Issue #12928 has been updated by Marek Kroemeke. Status changed from Unreviewed to Closed
Unclear what happened but it is working now. I'll reopen if I see this again though. ---------------------------------------- Bug #12928: Puppet 2.7.11 - initial CSR fails, client doesn't try to talk to master to get it. https://projects.puppetlabs.com/issues/12928#change-56068 Author: Marek Kroemeke Status: Closed Priority: Normal Assignee: Category: Target version: Affected Puppet version: 2.7.11 Keywords: Branch: Hello, **master** <br> Puppetmaster/puppet: 2.7.11 <br> OS: RHEL6 <br> Kernel: 2.6.32-131.0.15.el6.x86_64 <br> **client** <br> Puppet: 2.7.11 <br> OS: RHEL6 <br> Kernel: 2.6.32-220.4.1.el6.x86_64 <br> I've upgraded from 2.7.9 to 2.7.11 and I noticed the following problem: Server claims that "The certificate retrieved from the master does not match the agent's private key." - all files on the client end in /var/lib/puppet/ssl were removed and certificate was also removed from the master (puppetca --clean). Further investigation revealed that <br> **1.** it doesn't even try to connect to master (checked with tcpdump) <br> **2.** downgrading the client to 2.7.9 fixes the problem<br> err: Could not request certificate: The certificate retrieved from the master does not match the agent's private key. Certificate fingerprint: 6B:F8:D1:37:3A:0E:D5:00:99:DD:FB:11:FF:F5:3B:7E To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate. On the master: puppet cert clean irc001.back.egg.foo.local On the agent: rm -f /var/lib/puppet/ssl/certs/irc001.back.egg.foo.local.pem puppet agent -t Once certificate is signed - upgrading back to 2.7.11 is not breaking it (i.e. puppet works as expected) which indicates that the problem is only there during the signing process. Best regards, Marek Kroemeke -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
