Re: [Puppet Users] Puppet agent for VMware agent nodes

[Warron French]

Thanks James, it does sort of give me the faith that trying/testing 
isn't an unreasonable adventure.



\\Warron


On 9/30/2016 10:16 PM, James Pryor wrote:

Warron,
It appears that you have an operational need to have a non-Red Hat 
node being managed by a puppet-master. Also looks as though the 
puppet-master is the one that is part of Satellite 6.2. It sounds that 
you are looking for confirmation that the puppet-master running inside 
of Satellite 6.2 fits your needs in regards to that non-Red Hat node.


At Red Hat and at previous employers, I never had the need to perform 
the research of your scenario, so I simply don't know and unable to 
give you an answer. I do know this, which I've said earlier this week 
on this email list: "Red Hat is not customizing puppet 3.8 in 
Satellite 6 in any way." So perhaps you'll discover it fits your need.


I'm sorry to hear that your experience with Red Hat Support is not as 
good as it should be. As I've said, I am not in a support or customer 
facing role. This email thread is not an offer of support, but purely 
my opinion. I assume your site, or customer, has a relationship with 
Red Hat customer facing personnel. You've mentioned the visiting Red 
Hat Consultant. Or perhaps there is the customer's RH Sales rep or 
Technical Account Manager. I would follow up with them.


Regards,
James

On Fri, Sep 30, 2016 at 9:12 PM, Warron French 
mailto:warron.fre...@gmail.com>> wrote:


James, thanks.  I am working with a Red Hat Consultant that visits
our site regularly (I can't tell you who the customer is), but he
said that your product apparently doesn't provide an agent for
other OSes; only Red Hat (variants).

So, I am a little confused by your reply, can you please clarify? 
Are you saying that I can open up a ticket with Red Hat Customer

Portal and it won't be a waste of my time (like the other total of
2 tickets have been)?

Thanks James,
Warron



On 9/29/2016 11:59 PM, James Pryor wrote:

Warron,
Disclaimer: I work for Red Hat, not on Satellite, and not in a
customer facing support role: jpryor [AT] redhat.com

If you need actual support for puppet and Satellite 6.2, then
please follow up with RH Support directly.

If you need to run Puppet Enterprise as a Master, and desire to
have PE and Satellite 6.1+ be integrated together, then please
refer to the documents written by Puppet and Red Hat. See also
the "Puppet Enterprise & Satellite 6" YouTube video of the talk
given at PuppetConf 2015.
https://access.redhat.com/articles/satellite-and-puppet-enterprise

https://puppet.com/product/managed-technology/red-hat

https://youtu.be/SznrNExpjxo?t=800


However in your example:
/" I am running Red Hat Satellite 6.2.1, but the Puppet Master is
actually on v3.8.6; is there an agent that I can use on a VMware
machine to manage the packages and other files (all the same)?"
/
What is the "VMware machine"? If "VMware machine" is a RHEL
virtual-machine running on VMware, then you can install the
puppet agent that Red Hat provides by way of a repo from your
Satellite on the RHEL node, which is documented here:

https://access.redhat.com/documentation/en/red-hat-satellite/6.2/single/host-configuration-guide#sect-Red_Hat_Satellite-Host_Configuration_Guide-Registration-Installing_and_Configuring_the_Puppet_Agent



I hope this helps,
James


On Thu, Sep 29, 2016 at 7:34 PM, Warron French
mailto:warron.fre...@gmail.com>> wrote:

I know that according to some official training documentation
from Puppet Labs Corp, that VMware has invested in Puppet Labs.

Can anyone tell me though, does the Red Hat Satellite
implementation of Puppet (the master)  work with the Puppet
Enterprise agents... assuming the version of agent matches
the version of the master?

For example, I am running Red Hat Satellite 6.2.1, but the
Puppet Master is actually on v3.8.6; is there an agent that I
can use on a VMware machine to manage the packages and other
files (all the same)?


Thanks in advance,

Warron

-- 
You received this message because you are subscribed to the

Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from
it, send an email to
puppet-users+unsubscr...@googlegroups.com
.
To view this discussio

RE: [Puppet Users] Which training should i go for?

