Hello Marius, Thank you very much indeed for your prompt reply! It seems that I was under the impression that autosigning had been turned on on the puppet server. I see now that I was mistaken.
Best regards, and be well good sir! tim On Thu, May 12, 2011 at 4:41 PM, Saurval <[email protected]> wrote: > Hi Tim, > > Perhaps I am missing something in your output. There may be some > actions implied that you took but where not shown. So excuse me if I > am misunderstanding something. > > Did you take any actions on the server side while you were running > 'puppetd -t --waitforcert 15 --server puppet.example.net'? What I see > is you had the client send a certificate to the master in order to be > signed, and when it was not signed in the amount of time you specified > the client gave up. Did you use 'puppetca' on the server side to sign > the certificate? If not, what you see is the expected behavior, as > nothing would be sent back if it was not signed. > > Marius > Shermans Travel Media LLC. > > On May 12, 3:39 pm, Tim Dunphy <[email protected]> wrote: >> hello list!! >> >> I'm having an issue where a client is not receiving it's cert >> >> [root@ec2-50-16-98-245 ~]# puppetd -t --waitforcert 15 --server >> puppet.example.net >> info: Creating a new SSL key for ec2-xx-xx-xx-xxx.compute-1.amazonaws.com >> warning: peer certificate won't be verified in this SSL session >> info: Caching certificate for ca >> warning: peer certificate won't be verified in this SSL session >> warning: peer certificate won't be verified in this SSL session >> info: Creating a new SSL certificate request for >> ec2-xx-xx-xx-xxx.compute-1.amazonaws.com >> info: Certificate Request fingerprint (md5): >> 93:17:4C:99:18:B9:8C:68:4E:2A:89:76:A4:28:04:81 >> warning: peer certificate won't be verified in this SSL session >> warning: peer certificate won't be verified in this SSL session >> warning: peer certificate won't be verified in this SSL session >> warning: peer certificate won't be verified in this SSL session >> notice: Did not receive certificate >> >> although the server is running and listening on 8140 >> >> [root@puppet ~]# lsof -i :8140 >> COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME >> puppetmas 1694 puppet 7u IPv4 7222 TCP *:8140 (LISTEN) >> >> and nmap confirms port is open >> >> Starting Nmap 5.21 (http://nmap.org) at 2011-05-12 14:50 EDT >> Nmap scan report for puppet.example.net (xx.xx.xxx.xxx) >> Host is up (0.014s latency). >> rDNS record for xx.xx.xxx.xxx: ec2-xx-xx-xxx-xxx.compute-1.amazonaws.com >> PORT STATE SERVICE >> 8140/tcp open unknown >> >> Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds >> >> http is running >> >> [root@puppet puppet]# service httpd status >> httpd (pid 3606) is running... >> >> but the only errors I see are 404's the only logs in the >> /var/log/masterhttp.log >> >> [2011-05-12 15:35:54] - -> /production/certificate/portero-fs.ec2.internal >> [2011-05-12 15:35:55] ec2-xx-xx-xxx-xxx.compute-1.amazonaws.com - - >> [12/May/2011:15:35:55 EDT] "GET >> /production/certificate/ec2-xx-xx-xxx-xxx.compute-1.amazonaws.com >> HTTP/1.1" 404 >> >> but the puppet client runs well on the puppet server itself... >> >> [root@puppet puppet]# puppetd -t >> info: Loading facts in mysql >> info: Loading facts in configured_ntp_servers >> info: Loading facts in mysql >> info: Loading facts in configured_ntp_servers >> info: Caching catalog for puppet.acadaca.net >> info: /Stage[main]/Centos/Tidy[/var/lib/amanda]: File does not exist >> info: /Stage[main]/Centos/Tidy[/etc/yum.repos.d/c5-media.repo]: File >> does not exist >> info: /Stage[main]/Centos/Tidy[/etc/yum.repos.d/CentOS.repo]: File >> does not exist >> info: /Stage[main]/Apache/Tidy[/etc/httpd/conf.d/ssl.conf]: File does not >> exist >> info: Applying configuration version '1305227995' >> notice: /Stage[main]/Centos/Exec[import dag key]/returns: executed >> successfully >> notice: /Stage[main]/Centos/Exec[import webtatic key]/returns: >> executed successfully >> notice: /Stage[main]/Centos/Exec[import remi key]/returns: executed >> successfully >> notice: Finished catalog run in 4.84 seconds >> >> I would appreciate any advice you may have... >> >> thanks! >> >> tim >> -- >> GPG me!! >> >> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
