Hi Tim, Perhaps I am missing something in your output. There may be some actions implied that you took but where not shown. So excuse me if I am misunderstanding something.
Did you take any actions on the server side while you were running 'puppetd -t --waitforcert 15 --server puppet.example.net'? What I see is you had the client send a certificate to the master in order to be signed, and when it was not signed in the amount of time you specified the client gave up. Did you use 'puppetca' on the server side to sign the certificate? If not, what you see is the expected behavior, as nothing would be sent back if it was not signed. Marius Shermans Travel Media LLC. On May 12, 3:39 pm, Tim Dunphy <bluethu...@gmail.com> wrote: > hello list!! > > I'm having an issue where a client is not receiving it's cert > > [root@ec2-50-16-98-245 ~]# puppetd -t --waitforcert 15 --server > puppet.example.net > info: Creating a new SSL key for ec2-xx-xx-xx-xxx.compute-1.amazonaws.com > warning: peer certificate won't be verified in this SSL session > info: Caching certificate for ca > warning: peer certificate won't be verified in this SSL session > warning: peer certificate won't be verified in this SSL session > info: Creating a new SSL certificate request for > ec2-xx-xx-xx-xxx.compute-1.amazonaws.com > info: Certificate Request fingerprint (md5): > 93:17:4C:99:18:B9:8C:68:4E:2A:89:76:A4:28:04:81 > warning: peer certificate won't be verified in this SSL session > warning: peer certificate won't be verified in this SSL session > warning: peer certificate won't be verified in this SSL session > warning: peer certificate won't be verified in this SSL session > notice: Did not receive certificate > > although the server is running and listening on 8140 > > [root@puppet ~]# lsof -i :8140 > COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME > puppetmas 1694 puppet 7u IPv4 7222 TCP *:8140 (LISTEN) > > and nmap confirms port is open > > Starting Nmap 5.21 (http://nmap.org) at 2011-05-12 14:50 EDT > Nmap scan report for puppet.example.net (xx.xx.xxx.xxx) > Host is up (0.014s latency). > rDNS record for xx.xx.xxx.xxx: ec2-xx-xx-xxx-xxx.compute-1.amazonaws.com > PORT STATE SERVICE > 8140/tcp open unknown > > Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds > > http is running > > [root@puppet puppet]# service httpd status > httpd (pid 3606) is running... > > but the only errors I see are 404's the only logs in the > /var/log/masterhttp.log > > [2011-05-12 15:35:54] - -> /production/certificate/portero-fs.ec2.internal > [2011-05-12 15:35:55] ec2-xx-xx-xxx-xxx.compute-1.amazonaws.com - - > [12/May/2011:15:35:55 EDT] "GET > /production/certificate/ec2-xx-xx-xxx-xxx.compute-1.amazonaws.com > HTTP/1.1" 404 > > but the puppet client runs well on the puppet server itself... > > [root@puppet puppet]# puppetd -t > info: Loading facts in mysql > info: Loading facts in configured_ntp_servers > info: Loading facts in mysql > info: Loading facts in configured_ntp_servers > info: Caching catalog for puppet.acadaca.net > info: /Stage[main]/Centos/Tidy[/var/lib/amanda]: File does not exist > info: /Stage[main]/Centos/Tidy[/etc/yum.repos.d/c5-media.repo]: File > does not exist > info: /Stage[main]/Centos/Tidy[/etc/yum.repos.d/CentOS.repo]: File > does not exist > info: /Stage[main]/Apache/Tidy[/etc/httpd/conf.d/ssl.conf]: File does not > exist > info: Applying configuration version '1305227995' > notice: /Stage[main]/Centos/Exec[import dag key]/returns: executed > successfully > notice: /Stage[main]/Centos/Exec[import webtatic key]/returns: > executed successfully > notice: /Stage[main]/Centos/Exec[import remi key]/returns: executed > successfully > notice: Finished catalog run in 4.84 seconds > > I would appreciate any advice you may have... > > thanks! > > tim > -- > GPG me!! > > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