[Johan De Wit]

Hi Matthias, If the main goal is getting deeper into writing puppet code, then 
the practitioner is your choice.  The architect does focus more on your puppet 
infrastructure. You should check the outline of both course which will be a 
great help in deciding which course fits best at the moment



https://learn.puppet.com/instructor-led-training/puppet-architect

https://learn.puppet.com/instructor-led-training/puppet-practitioner



Check also the https://learn.puppet.com/category/self-paced-training



Most (if not all) are free, and gave some good introduction to eg hiera, 
puppetdb etc



Have a nice weekend



Johan







-Original message-
From: Matthias Fraidl 
Sent: Friday 7th October 2016 15:10
To: Puppet Users 
Subject: [Puppet Users] Which training should i go for?

Hi Puppet-folks,

in April 2015 i visited a "Puppet Fundamentals Training" in Vienna, the 
training was fine, by now i am managing most nodes of an anycast-nameservice 
with puppet (non-enterprise) - i am just using the "basic/slightly advanced" 
functionalities (e.g. self-written modules [to manage nameservers, bgp daemons, 
basic system configs], custom facts, etc.; hiera-backend for sure) but i am not 
using puppetdb, mcollective etc. and i am interested to learn more about the 
capabilities of puppet, and how to use them - so i am looking for another 
training to attend. 
At the moment i can't determine which training is better for me - the "Puppet 
Practitioner" or the "Puppet Architect" - so i am asking you to help me a bit 
further, to decide which one i should go for. 

Suggestions appreciated :-)

Best regards,
Matthias

-- 
 You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
 To unsubscribe from this group and stop receiving emails from it, send an 
email to puppet-users+unsubscr...@googlegroups.com 
 .
 To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/8fc0dbdb-7c2b-49ca-b919-6e8a9719bf60%40googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.
 
Next Trainings:

Zabbix Training | https://www.open-future.be/calendar
Bacula Training | https://www.open-future.be/calendar
Puppet Training | https://www.open-future.be/calendar
Linux  Training | https://www.open-future.be/calendar

Subscribe to our newsletter   | http://eepurl.com/BUG8H


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/zarafa.57f7cfa5.57f2.4945507f30c9166e%40zarafa7.open-future.be.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Issue with module from forge - Duplicate declaration Class[Rsyslog]

[re-glaue]

Well... The node I have been testing the duplicate declaration on uses a 
puppet secondary-master server, as it is on a remote network segment. It 
does not connect directly to the puppet primary-master in which The Forman 
is running on.

So I did some work to get this particular "server1" node to use the puppet 
primary-master that The Foreman is running on. When I run a puppet update, 
it completes without error. When I switch back to the puppet 
secondary-master, I get the duplicate class error.

They are both running puppet 3.8.7-1 on CentOS 6.
The YAML produced by both is exactly 100% the same. So I can assume the 
YAML structure is not the issue.

Would this suggest that the puppet secondary-master server is the issue, or 
the client connecting to it is perhaps not always getting what it wants 
from the slave?
Remember that the puppet updates will complete correctly for many hours, 
then magically change to this error. And vice-versa, be in error for many 
hours, and then magically change to completing correctly. Also that 
sometime changing configuration in The Forman can trigger the Error to 
occur AND other times trigger to Error to stop occurring.
Also note, I only have this problem with the saz-rsyslog module - NEVER 
with any other puppet module.
When I remove the saz-rsyslog module, all issues disappear.

I have made sure the puppet modules are 100% in sync between primary and 
secondary master server.
And I have restarted the puppet processes on the secondary-master server, 
but the error will continue on the nodes.

At this particular moment, all of the nodes experiencing the duplicate 
class declaration error are accessing the secondary-master puppet server. 
Not all nodes connecting to this secondary-master are experiencing this 
issue however - only 13 out of 33 nodes.
Also, I have other secondary-master servers on other segments. And nodes 
getting updates from those have experienced this error before too. However, 
I do not recall it occurring recently.
I cannot remember if a node connecting to the primary-master has 
experienced this issue - I want to say yes, but cannot recall to be certain.


