Home / server / Questions / 574976
Accepted
Itai Ganot
Asked: 2014-02-13 03:26:37 +0800 CST

Puppet: Trying to configure puppet client for first use but got some problems with certificates

  • 772

I'm trying to configure my clinet 'Itai-test' to receive puppet settings from the puppet server which is called 'puppetmaster'.

On the server I ran:

[root@puppetmaster requests]# puppet cert --generate itai-test.domain
Error: A Certificate already exists for itai-test.domain
[root@puppetmaster requests]# puppet cert --sign itai-test.domain
Error: Could not find certificate request for itai-test.domain
[root@puppetmaster requests]#

On the puppet client I ran:

[root@itai-test temp]# puppet agent --server puppetmaster.domain --waitforcert 60 --test
Notice: Did not receive certificate
Notice: Did not receive certificate
Notice: Did not receive certificate

More information: On server:

[root@puppetmaster ~]# puppet cert --revoke Itai-test
Error: Could not find a serial number for itai-test
[root@puppetmaster ~]# puppet cert --revoke itai-test
Error: Could not find a serial number for itai-test
[root@puppetmaster ~]# puppet cert --clean itai-test
Error: Could not find a serial number for itai-test
[root@puppetmaster ~]# puppet cert --list
[root@puppetmaster ~]# puppet cert --sign itai-test
Error: Could not find certificate request for itai-test
[root@puppetmaster ~]#

On client:

[root@itai-test ~]# rm -rf /usr/lib/puppet/ssl
[root@itai-test ~]# puppet agent --server puppetmaster.domain --waitforcert 60
[root@itai-test ~]# ping puppetmaster.domain
PING puppetmaster (192.168.X.X) 56(84) bytes of data.
64 bytes from puppetmaster (192.168.X.X): icmp_seq=1 ttl=64 time=0.294 ms
puppet

3 Answers

  1. Best Answer

    Does you client know how to find the server?

    root@client# ping puppet

    What certname will the client use when connecting to the server?

    root@client# puppet config print certname

    Remove the ssl details on the client

    root@client# rm -rf /var/lib/puppet/ssl

    Remove all traces of the client on the server

    root@puppet# puppet node clean $client_certname
root@puppet# puppet node deactivate $client_certname
    • 12

  2. First: On Server

    puppet cert --revoke Itai-test
puppet cert --clean Itai-test

    Second: On Client

    rm -rf /usr/lib/puppet/ssl
puppet agent --server [puppetmaster domain name] --waitforcert 60

    Third: On Server

    puppet cert --list (you should see your host)
puppet cert --sign Itai-test

    Also, double check that your client can reach your [puppetmaster domain name].

    • 3

  3. I think you got out of sync somehow. Assuming this is really just a test instance... On the server, run puppet node clean itai-test.domain. Then, on the client run rm -rf /var/lib/puppet/ssl. Now your SSL cert for the client is gone. Run puppet agent --server puppetmaster.domain --waitforcert 60 --test on the client and look for the certificate request on the server.

    • 1