dea
Apr 23, 2013, 10:09:06 PM4/23/13
to puppet...@googlegroups.com
I see this error all the time when I forget to sudo a puppet run. My only guess is that puppet agent is being run twice, once as root and once as ubuntu, and you're seeing the results of the second run. I'm not familiar with the node_aws stuff however, I've worked up userdata profiles to do the same bootstrapping that is done with that facility.
Reply all
Reply to author
Forward
0 new messages