On Friday, October 7, 2016 at 8:52:20 AM UTC-5, Rob Nelson wrote:
>
> Not being a foreman user, I can't add a whole lot of detail to this, but 
> it does SEEM like there's something in the foreman "extras" that may be 
> conflicting with the direct puppet code in certain situations. My 
> understanding is that it provides some sort of overlay, and that could 
> definitely cause a conflict - it's easy with PE, for instance, to have the 
> Node Classifier and your puppet manifests on disk have collisions without 
> being obvious. I would look at what the "overlay" provides - whatever the 
> proper term is for it.
>
>
> Rob Nelson
> rnel...@gmail.com 
>
> On Fri, Oct 7, 2016 at 9:48 AM, > wrote:
>
>> On Thursday, October 6, 2016 at 12:23:40 PM UTC-5, Rob Nelson wrote:
>>>
>>> Can you undo the change in foreman, see if the problem goes away, then 
>>> reimplement the change and see if the problem comes back? That would go a 
>>> long way toward isolating the cause. 
>>>
>>>
>> So I removed the rsyslog configuration from the foreman, the problem 
>> disappeared, then I added the rsyslog configuration back in and the problem 
>> immediately reappeared.
>>
>> The other configuration we added at 9:00am-ish  well we since added 
>> some very minor configuration changes for host parameters in the afternoon, 
>> and this problem went away. Nothing was touched after that. Then about 6 
>> hours ago, at 2:00am-ish, the problem reappeared.
>> Then I removed the rsyslog configuration, after which the problem 
>> disappeared, then I re-added the rsyslog configuration and the problem 
>> reappeared.
>>
>>  
>>
>>> On Thursday, October 6, 2016,  wrote:
>>>


 On Wednesday, October 5, 2016 at 2:32:37 PM UTC-5, re-g...@wiu.edu 
 wrote:
>
> I installed the puppet module saz-rsyslog from puppet forge.
> I use The Foreman to configure nodes. The Foreman is used by puppet 
> via configuration [master] "external_nodes" "/etc/puppet/node.rb"
>
> Since the saz-rsyslog module install, I have been receiving the 
> following error off and on (not consistently) across many nodes on a 
> puppet 
> update (i.e. puppet agent -t):
>
> "Could not retrieve catalog from remote server: Error 400 on SERVER: 
> Duplicate declaration: Class[Rsyslog] is already declared; cannot 
> redeclare 
> on node "
>
>
> My nodes are CentOS 5,6,7; and any various number of the nodes may 
> experience this issue, but not all of them at the same time.
>
> One day I will see dozens of server with this error, and other nodes 
> not having this issue. This may go on for days if I do not touch The 
> Foreman.
> I'll make some changes to host configuration for puppet module class 
> parameters in The Foreman - never the saz-rsyslog module th

Re: [Puppet Users] Puppet 4.x, Puppetdb and sqlite

[Kong Eng]

HSQL is no longer in Puppet 4.x.


On Friday, September 30, 2016 at 7:59:16 AM UTC-4, Martin Alfke wrote:
>
> PuppetDB can make use of a HSQL embedded database. 
> This is for testing only. Never use HSQL in production. 
>
>
> > On 30 Sep 2016, at 12:37, Lowe Schmidt  > wrote: 
> > 
> > As I remember it, PuppetDB uses some specific functionality of postgres, 
> so it is a hard requirement. 
> > 
> > -- 
> > Lowe Schmidt | +46 723 867 157 
> > 
> > On 28 September 2016 at 21:24, Kong Eng > 
> wrote: 
> > 
> > Hi, 
> > 
> > Anyone know if there's fix/way to use Puppet 4.x, puppetdb and sqlite. I 
> hate to sping up puppetdb and progress db. 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups "Puppet Users" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an email to puppet-users...@googlegroups.com . 
> > To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/0f7cf0c4-d465-4202-86cc-ccdcf2acce1b%40googlegroups.com.
>  
>
> > For more options, visit https://groups.google.com/d/optout. 
> > 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups "Puppet Users" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an email to puppet-users...@googlegroups.com . 
> > To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/CAC-wWcTaHbXT%2BDocsG54Rq07g9biJ9Hq-KB1ULYfmOf_D2kwuA%40mail.gmail.com.
>  
>
> > For more options, visit https://groups.google.com/d/optout. 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/2baeecc9-3365-4e4e-a893-684317528d4c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Issue with module from forge - Duplicate declaration Class[Rsyslog]

[Rob Nelson]

Not being a foreman user, I can't add a whole lot of detail to this, but it
does SEEM like there's something in the foreman "extras" that may be
conflicting with the direct puppet code in certain situations. My
understanding is that it provides some sort of overlay, and that could
definitely cause a conflict - it's easy with PE, for instance, to have the
Node Classifier and your puppet manifests on disk have collisions without
being obvious. I would look at what the "overlay" provides - whatever the
proper term is for it.


