Puppetmasterd not receiving certificate request
5,297 views
Skip to first unread message
mark risher
Feb 14, 2011, 8:55:02 PM2/14/11
to Puppet Users
Hi: I'm trying to configure Puppet on Ubuntu, and strangely I am never
able to generate a certificate because my server never shows any
pending certificate requests.
Put differently, on the server I am running puppetmasterd and on the
client I am able to connect to the server, but the client continues
printing
notice: Did not receive certificate
warning: peer certificate won't be verified in this SSL session
and yet the server never sees the request
mrisher@lab2$ puppetca --list
[nothing shows up]
mrisher@lab2$ puppetca --sign clientname.domain.com
clientname.domain.com
err: Could not call sign: Could not find certificate request for
clientname.domain.com
There was a suggestion that autosign was happening, but that does not
seem to be it. There is no autosign.conf file, and when I run
`puppetmasterd --no-daemonize -d -v` I receive the following output:
info: Could not find certificate for 'clientname.domain.com'
every time the client says
notice: Did not receive certificate
I checked the certs on the server and there don't seem to be any:
mrisher@lab2:~$ puppetca --list --all
mrisher@lab2:~$ sudo puppetca --list --all
+ lab2.domain.com // this is the server (master)
mrisher@lab2:~$ sudo puppetca --list
[blank line]
mrisher@lab2:~$
Note: This is mostly running the default install from Ubuntu, if that
gives any leads.
Thanks for any help out there.
able to generate a certificate because my server never shows any
pending certificate requests.
Put differently, on the server I am running puppetmasterd and on the
client I am able to connect to the server, but the client continues
printing
notice: Did not receive certificate
warning: peer certificate won't be verified in this SSL session
and yet the server never sees the request
mrisher@lab2$ puppetca --list
[nothing shows up]
mrisher@lab2$ puppetca --sign clientname.domain.com
clientname.domain.com
err: Could not call sign: Could not find certificate request for
clientname.domain.com
There was a suggestion that autosign was happening, but that does not
seem to be it. There is no autosign.conf file, and when I run
`puppetmasterd --no-daemonize -d -v` I receive the following output:
info: Could not find certificate for 'clientname.domain.com'
every time the client says
notice: Did not receive certificate
I checked the certs on the server and there don't seem to be any:
mrisher@lab2:~$ puppetca --list --all
mrisher@lab2:~$ sudo puppetca --list --all
+ lab2.domain.com // this is the server (master)
mrisher@lab2:~$ sudo puppetca --list
[blank line]
mrisher@lab2:~$
Note: This is mostly running the default install from Ubuntu, if that
gives any leads.
Thanks for any help out there.
Basil Kurian
Feb 14, 2011, 10:54:59 PM2/14/11
to puppet...@googlegroups.com
Set the IP of puppet master as hostname "puppet" on /etc/hosts file of client
That is something like
192.168.2.100 puppet.example.local puppet
--
Regards
Basil Kurian
That is something like
192.168.2.100 puppet.example.local puppet
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To post to this group, send email to puppet...@googlegroups.com.
To unsubscribe from this group, send email to puppet-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
--
Regards
Basil Kurian
Basil Kurian
Feb 14, 2011, 10:55:46 PM2/14/11
to puppet...@googlegroups.com
Then try puppetd --test on client--
Regards
Basil Kurian
Regards
Basil Kurian
mark risher
Feb 15, 2011, 12:19:00 AM2/15/11
to Puppet Users
Thanks for the suggestion. I set the /etc/host but that doesn't appear
any different from specifying --server xyz on the command line; my
client definitely seems to reach the server but still no certificate
is issued and the manifest file doesn't get downloaded:
--- CLIENT
mrisher@events1001:~$ sudo vi /etc/hosts
mrisher@events1001:~$ puppetd --test
mrisher@events1001:~$ puppetd --test --waitforcert 60
mrisher@lab2:~$ puppetca --list
mrisher@lab2:~$ sudo puppetca --list
mrisher@lab2:~$
I feel like I must be missing something really obvious. Is there a way
to telnet directly to the puppetmaster and issue a test that way? When
I telnet to port 8140 it immediately hangs up.
