Hi Bhathiya, Please try the following steps;
1. Delete all certificates in Puppet master (rm -rf /var/lib/puppet/ssl/*) 2. Delete all certificates in Puppet agent (rm -rf /var/lib/puppet/ssl/*) You may use `puppet cert clean --all` command as well 3. Check puppet.conf in both Puppet agent and master Agent should point to master hostname server = puppet.example.com This hostname must resolve to corresponding IP address via DNS or hosts file mappings This hostname must be the Puppet master's system hostname. Or else it should be added as a property to puppet.conf in Puppet master instance dns_alt_names=puppet.example.com 4. Auto-signing should be enabled in puppet.conf in Puppet master. Or all the white-listed hostnames should be added to autosign.conf in Puppet master. autosign = true 5. Restart Puppet master service after modifying above config files. Thanks. On Tue, Feb 23, 2016 at 7:43 AM, Lahiru Sandaruwan <[email protected]> wrote: > Hi Bhathiya, > > Please check if the hostname(hostname command) is correctly set in puppet > master. Also, after the certificate clearance, remember to restart puppet > master. > > Thanks. > > On Tue, Feb 23, 2016 at 12:34 AM, Sajith Kariyawasam <[email protected]> > wrote: > >> Hi Bhathiya, >> >> Did you delete old certs in puppet master as explained in [1] ? From the >> commands you have listed, it seems you have deleted the certs in agent side >> only. >> [2] too provides some tips related to a similar issue. >> Also, if you are testing in an IaaS, please make sure all the necessary >> ports in puppet master instance are accessible from puppet agent instance. >> >> >> [1] >> http://serverfault.com/questions/515296/puppet-agent-certificate-verify-failure >> [2] >> http://stackoverflow.com/questions/4528101/ssl-connect-returned-1-errno-0-state-sslv3-read-server-certificate-b-certificat >> >> Thanks, >> Sajith >> >> On Tue, Feb 23, 2016 at 12:02 AM, Bhathiya Jayasekara <[email protected]> >> wrote: >> >>> Thanks for the prompt response Pubudu. I already tried that and got >>> below. >>> >>> root@apim-2:/opt# find /var/lib/puppet/ssl -name '*.pem' -exec rm {} \; >>> root@apim-2:/opt# puppet agent -t >>> Info: Creating a new SSL key for apim-2.openstacklocal >>> Info: Caching certificate for ca >>> Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml >>> Info: Creating a new SSL certificate request for apim-2.openstacklocal >>> Info: Certificate Request fingerprint (SHA256): >>> 74:F4:B5:D3:39:02:0F:D7:6D:88:0C:06:4B:55:1C:08:7C:B8:C9:3E:91:0F:B1:C9:1B:07:DE:27:BB:D1:D5:55 >>> Info: Caching certificate for apim-2.openstacklocal >>> Info: Caching certificate_revocation_list for ca >>> Error: Could not request certificate: SSL_connect returned=1 errno=0 >>> state=SSLv3 read server certificate B: certificate verify failed: >>> [certificate revoked for /CN=apim-2.openstacklocal] >>> >>> Thanks, >>> Bhathiya >>> >>> On Mon, Feb 22, 2016 at 11:52 PM, Pubudu Gunatilaka <[email protected]> >>> wrote: >>> >>>> Hi Bhathiya, >>>> >>>> Could you please check with this [1] ? I think you are having Error 4. >>>> >>>> [1] - >>>> http://suhan-opensource.blogspot.com/2014/10/puppet-master-agent-communication-errors.html >>>> >>>> Thank you! >>>> >>>> On Mon, Feb 22, 2016 at 11:47 PM, Bhathiya Jayasekara < >>>> [email protected]> wrote: >>>> >>>>> Hi all, >>>>> >>>>> I followed all the steps in [1]. But at the end I'm getting below cert >>>>> error. Can someone please help me to understand what's wrong? >>>>> >>>>> root@apim-2:/opt# ./setup.sh >>>>> ##################################################### >>>>> Starting cleanup >>>>> ##################################################### >>>>> ##################################################### >>>>> Setting up environment >>>>> ##################################################### >>>>> ##################################################### >>>>> Installing >>>>> ##################################################### >>>>> Warning: Unable to fetch my node definition, but the agent run will >>>>> continue: >>>>> Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server >>>>> certificate B: certificate verify failed: [certificate revoked for >>>>> /CN=apim-2.openstacklocal] >>>>> Info: Retrieving plugin >>>>> Error: /File[/var/lib/puppet/lib]: Failed to generate additional >>>>> resources using 'eval_generate': SSL_connect returned=1 errno=0 >>>>> state=SSLv3 >>>>> read server certificate B: certificate verify failed: [certificate revoked >>>>> for /CN=apim-2.openstacklocal] >>>>> Error: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect >>>>> returned=1 errno=0 state=SSLv3 read server certificate B: certificate >>>>> verify failed: [certificate revoked for /CN=apim-2.openstacklocal] Could >>>>> not retrieve file metadata for puppet://puppet/plugins: SSL_connect >>>>> returned=1 errno=0 state=SSLv3 read server certificate B: certificate >>>>> verify failed: [certificate revoked for /CN=apim-2.openstacklocal] >>>>> Error: Could not retrieve catalog from remote server: SSL_connect >>>>> returned=1 errno=0 state=SSLv3 read server certificate B: certificate >>>>> verify failed: [certificate revoked for /CN=apim-2.openstacklocal] >>>>> Warning: Not using cache on failed catalog >>>>> Error: Could not retrieve catalog; skipping run >>>>> Error: Could not send report: SSL_connect returned=1 errno=0 >>>>> state=SSLv3 read server certificate B: certificate verify failed: >>>>> [certificate revoked for /CN=apim-2.openstacklocal] >>>>> >>>>> [1] >>>>> https://github.com/wso2/puppet-modules/wiki/Use-WSO2-Puppet-Modules-in-puppet-master-agent-Environment >>>>> >>>>> Thanks, >>>>> >>>>> -- >>>>> *Bhathiya Jayasekara* >>>>> *Senior Software Engineer,* >>>>> *WSO2 inc., http://wso2.com <http://wso2.com>* >>>>> >>>>> *Phone: +94715478185 <%2B94715478185>* >>>>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >>>>> <http://www.linkedin.com/in/bhathiyaj>* >>>>> *Twitter: https://twitter.com/bhathiyax >>>>> <https://twitter.com/bhathiyax>* >>>>> *Blog: http://movingaheadblog.blogspot.com >>>>> <http://movingaheadblog.blogspot.com/>* >>>>> >>>>> _______________________________________________ >>>>> Dev mailing list >>>>> [email protected] >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> *Pubudu Gunatilaka* >>>> Committer and PMC Member - Apache Stratos >>>> Software Engineer >>>> WSO2, Inc.: http://wso2.com >>>> mobile : +94774079049 <%2B94772207163> >>>> >>>> >>> >>> >>> -- >>> *Bhathiya Jayasekara* >>> *Senior Software Engineer,* >>> *WSO2 inc., http://wso2.com <http://wso2.com>* >>> >>> *Phone: +94715478185 <%2B94715478185>* >>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >>> <http://www.linkedin.com/in/bhathiyaj>* >>> *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* >>> *Blog: http://movingaheadblog.blogspot.com >>> <http://movingaheadblog.blogspot.com/>* >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> Sajith Kariyawasam >> *Committer and PMC member, Apache Stratos, * >> *WSO2 Inc.; http://wso2.com <http://wso2.com>* >> *Mobile: 0772269575 <0772269575>* >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > -- > Lahiru Sandaruwan > Committer and PMC member, Apache Stratos, > Senior Software Engineer, > WSO2 Inc., http://wso2.com > lean.enterprise.middleware > > phone: +94773325954 > email: [email protected] blog: http://lahiruwrites.blogspot.com/ > linked-in: http://lk.linkedin.com/pub/lahiru-sandaruwan/16/153/146 > > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Akila Ravihansa Perera WSO2 Inc.; http://wso2.com/ Blog: http://ravihansa3000.blogspot.com
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
