Puppet: Trying to configure puppet client for first use but got some problems with certificates

puppet puppetmaster

I'm trying to configure my clinet 'Itai-test' to receive puppet settings from the puppet server which is called 'puppetmaster'.

On the server I ran:

[root@puppetmaster requests]# puppet cert --generate itai-test.domain
Error: A Certificate already exists for itai-test.domain
[root@puppetmaster requests]# puppet cert --sign itai-test.domain
Error: Could not find certificate request for itai-test.domain
[root@puppetmaster requests]#

On the puppet client I ran:

[root@itai-test temp]# puppet agent --server puppetmaster.domain --waitforcert 60 --test
Notice: Did not receive certificate
Notice: Did not receive certificate
Notice: Did not receive certificate

More information: On server:

[root@puppetmaster ~]# puppet cert --revoke Itai-test
Error: Could not find a serial number for itai-test
[root@puppetmaster ~]# puppet cert --revoke itai-test
Error: Could not find a serial number for itai-test
[root@puppetmaster ~]# puppet cert --clean itai-test
Error: Could not find a serial number for itai-test
[root@puppetmaster ~]# puppet cert --list
[root@puppetmaster ~]# puppet cert --sign itai-test
Error: Could not find certificate request for itai-test
[root@puppetmaster ~]#

On client:

[root@itai-test ~]# rm -rf /usr/lib/puppet/ssl
[root@itai-test ~]# puppet agent --server puppetmaster.domain --waitforcert 60
[root@itai-test ~]# ping puppetmaster.domain
PING puppetmaster (192.168.X.X) 56(84) bytes of data.
64 bytes from puppetmaster (192.168.X.X): icmp_seq=1 ttl=64 time=0.294 ms

Solution 1:

Does you client know how to find the server?

root@client# ping puppet

What certname will the client use when connecting to the server?

root@client# puppet config print certname

Remove the ssl details on the client

root@client# rm -rf /var/lib/puppet/ssl

Remove all traces of the client on the server

root@puppet# puppet node clean $client_certname
root@puppet# puppet node deactivate $client_certname

Solution 2:

First: On Server

puppet cert --revoke Itai-test
puppet cert --clean Itai-test

Second: On Client

rm -rf /usr/lib/puppet/ssl
puppet agent --server [puppetmaster domain name] --waitforcert 60

Third: On Server

puppet cert --list (you should see your host)
puppet cert --sign Itai-test

Also, double check that your client can reach your [puppetmaster domain name].

Solution 3:

I think you got out of sync somehow. Assuming this is really just a test instance... On the server, run puppet node clean itai-test.domain. Then, on the client run rm -rf /var/lib/puppet/ssl. Now your SSL cert for the client is gone. Run puppet agent --server puppetmaster.domain --waitforcert 60 --test on the client and look for the certificate request on the server.

Related

How to determine IP address is unicast or anycast? [closed]
vsftpd : limit connection to a set of IP addresses
ip link set not assigning IP Address but ifup does
Power Cables Required to Switch from 120v to 240v for Dell Poweredge Servers
How to enable traceroute in linux machine
Can't access ports assigned to Rails 4.2, but 4.04 works fine
Get number of TCP established connections
Dell M6600: "No internet access", can browse internet, can remote into it, cannot activate office 2013, cannot join domain
Certificate stops working after computer reboot
Why does a DHCP server need a static IP address?
Is it a bad idea to stop unnecessary services running
Adding an SPF record for a 3rd party, but don't have one for my own domain