Rob Nelson
rnels...@gmail.com

On Fri, Oct 7, 2016 at 9:48 AM,  wrote:

> On Thursday, October 6, 2016 at 12:23:40 PM UTC-5, Rob Nelson wrote:
>>
>> Can you undo the change in foreman, see if the problem goes away, then
>> reimplement the change and see if the problem comes back? That would go a
>> long way toward isolating the cause.
>>
>>
> So I removed the rsyslog configuration from the foreman, the problem
> disappeared, then I added the rsyslog configuration back in and the problem
> immediately reappeared.
>
> The other configuration we added at 9:00am-ish  well we since added
> some very minor configuration changes for host parameters in the afternoon,
> and this problem went away. Nothing was touched after that. Then about 6
> hours ago, at 2:00am-ish, the problem reappeared.
> Then I removed the rsyslog configuration, after which the problem
> disappeared, then I re-added the rsyslog configuration and the problem
> reappeared.
>
>
>
>> On Thursday, October 6, 2016,  wrote:
>>
>>>
>>>
>>> On Wednesday, October 5, 2016 at 2:32:37 PM UTC-5, re-g...@wiu.edu
>>> wrote:

 I installed the puppet module saz-rsyslog from puppet forge.
 I use The Foreman to configure nodes. The Foreman is used by puppet via
 configuration [master] "external_nodes" "/etc/puppet/node.rb"

 Since the saz-rsyslog module install, I have been receiving the
 following error off and on (not consistently) across many nodes on a puppet
 update (i.e. puppet agent -t):

 "Could not retrieve catalog from remote server: Error 400 on SERVER:
 Duplicate declaration: Class[Rsyslog] is already declared; cannot redeclare
 on node "


 My nodes are CentOS 5,6,7; and any various number of the nodes may
 experience this issue, but not all of them at the same time.

 One day I will see dozens of server with this error, and other nodes
 not having this issue. This may go on for days if I do not touch The
 Foreman.
 I'll make some changes to host configuration for puppet module class
 parameters in The Foreman - never the saz-rsyslog module though..
 After the changes, half or more of the servers having issue (not all)
 will magically have no problems.
 However, more nodes that did not have issues before, will now
 experience this issue.

 Also, this change of events is not directly related to The Foreman host
 configuration changes.
 I can simply perform a puppet module upgrade to a unrelated module
 (e.g. mine-yumconfig). After upgrading the unrelated module, again many
 nodes with this issue will now have it resolved, and different ones not
 experiencing the issue before will now begin experiencing it.


 The only clue I have is from this posting: http://grokbase.com/t
 /gg/puppet-users/165h0exgez/duplicate-resource-declaration-error
 "... If you do not see the error on every run then it is modulated by
 something that varies between runs. That could be almost anything:
 manifests, data, results of function calls, node facts, or ENC output. ..."


 Can anyone help me understand this issue, or help me get it resolved
 permanently?

 When I search for answers, all I see are "You have written a duplicate
 class in your module." However, in my case, I did not write the saz-rsyslog
 module, I am only using it. It is a puppet-forge approved module with
 635,000+ downloads. And without modifying the module, the issue can
 disappear, seemingly without rhyme or reason.

 -RG

>>>
>>>
>>> Some more information
>>>
>>> I am using the latest version of the saz-rsyslog puppet module, version
>>> 4.0.3
>>> https://forge.puppet.com/saz/rsyslog
>>>
>>> As an example, I have this node called h1pa
>>> Yesterday afternoon this node was getting the reported duplicate
>>> Class[Rsyslog] declaration error
>>> The 12:15am update was the last report of this error
>>> The 12:45am update was the first clean update today
>>> In fact, I had 0 nodes reporting this error
>>>
>>> About 9:00am-ish we added a subnet and hostgroup to The Foreman. However
>>> we have not added any new nodes, nor changed the configuration to any
>>> existing nodes.
>>>
>>> Then, I started getting the error again
>>> The 9:15am update was the first report of this error this late morning
>>> The 9:45am update reported this error again
>>> My nodes reporting an error o

Re: [Puppet Users] Issue with module from forge - Duplicate declaration Class[Rsyslog]

[re-glaue]

On Thursday, October 6, 2016 at 12:23:40 PM UTC-5, Rob Nelson wrote:
>
> Can you undo the change in foreman, see if the problem goes away, then 
> reimplement the change and see if the problem comes back? That would go a 
> long way toward isolating the cause. 
>
>
So I removed the rsyslog configuration from the foreman, the problem 
disappeared, then I added the rsyslog configuration back in and the problem 
immediately reappeared.