Thank you,
/m
any different from specifying --server xyz on the command line; my
client definitely seems to reach the server but still no certificate
is issued and the manifest file doesn't get downloaded:
--- CLIENT
mrisher@events1001:~$ sudo vi /etc/hosts
mrisher@events1001:~$ puppetd --test
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
Exiting; no certificate found and waitforcert is disabled
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
mrisher@events1001:~$ puppetd --test --waitforcert 60
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
notice: Did not receive certificate
--- SERVER
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
notice: Did not receive certificate
mrisher@lab2:~$ puppetca --list
mrisher@lab2:~$ sudo puppetca --list
I feel like I must be missing something really obvious. Is there a way
to telnet directly to the puppetmaster and issue a test that way? When
I telnet to port 8140 it immediately hangs up.
Thank you,
/m
Jeff McCune
Feb 15, 2011, 12:22:30 AM2/15/11
to puppet...@googlegroups.com
On Mon, Feb 14, 2011 at 11:19 PM, mark risher <mri...@impermium.com> wrote:
> Thanks for the suggestion. I set the /etc/host but that doesn't appear
> any different from specifying --server xyz on the command line; my
> client definitely seems to reach the server but still no certificate
> is issued and the manifest file doesn't get downloaded:
>
>
> --- CLIENT
> mrisher@events1001:~$ sudo vi /etc/hosts
> mrisher@events1001:~$ puppetd --test
> warning: peer certificate won't be verified in this SSL session
> warning: peer certificate won't be verified in this SSL session
> warning: peer certificate won't be verified in this SSL session
> Exiting; no certificate found and waitforcert is disabled
> mrisher@events1001:~$ puppetd --test --waitforcert 60
> warning: peer certificate won't be verified in this SSL session
> warning: peer certificate won't be verified in this SSL session
> warning: peer certificate won't be verified in this SSL session
> warning: peer certificate won't be verified in this SSL session
> notice: Did not receive certificate
>
>
> --- SERVER
> mrisher@lab2:~$ puppetca --list
>
> mrisher@lab2:~$ sudo puppetca --list
>
> mrisher@lab2:~$
> Thanks for the suggestion. I set the /etc/host but that doesn't appear
> any different from specifying --server xyz on the command line; my
> client definitely seems to reach the server but still no certificate
> is issued and the manifest file doesn't get downloaded:
>
>
> --- CLIENT
> mrisher@events1001:~$ sudo vi /etc/hosts
> mrisher@events1001:~$ puppetd --test
> warning: peer certificate won't be verified in this SSL session
> warning: peer certificate won't be verified in this SSL session
> warning: peer certificate won't be verified in this SSL session
> Exiting; no certificate found and waitforcert is disabled
> mrisher@events1001:~$ puppetd --test --waitforcert 60
> warning: peer certificate won't be verified in this SSL session
> warning: peer certificate won't be verified in this SSL session
> warning: peer certificate won't be verified in this SSL session
> warning: peer certificate won't be verified in this SSL session
> notice: Did not receive certificate
>
>
> --- SERVER
> mrisher@lab2:~$ puppetca --list
>
> mrisher@lab2:~$ sudo puppetca --list
>
> mrisher@lab2:~$
It really feels like the puppetca command is using a different ssldir
configuration setting than the puppet master process is. Could you
check puppetca --configprint ssldir and compare that with the ssldir
setting being used by the puppet master process?
Are you running in Passenger or some other setup?
> I feel like I must be missing something really obvious. Is there a way
> to telnet directly to the puppetmaster and issue a test that way? When
> I telnet to port 8140 it immediately hangs up.
This is because SSL is being used and your client isn't starting the
handshake. Unfortunately there's not an easy way to test things
without getting past the SSL layer, which is what you're having
trouble with.
Also, try pupeptca --list --all and see what certificates the CA _has_ signed.
