So that log looks like the Apache log... Do you have your puppetmaster logging to syslog as well? There should be more than just the "GET" lines from Apache. I think when you turn on --debug it will increase the normal logging of the puppetmaster to syslog. That is where you should see lines regarding the signing of a new cert or hopefully why its not working.
The 404 error means it was not found when the client attempted to retrieve its cert. Usually after that you see something like a "PUT" of the agents CSR for signing on the CA. Then after the CA signs and creates the cert, you will see another "GET" from the client that succeeds. All the logs I posted earlier in my example that worked were found in the messages file. On Tue, Jul 23, 2013 at 1:23 PM, Forrie <for...@gmail.com> wrote: > When I try to connect a new client to this problematic Puppet Master, here's > what I see in the log: > > 10.103.0.3 - - [23/Jul/2013:15:15:27 -0400] "GET /production/certificate/ca? > HTTP/1.1" 200 1915 "-" "-" > 10.103.0.3 - - [23/Jul/2013:15:15:27 -0400] "GET > /production/certificate/new-server.domain.com? HTTP/1.1" 404 59 "-" "-" > > But in auth.conf, it appears to be correct: > > path /certificate/ca > auth any > method find > allow * > > HTTP 404 = not found > > so, somewhere in this process, the Master is refusing to generate certs. > I've checked the directories and permissions and I cannot see a problem > there. Likewise, my auth.conf is permissive. > > It looks like I'm just going to have to start all over again - going through > each client manually -- I don't look forward to this at all. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To post to this group, send email to puppet-users@googlegroups.com. > Visit this group at http://groups.google.com/group/puppet-users. > For more options, visit https://groups.google.com/groups/opt_out. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