The other configuration we added at 9:00am-ish  well we since added 
some very minor configuration changes for host parameters in the afternoon, 
and this problem went away. Nothing was touched after that. Then about 6 
hours ago, at 2:00am-ish, the problem reappeared.
Then I removed the rsyslog configuration, after which the problem 
disappeared, then I re-added the rsyslog configuration and the problem 
reappeared.

 

> On Thursday, October 6, 2016, > wrote:
>
>>
>>
>> On Wednesday, October 5, 2016 at 2:32:37 PM UTC-5, re-g...@wiu.edu wrote:
>>>
>>> I installed the puppet module saz-rsyslog from puppet forge.
>>> I use The Foreman to configure nodes. The Foreman is used by puppet via 
>>> configuration [master] "external_nodes" "/etc/puppet/node.rb"
>>>
>>> Since the saz-rsyslog module install, I have been receiving the 
>>> following error off and on (not consistently) across many nodes on a puppet 
>>> update (i.e. puppet agent -t):
>>>
>>> "Could not retrieve catalog from remote server: Error 400 on SERVER: 
>>> Duplicate declaration: Class[Rsyslog] is already declared; cannot redeclare 
>>> on node "
>>>
>>>
>>> My nodes are CentOS 5,6,7; and any various number of the nodes may 
>>> experience this issue, but not all of them at the same time.
>>>
>>> One day I will see dozens of server with this error, and other nodes not 
>>> having this issue. This may go on for days if I do not touch The Foreman.
>>> I'll make some changes to host configuration for puppet module class 
>>> parameters in The Foreman - never the saz-rsyslog module though..
>>> After the changes, half or more of the servers having issue (not all) 
>>> will magically have no problems.
>>> However, more nodes that did not have issues before, will now experience 
>>> this issue.
>>>
>>> Also, this change of events is not directly related to The Foreman host 
>>> configuration changes.
>>> I can simply perform a puppet module upgrade to a unrelated module (e.g. 
>>> mine-yumconfig). After upgrading the unrelated module, again many nodes 
>>> with this issue will now have it resolved, and different ones not 
>>> experiencing the issue before will now begin experiencing it.
>>>
>>>
>>> The only clue I have is from this posting: 
>>> http://grokbase.com/t/gg/puppet-users/165h0exgez/duplicate-resource-declaration-error
>>> "... If you do not see the error on every run then it is modulated by 
>>> something that varies between runs. That could be almost anything: 
>>> manifests, data, results of function calls, node facts, or ENC output. ..."
>>>
>>>
>>> Can anyone help me understand this issue, or help me get it resolved 
>>> permanently?
>>>
>>> When I search for answers, all I see are "You have written a duplicate 
>>> class in your module." However, in my case, I did not write the saz-rsyslog 
>>> module, I am only using it. It is a puppet-forge approved module with 
>>> 635,000+ downloads. And without modifying the module, the issue can 
>>> disappear, seemingly without rhyme or reason.
>>>
>>> -RG
>>>
>>
>>
>> Some more information
>>
>> I am using the latest version of the saz-rsyslog puppet module, version 
>> 4.0.3
>> https://forge.puppet.com/saz/rsyslog
>>
>> As an example, I have this node called h1pa
>> Yesterday afternoon this node was getting the reported duplicate 
>> Class[Rsyslog] declaration error
>> The 12:15am update was the last report of this error 
>> The 12:45am update was the first clean update today
>> In fact, I had 0 nodes reporting this error
>>
>> About 9:00am-ish we added a subnet and hostgroup to The Foreman. However 
>> we have not added any new nodes, nor changed the configuration to any 
>> existing nodes.
>>
>> Then, I started getting the error again
>> The 9:15am update was the first report of this error this late morning
>> The 9:45am update reported this error again
>> My nodes reporting an error of this duplicate Class[Rsyslog] error 
>> increased from 0 to 12.
>>
>> All node reports with this error are similar to h1pa node's reports.
>> I am seeing that many of the hosts experiencing this issue yesterday, are 
>> now experiencing it again.
>>
>> -RG
>>
>>
>>
>>
>>
>>
>>  
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/puppet-users/a81931c8-14b3-46d8-94ba-1f31c4c4453a%40googlegroups.com
>>  
>

[Puppet Users] Which training should i go for?

