I have just stood up a new open source puppet master (in this case master is ep1p-apux06, aka puppet.domain.com). I have added an external test agent and everything appears to be running correctly. As a test, I have added a single module and if I make changes to the module, I can see it propagate. However, even though I can run 'puppet agent --test' on the master (as a client to itself), I am seeing these errors in the log files:
*Jun 19 09:39:43 ep1p-apux06 puppet-agent[23828]: Unable to fetch my node definition, but the agent run will continue:* *Jun 19 09:39:43 ep1p-apux06 puppet-agent[23828]: The certificate retrieved from the master does not match the agent's private key.* *Jun 19 09:39:43 ep1p-apux06 puppet-agent[23828]: Certificate fingerprint: 0C:8E:16:10:2C:52:0E:1F:B9:75:6F:4C:40:3E:37:84:64:1D:38:0F:89:C0:02:EB:CD:B4:39:E4:03:91:02:5B* *Jun 19 09:39:43 ep1p-apux06 puppet-agent[23828]: To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate.* *Jun 19 09:39:43 ep1p-apux06 puppet-agent[23828]: On the master:* *Jun 19 09:39:43 ep1p-apux06 puppet-agent[23828]: puppet cert clean ep1p-apux06.domain.com* *Jun 19 09:39:43 ep1p-apux06 puppet-agent[23828]: On the agent:* *Jun 19 09:39:43 ep1p-apux06 puppet-agent[23828]: 1a. On most platforms: find /etc/puppet/ssl -name ep1p-apux06.domain.com.pem -delete* *Jun 19 09:39:43 ep1p-apux06 puppet-agent[23828]: 1b. On Windows: del "/etc/puppet/ssl/ep1p-apux06.domain.com.pem" /f* *Jun 19 09:39:43 ep1p-apux06 puppet-agent[23828]: 2. puppet agent -t* *Jun 19 09:39:43 ep1p-apux06 puppet-agent[23828]: (/File[/var/lib/puppet/facts.d]) Failed to generate additional resources using 'eval_generate': SSL_CTX_use_PrivateKey:: key values mismatch* *Jun 19 09:39:43 ep1p-apux06 puppet-agent[23828]: (/File[/var/lib/puppet/facts.d]) Could not evaluate: Could not retrieve file metadata for puppet://puppet/pluginfacts: SSL_CTX_use_PrivateKey:: key values mismatch* *Jun 19 09:39:43 ep1p-apux06 puppet-agent[23828]: (/File[/var/lib/puppet/lib]) Failed to generate additional resources using 'eval_generate': SSL_CTX_use_PrivateKey:: key values mismatch* *Jun 19 09:39:43 ep1p-apux06 puppet-agent[23828]: (/File[/var/lib/puppet/lib]) Could not evaluate: Could not retrieve file metadata for puppet://puppet/plugins: SSL_CTX_use_PrivateKey:: key values mismatch* *Jun 19 09:39:44 ep1p-apux06 puppet-agent[23828]: Could not retrieve catalog from remote server: SSL_CTX_use_PrivateKey:: key values mismatch* *Jun 19 09:39:44 ep1p-apux06 puppet-agent[23828]: Using cached catalog* *Jun 19 09:39:44 ep1p-apux06 puppet-agent[23828]: (/Stage[main]/Ntp::Config/File[ntp.conf]) Could not evaluate: Could not retrieve file metadata for puppet:///modules/ntp/ntp.conf: SSL_CTX_use_PrivateKey:: key values mismatch* *Jun 19 09:39:44 ep1p-apux06 puppet-agent[23828]: (/Stage[main]/Ntp::Service/Service[ntpd]) Dependency File[ntp.conf] has failures: true* *Jun 19 09:39:44 ep1p-apux06 puppet-agent[23828]: (/Stage[main]/Ntp::Service/Service[ntpd]) Skipping because of failed dependencies* *Jun 19 09:39:44 ep1p-apux06 puppet-agent[23828]: Finished catalog run in 0.03 seconds* *Jun 19 09:39:44 ep1p-apux06 puppet-agent[23828]: Could not send report: SSL_CTX_use_PrivateKey:: key values mismatch* I have gone through the process described to clean the certs, reran 'puppet agent --test', and everything appears to be functioning correctly: *[root@ep1p-apux06 puppet]# puppet cert clean ep1p-apux06.domain.com* *Notice: Revoked certificate with serial 14* *Notice: Removing file Puppet::SSL::Certificate ep1p-apux06.domain.com at '/var/lib/puppet/ssl/ca/signed/ep1p-apux06.domain.com.pem'* *Notice: Removing file Puppet::SSL::Certificate ep1p-apux06.domain.com at '/var/lib/puppet/ssl/certs/ep1p-apux06.domain.com.pem'* *Notice: Removing file Puppet::SSL::CertificateRequest ep1p-apux06.domain.com at '/var/lib/puppet/ssl/certificate_requests/ep1p-apux06.domain.com.pem'* *Notice: Removing file Puppet::SSL::Key ep1p-apux06.domain.com at '/var/lib/puppet/ssl/private_keys/ep1p-apux06.domain.com.pem'* *[root@ep1p-apux06 puppet]# find /etc/puppet/ssl -name ep1p-apux06.domain.com.pem -delete* *[root@ep1p-apux06 puppet]# find /var/lib//puppet/ssl -name ep1p-apux06.domain.com.pem -delete* *[root@ep1p-apux06 puppet]# puppet agent --test* *Info: Creating a new SSL key for ep1p-apux06.domain.com* *Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml* *Info: Creating a new SSL certificate request for ep1p-apux06.domain.com* *Info: Certificate Request fingerprint (SHA256): 3F:98:04:FA:04:6A:DE:4C:76:13:97:9E:7C:C3:44:01:98:7A:2C:3B:A5:32:37:9D:F0:5D:29:E3:E9:13:26:12* *Info: Caching certificate for ep1p-apux06.domain.com* *Info: Caching certificate for ep1p-apux06.domain.com* *Info: Retrieving pluginfacts* *Info: Retrieving plugin* *Info: Caching catalog for ep1p-apux06.domain.com* *Info: Applying configuration version '1434723026'* *Notice: Finished catalog run in 0.28 seconds* However, 30 minutes later, and I see the same errors in my log files. *[root@ep1p-apux06 puppet]# cat /etc/puppet/puppet.conf* *[main]* * # The Puppet log directory.* * # The default value is '$vardir/log'.* * logdir = /var/log/puppet* * # Where Puppet PID files are kept.* * # The default value is '$vardir/run'.* * rundir = /var/run/puppet* * # Where SSL certificates are kept.* * # The default value is '$confdir/ssl'.* * ssldir = $vardir/ssl* * runinterval = 1h* * server = puppet.domain.com* * environment = production* *[master]* * dns_alt_names = puppet,puppet.domain.com,puppetmaster,puppetmaster.domain.com* * environment_timeout = unlimited* * always_cache_features = true* * autosign = true* *[agent]* * # The file in which puppetd stores a list of the classes* * # associated with the retrieved configuratiion. Can be loaded in* * # the separate ``puppet`` executable using the ``--loadclasses``* * # option.* * # The default value is '$confdir/classes.txt'.* * classfile = $vardir/classes.txt* * # Where puppetd caches the local configuration. An* * # extension indicating the cache format is added automatically.* * # The default value is '$confdir/localconfig'.* * localconfig = $vardir/localconfig* What might I be possibly missing? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/a6ca4c74-3559-4ba7-bd99-d05199141440%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
