Hi, I am having similar issue, cant figure out why. Can any one help me with this ??
thanks, Teja. On Friday, August 10, 2012 5:29:27 AM UTC-7, Axel Bock wrote: > > hm, nevermind, I somehow solved it. although I'm not (yet) sure how. It > involved a lot of restarting and deleting :) > > thanks anyways! > Axel. > > > > 2012/8/10 Axel Bock <axel...@arbeitsagentur.de <javascript:>> > >> Hello readers, >> >> I have this little issue that my puppet client refuses to do anything >> because of SSL validation errors. Maybe I'll just post dump of what >> happens, that makes it clear I hope. Does anyone have a suggestion why that >> might happen? what I already checked: >> >> On the master: >> >> - Puppet and puppetmaster is running >> - Something is listening on Port 8140 (although I cannot >> telnet-connect to it, it closes immediately for whatever reason) >> - in /var/lib/puppet/ssl: find . -type f -delete >> >> On the client: >> >> - in /var/lib/puppet/ssl: find . -type f -delete >> >> I would appreciate any help that's available ... >> >> thanks & greetings! Axel. >> >> >> ... and now the little dump: >> >> (CLIENT) >> *root@l1311022:/var/lib/puppet/ssl$* *puppet agent --test* >> info: Creating a new SSL key for l1311022.our.domain.de >> warning: peer certificate won't be verified in this SSL session (2x) >> info: Creating a new SSL certificate request for l1311022.our.domain.de >> info: Certificate Request fingerprint (md5): >> 19:60:00:FE:95:D8:1B:D1:7A:0A:08:C1:1F:E1:94:4E >> warning: peer certificate won't be verified in this SSL session (3x) >> Exiting; no certificate found and waitforcert is disabled >> >> (SERVER) >> *l1215022:/var/lib/puppet/ssl # pca -l* >> notice: Signed certificate request for ca >> notice: Rebuilding inventory file >> l1311022.our.domain.de(19:60:00:FE:95:D8:1B:D1:7A:0A:08:C1:1F:E1:94:4E) >> *l1215022:/var/lib/puppet/ssl # pca -s --all* >> notice: Signed certificate request for l1311022.our.domain.de >> notice: Removing file Puppet::SSL::CertificateRequest >> l1311022.our.domain.de at >> '/var/lib/puppet/ssl/ca/requests/l1311022.our.domain.de.pem' >> l1215022:/var/lib/puppet/ssl # >> >> (CLIENT) >> *root@l1311022:/var/lib/puppet/ssl$ puppet agent --test* >> warning: peer certificate won't be verified in this SSL session >> info: Caching certificate for ca >> warning: peer certificate won't be verified in this SSL session >> info: Caching certificate for l1311022.our.domain.de >> info: Retrieving plugin >> err: /File[/var/lib/puppet/lib]: Failed to generate additional resources >> using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read >> server certificate B: certificate verify failed >> err: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect >> returned=1 errno=0 state=SSLv3 read server certificate B: certificate >> verify failed Could not retrieve file metadata for puppet:// >> l1215022.our.domain.de/plugins: SSL_connect returned=1 errno=0 >> state=SSLv3 read server certificate B: certificate verify failed >> err: Could not retrieve catalog from remote server: SSL_connect >> returned=1 errno=0 state=SSLv3 read server certificate B: certificate >> verify failed >> warning: Not using cache on failed catalog >> err: Could not retrieve catalog; skipping run >> err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 >> read server certificate B: certificate verify failed >> >> The config files look like this: >> >> (CLIENT) >> [main] >> logdir = /var/log/puppet >> rundir = /var/run/puppet >> ssldir = /var/lib/puppet/ssl >> modulepath = /etc/puppet/modules:/opt/puppet/share/puppet/modules >> [agent] >> certname = l1311022.our.domain.de >> server = l1215022.our.domain.de >> report = true >> graph = true >> pluginsync = true >> classfile = $vardir/classes.txt >> localconfig = $vardir/localconfig >> >> (SERVER) >> [main] >> logdir = /var/log/puppet >> rundir = /var/run/puppet >> ssldir = /var/lib/puppet/ssl >> certname = l1215022.our.domain.de >> [agent] >> classfile = $vardir/classes.txt >> localconfig = $vardir/localconfig >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To view this discussion on the web visit >> https://groups.google.com/d/msg/puppet-users/-/ToaPaY7mtgwJ. >> To post to this group, send email to puppet...@googlegroups.com<javascript:> >> . >> To unsubscribe from this group, send email to >> puppet-users...@googlegroups.com <javascript:>. >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/ff1a8174-be84-4f8a-afe0-fa0f7cd16d1c%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
