Issue #12928 has been reported by Marek Kroemeke.
----------------------------------------
Bug #12928: Puppet 2.7.11 - initial CSR fails, client doesn't try to talk to
master to get it.
https://projects.puppetlabs.com/issues/12928
Author: Marek Kroemeke
Status: Unreviewed
Priority: Normal
Assignee:
Category:
Target version:
Affected Puppet version: 2.7.11
Keywords:
Branch:
Hello,
**master** <br>
Puppetmaster/puppet: 2.7.11 <br>
OS: RHEL6 <br>
Kernel: 2.6.32-131.0.15.el6.x86_64 <br>
**client** <br>
Puppet: 2.7.11 <br>
OS: RHEL6 <br>
Kernel: 2.6.32-220.4.1.el6.x86_64 <br>
I've upgraded from 2.7.9 to 2.7.11 and I noticed the following problem:
Server claims that "The certificate retrieved from the master does not match
the agent's private key." - all
files on the client end in /var/lib/puppet/ssl were removed and certificate was
also removed from the
master (puppetca --clean).
Further investigation revealed that <br>
**1.** it doesn't even try to connect to master (checked with tcpdump) <br>
**2.** downgrading the client to 2.7.9 fixes the problem<br>
err: Could not request certificate: The certificate retrieved from the
master does not match the agent's private key.
Certificate fingerprint: 6B:F8:D1:37:3A:0E:D5:00:99:DD:FB:11:FF:F5:3B:7E
To fix this, remove the certificate from both the master and the agent and
then start a puppet run, which will automatically regenerate a certficate.
On the master:
puppet cert clean irc001.back.egg.foo.local
On the agent:
rm -f /var/lib/puppet/ssl/certs/irc001.back.egg.foo.local.pem
puppet agent -t
Once certificate is signed - upgrading back to 2.7.11 is not breaking it (i.e.
puppet works as expected) which indicates that the problem is only there during
the signing process.
Best regards,
Marek Kroemeke
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
