On 11:55 Fri 03 Feb , micah wrote: > > Hi, > > Apollon Oikonomopoulos <apoi...@debian.org> writes: > > - puppet 4.8.2-1 will (hopefully) migrate to testing tomorrow, 3 days > > before the Freeze. This will be the first version in Stretch > > supporting Puppet 3 clients. > > This has migrated. I've upgraded my Stretch puppet4 server to 4.8.2-1 > and am testing it. > > Unfortunately, I've already found a problem. If I have a new puppet3 > node and I do: > > root@puppetdb:~# puppet agent -t > Exiting; no certificate found and waitforcert is disabled > root@puppetdb:~# > > It doesn't generate a CSR, there is no /var/lib/puppet/ssl > directory. Yes, this is puppet3 that is failing here, but I suspect it > is because it is not getting the right response from the master. > > On the master, I see nothing in the puppet logs, but I do see in the > apache logs: > > newpuppetmaster:8140 0.0.0.0 - - [03/Feb/2017:08:41:30 -0800] "GET > /production/certificate/puppetdb? HTTP/1.1" 404 5361 "-" "Ruby" > > but nothing else. The puppetmaster has no certs pending to be signed and > only has one cert signed (the puppetmaster itself). There is nothing in > /var/lib/puppet/ssl on the master besides the puppetmaster cert bits. > > I'm wondering if this works for others, or if maybe this part of the > puppet3 compatibility was missed?
>From the looks of it, you're using a Webrick puppetmaster. You should switch to puppet-master-passenger instead :) Apollon