[Matthias Fraidl]

Hi Puppet-folks,

in April 2015 i visited a "Puppet Fundamentals Training" in Vienna, the 
training was fine, by now i am managing most nodes of an 
anycast-nameservice with puppet (non-enterprise) - i am just using the 
"basic/slightly advanced" functionalities (e.g. self-written modules [to 
manage nameservers, bgp daemons, basic system configs], custom facts, etc.; 
hiera-backend for sure) but i am not using puppetdb, mcollective etc. and i 
am interested to learn more about the capabilities of puppet, and how to 
use them - so i am looking for another training to attend. 
At the moment i can't determine which training is better for me - the 
"Puppet Practitioner" or the "Puppet Architect" - so i am asking you to 
help me a bit further, to decide which one i should go for. 

Suggestions appreciated :-)

Best regards,
Matthias

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/8fc0dbdb-7c2b-49ca-b919-6e8a9719bf60%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Very frequent "Error: Could not request certificate: The certificate retrieved from the master does not match the agent's private key." on Windows

[Fredrik Nilsson]

Hi Guys,

Hopefully one of you have a splendid idea on how to solve this...

The problem is that I'm getting this error message a lot (to much is more 
like it):


*Error: Could not request certificate: The certificate retrieved from the 
master does not match the agent's private key.Certificate fingerprint: 
FINGERPRINT*







*To fix this, remove the certificate from both the master and the agent and 
then start a puppet run, which will automatically regenerate a 
certficate.On the master:  puppet cert clean SERVERNAMEOn the agent:  1a. 
On most platforms: find C:/ProgramData/PuppetLabs/puppet/etc/ssl -name 
SERVERNAME.pem -delete  1b. On Windows: del 
"C:/ProgramData/PuppetLabs/puppet/etc/ssl/SERVERNAME" /f  2. puppet agent 
-t*

Some characteristics:
This is on newly provisioned hosts (provisioned from Foreman)
The machinses is running Windows Server of different flavours
Puppet Agent version is 3.8.7 (upgrade to a 4 release is in the pipe)
We have two VmWare clusters and this occurs on both (the checkbox for time 
sync with hardware host is NOT checked)

I actually had this problem from start, but back then it was so seldomly 
occuring so I decided to live with it, say it occured like 1/20 or so 
machines. But now it has escalated and it is rather 1/20 that got a working 
certificate from start, actually when starting to banging my head against 
the wall again yesterday I had two machines working, after adding an extra 
timesync in the provisioning workflow, but that was shortlived happiness as 
I've made 3 more machines after that with no success.

So my first suspects on this was time and change of "security context", but 
I think they're of the hook for the moment as I'm pretty confident in that 
my time is right and that I to my knowledge have stayed in the same 
security context.

To make sure that I got the time right I have this runing under the 
oobeSystem step in my provisioning workflow :
*powershell.exe -noprofile -executionpolicy bypass -command "& 
{Start-Service W32Time -ErrorAction SilentlyContinue; .\w32tm.exe /resync}"*

After installing chocolatey and the puppet agent the agent phones home like 
this (command composed from how this is done in the Linux half of our 
department):
*powershell.exe -noprofile -executionpolicy bypass -command " & {& 
'C:\Program Files\Puppet Labs\Puppet\bin\puppet.bat' agent -o --tags 
no_such_tag --no-daemonize}"*

The user loging on and running the commands are the local administrator 
account, to be extra thorough I logged on as that account trying to run a 
*puppet 
agent -t *after the host is built, just to be sure there was no logon 
account related stuff going on, but no difference.

Following the steps in the error message, generating a new certificate, 
ofcourse works, but we can all see the inconvinience of dowing that 
constantly on newly provisioned hosts, right?

I think that sums things up quite good, as said I've been baning my head 
against this, while not ignoring it, could still be something fishy going 
on on the puppetmaster that is not managed by me, but me colleauges in the 
linux neighborhood don't ecperience this so it is seemingly something to do 
with the Windows hosts.

Cheers,
Fredrik

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56a91341-3509-403a-8eb7-e88d903eb02f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.