Hope this helps,
--
Jeff McCune
http://www.puppetlabs.com/
mark risher
Feb 15, 2011, 12:25:14 AM2/15/11
to Puppet Users
If this helps, when I run `puppetd -d` I get a bunch of debug log
statements that may be pertinent: http://pastebins.com/index.php?show=567
Thx,
/m
statements that may be pertinent: http://pastebins.com/index.php?show=567
Thx,
/m
Jeff McCune
Feb 15, 2011, 12:50:13 AM2/15/11
to puppet...@googlegroups.com
On Mon, Feb 14, 2011 at 11:25 PM, mark risher <mri...@impermium.com> wrote:
> If this helps, when I run `puppetd -d` I get a bunch of debug log
> statements that may be pertinent: http://pastebins.com/index.php?show=567
> If this helps, when I run `puppetd -d` I get a bunch of debug log
> statements that may be pertinent: http://pastebins.com/index.php?show=567
As much information as you can provide about how you're running the
puppet master, what it's configuration is (--genconfig helps here),
and what puppetca --configprint ssldir says would be more helpful.
mark risher
Feb 15, 2011, 1:12:59 AM2/15/11
to Puppet Users
Thanks for the follow-up. Here is the puppetmasterd --genconf output:
http://pastebins.com/index.php?show=568; I have not made any changes
from the default, Ubuntu package installation, so the actual
puppet.conf file is just the pathnames.
I've been running the server using the `/etc/init.d/puppetmasterd
start` command. There is very little log output in the masterhttp.log,
but here's what I see:
root@lab2:/var/log/puppet# more masterhttp.log
[2011-02-14 22:04:57] INFO WEBrick 1.3.1
[2011-02-14 22:04:57] INFO ruby 1.8.7 (2010-01-10) [x86_64-linux]
[2011-02-14 22:04:57] INFO
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=ca
Validity
Not Before: Feb 14 01:20:25 2011 GMT
Not After : Feb 13 01:20:25 2016 GMT
Subject: CN=lab2.domain.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:d5:f0:60:01:99:43:a8:d5:ce:0f:67:d1:d0:b2:
<snip>
Exponent: 65537 (0x10001)
X509v3 extensions:
Netscape Comment:
Puppet Ruby/OpenSSL Generated Certificate
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
E8:82:E2:46:38:25:B8:1C:9B:89:A7:FC:7D:96:22:12:BE:
23:8E:9C
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client
Authentication, E-mail Protection
X509v3 Subject Alternative Name:
DNS:puppet, DNS:lab2.domain.com, DNS:puppet.domain.com
Signature Algorithm: sha1WithRSAEncryption
48:f5:6a:9a:c9:8d:69:7e:5a:e6:fa:38:c4:65:a4:5a:26:1e:
<snip>
[2011-02-14 22:04:57] INFO WEBrick::HTTPServer#start: pid=20959
port=8140
[2011-02-14 22:05:03] events.edgesentinel.com - - [14/Feb/
2011:22:05:03 PST] "GET /production/certificate/events1001.domain.com
HTTP/1.1" 404 51
[2011-02-14 22:05:03] - -> /production/certificate/
events1001.domain.com
[2011-02-14 22:05:03] events.edgesentinel.com - - [14/Feb/
2011:22:05:03 PST] "GET /production/certificate/events1001.domain.com
HTTP/1.1" 404 51
[2011-02-14 22:05:03] - -> /production/certificate/
events1001.domain.com
[2011-02-14 22:05:21] events.edgesentinel.com - - [14/Feb/
2011:22:05:21 PST] "GET /production/certificate/events1001.domain.com
HTTP/1.1" 404 51
[2011-02-14 22:05:21] - -> /production/certificate/
events1001.domain.com
[2011-02-14 22:05:50] events.edgesentinel.com - - [14/Feb/
2011:22:05:50 PST] "GET /production/certificate/events1001.domain.com
HTTP/1.1" 404 51
[2011-02-14 22:05:50] - -> /production/certificate/
events1001.domain.com
[2011-02-14 22:05:50] events.edgesentinel.com - - [14/Feb/
2011:22:05:50 PST] "GET /production/certificate/events1001.domain.com
HTTP/1.1" 404 51
[2011-02-14 22:05:50] - -> /production/certificate/
events1001.domain.com
[2011-02-14 22:05:50] events.edgesentinel.com - - [14/Feb/
2011:22:05:50 PST] "GET /production/certificate/events1001.domain.com
HTTP/1.1" 404 51
[2011-02-14 22:05:50] - -> /production/certificate/
events1001.domain.com
[2011-02-14 22:05:56] events.edgesentinel.com - - [14/Feb/
2011:22:05:56 PST] "GET /production/certificate/events1001.domain.com
HTTP/1.1" 404 51
[2011-02-14 22:05:56] - -> /production/certificate/
events1001.domain.com
[2011-02-14 22:05:57] INFO going to shutdown ...
