[Puppet Users] puppet certificate generate fails for mcollective client

Tue, 25 Mar 2014 15:59:02 -0700 

Following the mcollective documentation [1] for adding clients to execute 
mco commands when using SSL I am getting an error executing the 'puppet 
certificate generate' command as my user account.  I feel like I'm missing 
something very obvious here.

$ puppet certificate generate treydock --ssldir 
~/.mcollective.d/credentials --ca-location remote --ca_server 
puppet.<DOMAIN>
Error: The certificate retrieved from the master does not match the agent's 
private key.
Certificate fingerprint: 
E3:EA:FA:AD:68:53:D8:AF:DB:63:C9:2A:89:CC:68:AA:4F:B2:35:F6:9F:8C:E0:3C:3F:56:D5:1F:41:45:0D:53
To fix this, remove the certificate from both the master and the agent and 
then start a puppet run, which will automatically regenerate a certficate.
On the master:
  puppet cert clean login3.<DOMAIN>
On the agent:
  rm -f /home/treydock/.mcollective.d/credentials/certs/login3.<DOMAIN>.pem
  puppet agent -t

Error: Try 'puppet help certificate generate' for usage

This happens from all my systems.

The host 'login3' puppet.conf (comments removed):

$ cat /etc/puppet/puppet.conf
[main]
    logdir = /var/log/puppet
    rundir = /var/run/puppet
    ssldir = $vardir/ssl
    privatekeydir = $ssldir/private_keys { group = service }
    hostprivkey = $privatekeydir/$certname.pem { mode = 640 }
    autosign       = $confdir/autosign.conf { mode = 664 }

[agent]
    classfile = $vardir/classes.txt
    localconfig = $vardir/localconfig
    default_schedules = false

    report        = true
    pluginsync    = true
    masterport    = 8140
    environment   = production
    certname      = login3.brazos.tamu.edu
    server        = puppet.brazos.tamu.edu
    listen        = false
    splay         = false
    runinterval   = 3600
    noop          = true
    show_diff     = true
    configtimeout = 120

Thanks
- Trey

[1] 
- 
http://docs.puppetlabs.com/mcollective/deploy/standard.html#managing-client-credentials

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/a31a3ff6-4907-4fd4-a496-b03869e8a151%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to