This looks a lot like this problem: http://projects.reductivelabs.com/issues/2890 Have you tried rm -rf /etc/puppet/ssl on the client? Or you are avoiding exactly that? In 0.25.1 puppet seems to force the usage of the cached certificates despite the fact that some of the data may be wrong, so you should try to clean the ca certificate (in case the ca certificate changed), the certificate request and as a last resort the private key. All this is done by the above rm. (not sure if you knew all that so that's why I'm mentioning).
Silviu paul matthews wrote: > After further investigation it seems the problem exists with new > 0.25.1 clients > > On the server I run:- > puppetca --clean client.hostname > > On the client I run :- > rm /etc/puppet/ssl/certs/client.hostname.pem > > Followed by the command that brings up the error > > # /opt/csw/bin/puppetd --trace --debug --test --factsync --server > server.hostname.com <http://server.hostname.com> > > debug: Failed to load library 'shadow' for feature 'libshadow' > debug: Puppet::Type::User::ProviderDirectoryservice: file > /usr/bin/dscl does not exist > debug: Puppet::Type::User::ProviderPw: file pw does not exist > debug: Failed to load library 'ldap' for feature 'ldap' > debug: Puppet::Type::User::ProviderLdap: feature ldap is missing > debug: /File[/var/puppet/run/puppetd.pid]: Autorequiring > File[/var/puppet/run] > debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring > File[/etc/puppet/ssl] > debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring > File[/etc/puppet/ssl] > debug: /File[/var/puppet/lib]: Autorequiring File[/var/puppet] > debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/ssl] > debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring > File[/etc/puppet/ssl] > debug: /File[/var/puppet/clientbucket]: Autorequiring File[/var/puppet] > debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet] > debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring > File[/etc/puppet/ssl/certs] > debug: /File[/var/puppet/run]: Autorequiring File[/var/puppet] > debug: /File[/var/puppet/log]: Autorequiring File[/var/puppet] > debug: /File[/etc/puppet/ssl/private_keys/client.hostname.com.pem]: > Autorequiring File[/etc/puppet/ssl/private_keys] > debug: /File[/var/puppet/state/graphs]: Autorequiring > File[/var/puppet/state] > debug: /File[/var/puppet/state]: Autorequiring File[/var/puppet] > debug: /File[/var/puppet/facts]: Autorequiring File[/var/puppet] > debug: /File[/var/puppet/client_yaml]: Autorequiring File[/var/puppet] > debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/ssl] > debug: /File[/etc/puppet/ssl/public_keys/client.hostname.com.pem]: > Autorequiring File[/etc/puppet/ssl/public_keys] > debug: Finishing transaction 75308830 with 0 changes > debug: Using cached certificate for ca > warning: peer certificate won't be verified in this SSL session > debug: Using cached certificate_request for client.hostname.com > <http://client.hostname.com> > debug: Using cached certificate for ca > warning: peer certificate won't be verified in this SSL session > debug: Using cached certificate for ca > warning: peer certificate won't be verified in this SSL session > Exiting; no certificate found and waitforcert is disabled > > I'm afraid it has me really stumped for ideas though > > Paul > > 2009/12/14 paul matthews <paulsmatth...@googlemail.com > <mailto:paulsmatth...@googlemail.com>> > > Thanks Ohad for pointing this out - schoolboy error on my part. > Unfortunately, this has not fixed things - both server and client > are running 25.1. > Do you know of anything else that may be causing this > > Thanks > Paul > > 2009/12/14 Ohad Levy <ohadl...@gmail.com <mailto:ohadl...@gmail.com>> > > server must be newer or equal to the clients...... > > Ohad > > On Mon, Dec 14, 2009 at 7:36 PM, paul matthews > <paulsmatth...@googlemail.com > <mailto:paulsmatth...@googlemail.com>> wrote: > > Hi, > I'm not too sure why this has cropped up after working > fine for months but on new clients I get the following > errors:- > Thanks > # puppetd --test > warning: peer certificate won't be verified in this SSL > session > warning: peer certificate won't be verified in this SSL > session > warning: peer certificate won't be verified in this SSL > session > Exiting; no certificate found and waitforcert is disabled > > Most of the articles I've read suggest a much earlier bug. > As it's a closed test environment I've set autosign = > true in /etc/puppet.conf > > Does anyone know how I get round this. Clients are running > 0.25.1, server = 0.24.8 > > Thanks > Paul > > > -- > Paul Matthews > > ---------------------------------------------------------------------- > > -- > > You received this message because you are subscribed to > the Google Groups "Puppet Users" group. > To post to this group, send email to > puppet-users@googlegroups.com > <mailto:puppet-users@googlegroups.com>. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com > <mailto:puppet-users%2bunsubscr...@googlegroups.com>. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > > -- > > You received this message because you are subscribed to the > Google Groups "Puppet Users" group. > To post to this group, send email to > puppet-users@googlegroups.com > <mailto:puppet-users@googlegroups.com>. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com > <mailto:puppet-users%2bunsubscr...@googlegroups.com>. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > > > > -- > Paul Matthews > ---------------------------------------------------------------------- > > > > > -- > Paul Matthews > ---------------------------------------------------------------------- > > -- > > You received this message because you are subscribed to the Google > Groups "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