[2011-02-14 22:05:57] INFO WEBrick::HTTPServer#start done.
root@lab2:/var/log/puppet#
Thanks again.
/m
http://pastebins.com/index.php?show=568; I have not made any changes
from the default, Ubuntu package installation, so the actual
puppet.conf file is just the pathnames.
I've been running the server using the `/etc/init.d/puppetmasterd
start` command. There is very little log output in the masterhttp.log,
but here's what I see:
root@lab2:/var/log/puppet# more masterhttp.log
[2011-02-14 22:04:57] INFO WEBrick 1.3.1
[2011-02-14 22:04:57] INFO ruby 1.8.7 (2010-01-10) [x86_64-linux]
[2011-02-14 22:04:57] INFO
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=ca
Validity
Not Before: Feb 14 01:20:25 2011 GMT
Not After : Feb 13 01:20:25 2016 GMT
Subject: CN=lab2.domain.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:d5:f0:60:01:99:43:a8:d5:ce:0f:67:d1:d0:b2:
<snip>
Exponent: 65537 (0x10001)
X509v3 extensions:
Netscape Comment:
Puppet Ruby/OpenSSL Generated Certificate
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
E8:82:E2:46:38:25:B8:1C:9B:89:A7:FC:7D:96:22:12:BE:
23:8E:9C
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client
Authentication, E-mail Protection
X509v3 Subject Alternative Name:
DNS:puppet, DNS:lab2.domain.com, DNS:puppet.domain.com
Signature Algorithm: sha1WithRSAEncryption
48:f5:6a:9a:c9:8d:69:7e:5a:e6:fa:38:c4:65:a4:5a:26:1e:
<snip>
[2011-02-14 22:04:57] INFO WEBrick::HTTPServer#start: pid=20959
port=8140
[2011-02-14 22:05:03] events.edgesentinel.com - - [14/Feb/
2011:22:05:03 PST] "GET /production/certificate/events1001.domain.com
HTTP/1.1" 404 51
[2011-02-14 22:05:03] - -> /production/certificate/
events1001.domain.com
[2011-02-14 22:05:03] events.edgesentinel.com - - [14/Feb/
2011:22:05:03 PST] "GET /production/certificate/events1001.domain.com
HTTP/1.1" 404 51
[2011-02-14 22:05:03] - -> /production/certificate/
events1001.domain.com
[2011-02-14 22:05:21] events.edgesentinel.com - - [14/Feb/
2011:22:05:21 PST] "GET /production/certificate/events1001.domain.com
HTTP/1.1" 404 51
[2011-02-14 22:05:21] - -> /production/certificate/
events1001.domain.com
[2011-02-14 22:05:50] events.edgesentinel.com - - [14/Feb/
2011:22:05:50 PST] "GET /production/certificate/events1001.domain.com
HTTP/1.1" 404 51
[2011-02-14 22:05:50] - -> /production/certificate/
events1001.domain.com
[2011-02-14 22:05:50] events.edgesentinel.com - - [14/Feb/
2011:22:05:50 PST] "GET /production/certificate/events1001.domain.com
HTTP/1.1" 404 51
[2011-02-14 22:05:50] - -> /production/certificate/
events1001.domain.com
[2011-02-14 22:05:50] events.edgesentinel.com - - [14/Feb/
2011:22:05:50 PST] "GET /production/certificate/events1001.domain.com
HTTP/1.1" 404 51
[2011-02-14 22:05:50] - -> /production/certificate/
events1001.domain.com
[2011-02-14 22:05:56] events.edgesentinel.com - - [14/Feb/
2011:22:05:56 PST] "GET /production/certificate/events1001.domain.com
HTTP/1.1" 404 51
[2011-02-14 22:05:56] - -> /production/certificate/
events1001.domain.com
[2011-02-14 22:05:57] INFO going to shutdown ...
[2011-02-14 22:05:57] INFO WEBrick::HTTPServer#start done.
root@lab2:/var/log/puppet#
Thanks again.
/m
Nan Liu
Feb 15, 2011, 1:36:01 AM2/15/11
to puppet...@googlegroups.com
On Mon, Feb 14, 2011 at 10:12 PM, mark risher <mri...@impermium.com> wrote:
> Thanks for the follow-up. Here is the puppetmasterd --genconf output:
> http://pastebins.com/index.php?show=568; I have not made any changes
> from the default, Ubuntu package installation, so the actual
> puppet.conf file is just the pathnames.
>
> I've been running the server using the `/etc/init.d/puppetmasterd
> start` command. There is very little log output in the masterhttp.log,
> but here's what I see:
> Thanks for the follow-up. Here is the puppetmasterd --genconf output:
> http://pastebins.com/index.php?show=568; I have not made any changes
> from the default, Ubuntu package installation, so the actual
> puppet.conf file is just the pathnames.
>
> I've been running the server using the `/etc/init.d/puppetmasterd
> start` command. There is very little log output in the masterhttp.log,
> but here's what I see:
Shutdown the service and run puppet master with the following flags to
get debug info:
puppet master --no-daemonize -v
Seems like the agent is just waiting for a certificate and you don't
have the CSR on the master. I'm not sure of a way to force the agent
to submit the CSR again. Since I don't have the exact directory
configuration, rather than asking you to copy the CSR to the server
I'm going to recommend cleaning the agent's ssl directory so it will
generate and submit the certificate request again.
With the master in verbose mode you should see the following: (using
demo.example.lan)
info: Could not find certificate for 'demo.example.lan'
info: Could not find certificate_request for 'demo.example.lan'
notice: demo.example.lan has a waiting certificate request
info: Could not find certificate for 'demo.example.lan'
info: Could not find certificate for 'demo.example.lan'
At this point you should have a certificate waiting to be signed.
Thanks,
Nan
Basil Kurian
Feb 15, 2011, 3:02:57 AM2/15/11
to puppet...@googlegroups.com
@ Mark
>> Thanks for the suggestion. I set the /etc/host but that doesn't appear
/etc/host or /etc/hosts ??
Is that a typo ?
--
Regards
Basil Kurian
>> Thanks for the suggestion. I set the /etc/host but that doesn't appear
Is that a typo ?
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To post to this group, send email to puppet...@googlegroups.com.
To unsubscribe from this group, send email to puppet-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
--
Regards
Basil Kurian
mark risher
Feb 15, 2011, 10:12:21 AM2/15/11
to Puppet Users
sorry, /etc/hosts. It was a typo in my bug report, I used the correct
filename on the client itself.
The routing issue is not the culprit -- puppetd is clearly able to
reach the puppetmasterd server -- so we're stuck somewhere inside
either what the client says or what the server responds with.
Still looking... thanks again,
/m
filename on the client itself.
The routing issue is not the culprit -- puppetd is clearly able to
reach the puppetmasterd server -- so we're stuck somewhere inside
either what the client says or what the server responds with.
Still looking... thanks again,
/m
mark risher
Feb 15, 2011, 3:33:04 PM2/15/11
to Puppet Users
Nan's suggestion worked. I thought I'd tried these steps but maybe not
in the right order.
Thank you, Nan!
Here were the steps:
mrisher@lab2:~$ sudo /etc/init.d//puppetmaster stop
* Stopping puppet configuration management tool master
server [ OK ]
mrisher@lab2:~$ sudo puppetmasterd --no-daemonize -v
notice: Starting Puppet server version 0.25.4
err: Removing mount files: /etc/puppet/files does not exist
info: access[^/catalog/([^/]+)$]: allowing 'method' find
info: access[^/catalog/([^/]+)$]: allowing $1 access
info: access[/certificate_revocation_list/ca]: allowing 'method' find
info: access[/certificate_revocation_list/ca]: allowing * access
info: access[/report]: allowing 'method' save
info: access[/report]: allowing * access
info: access[/file]: allowing * access
info: access[/certificate/ca]: adding authentication no
info: access[/certificate/ca]: allowing 'method' find
info: access[/certificate/ca]: allowing * access
info: access[/certificate/]: adding authentication no
info: access[/certificate/]: allowing 'method' find
info: access[/certificate/]: allowing * access
info: access[/certificate_request]: adding authentication no
info: access[/certificate_request]: allowing 'method' find
info: access[/certificate_request]: allowing 'method' save
info: access[/certificate_request]: allowing * access
info: access[/]: adding authentication any
info: Could not find certificate for 'events1001.domain.com'
info: Could not find certificate for 'events1001.domain.com'
info: Could not find certificate_request for 'events1001.domain.com'
notice: events1001.domain.com has a waiting certificate request
info: Could not find certificate for 'events1001.domain.com'
info: Could not find certificate for 'events1001.domain.com'
============
-- on CLIENT
============
mrisher@events1001:~$ rm -rf /home/mrisher/.puppet/
mrisher@events1001:~$ puppetd --server lab2.domain.com --waitforcert 5
--test
info: Creating a new SSL key for events1001.domain.com
info: Certificate Request fingerprint (md5): 6C:7D:9B:12:C5:5D:
77:55:0A:D9:AC:8E:9A:E6:51:CA
info: Caching certificate_revocation_list for ca
info: Caching catalog for events1001.domain.com
info: Applying configuration version '1297801836'
warning: Cannot manage ownership unless running as root
err: //File[/tmp/testfile]/ensure: change from absent to present
failed: failed to chgrp /tmp/testfile to 0: Operation not permitted - /
tmp/testfile
info: Creating state file /home/mrisher/.puppet/var/state/state.yaml
notice: Finished catalog run in 0.01 seconds
in the right order.
Thank you, Nan!
Here were the steps:
mrisher@lab2:~$ sudo /etc/init.d//puppetmaster stop
* Stopping puppet configuration management tool master
server [ OK ]
mrisher@lab2:~$ sudo puppetmasterd --no-daemonize -v
notice: Starting Puppet server version 0.25.4
err: Removing mount files: /etc/puppet/files does not exist
info: access[^/catalog/([^/]+)$]: allowing 'method' find
info: access[^/catalog/([^/]+)$]: allowing $1 access
info: access[/certificate_revocation_list/ca]: allowing 'method' find
info: access[/certificate_revocation_list/ca]: allowing * access
info: access[/report]: allowing 'method' save
info: access[/report]: allowing * access
info: access[/file]: allowing * access
info: access[/certificate/ca]: adding authentication no
info: access[/certificate/ca]: allowing 'method' find
info: access[/certificate/ca]: allowing * access
info: access[/certificate/]: adding authentication no
info: access[/certificate/]: allowing 'method' find
info: access[/certificate/]: allowing * access
info: access[/certificate_request]: adding authentication no
info: access[/certificate_request]: allowing 'method' find
info: access[/certificate_request]: allowing 'method' save
info: access[/certificate_request]: allowing * access
info: access[/]: adding authentication any
info: Could not find certificate for 'events1001.domain.com'
info: Could not find certificate for 'events1001.domain.com'
info: Could not find certificate_request for 'events1001.domain.com'
notice: events1001.domain.com has a waiting certificate request
info: Could not find certificate for 'events1001.domain.com'
info: Could not find certificate for 'events1001.domain.com'
============
-- on CLIENT
============
mrisher@events1001:~$ rm -rf /home/mrisher/.puppet/
mrisher@events1001:~$ puppetd --server lab2.domain.com --waitforcert 5
--test
info: Creating a new SSL key for events1001.domain.com
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for events1001.domain.com
warning: peer certificate won't be verified in this SSL session
info: Certificate Request fingerprint (md5): 6C:7D:9B:12:C5:5D:
77:55:0A:D9:AC:8E:9A:E6:51:CA
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
notice: Did not receive certificate
warning: peer certificate won't be verified in this SSL session
notice: Did not receive certificate
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
notice: Did not receive certificate
warning: peer certificate won't be verified in this SSL session
notice: Did not receive certificate
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for events1001.domain.com
info: Caching certificate_revocation_list for ca
info: Caching catalog for events1001.domain.com
info: Applying configuration version '1297801836'
warning: Cannot manage ownership unless running as root
err: //File[/tmp/testfile]/ensure: change from absent to present
failed: failed to chgrp /tmp/testfile to 0: Operation not permitted - /
tmp/testfile
info: Creating state file /home/mrisher/.puppet/var/state/state.yaml
notice: Finished catalog run in 0.01 seconds
Reply all
Reply to author
Forward
0 new messages