Puppet agent cannot connect to master

Question

Puppet agent cannot connect to master

I struggle with 2 days with the signing of Puppeteers Authentic. The problem is this:

On the main, I will delete all existing signatures using

puppet cert clean esx-poc-1.xxx.de

In the agent, I delete the entire ssl directory with

rm -rf / var / lib / puppet / ssl /

After running one of the following commands in the agent ...

puppet certificate creates esx-poc-1.xxx.de --ca-location remote puppet agent - server puppetmaster.int.xxx.com --waitforcert 60 - test

... I can list the certificates on the main server:

puppet certificate list - all

Output:

"esx-poc-1.xxx.de" (SHA256) 71: 72: D8: 3E: 09: 9E: B1: 5C: YES: 78: A8: B8: A1: 2B: E4: 09: B8: 00: 8A: AF: 49: 02: CC: B2: B5: C3: 25: 79: 59: 0D: A8: F5 + "puppetmaster.int.xxx.com" (SHA256) 7B: 00: 8C: 4F: CE: B2: 0D: 2F: A1: BB: A7: C4: 25: B0: 11: 01: 2B: EC: 90: 46: D1: CB: BE: AA: AD: 3F: B4: 70: 0C: 83: 3F: 78 (alt names: "DNS: puppet", "DNS: puppet.xxx.de", "DNS: puppetmaster.int.xxx.com")

After signing the agent with:

puppet certificate sign esx-poc-1.xxx.de

The fingerprint is different from the above:

"esx-poc-1.xxx.de" (SHA256) 49: F6: 59: FD: 3C: 28: C6: 54: 7F: 6E: A7: 56: 56: DB: 64: 9A: E2: 08: 10: 90: 11: 83: 7A: A6: 0E: E1: CD: 39: F0: E0: 1C: 25

Is it correct?

Executing agent scams starts with the following error:

Warning: Unable to fetch my node definition, but the agent run will continue: Warning: Error 400 on SERVER: Could not retrieve facts for esx-poc-1.xxx.de: Failed to submit 'replace facts' command for esx-poc-1.xxx.de to PuppetDB at puppetmaster.int.xxx.com:8081: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=puppetmaster.int.xxx.com] Info: Retrieving plugin Info: Loading facts in /var/lib/puppet/lib/facter/last_run.rb Info: Loading facts in /var/lib/puppet/lib/facter/pe_version.rb Info: Loading facts in /var/lib/puppet/lib/facter/puppi_projects.rb Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb Info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb Info: Loading facts in /var/lib/puppet/lib/facter/iptables.rb Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to submit 'replace facts' command for esx-poc-1.xxx.de to PuppetDB at puppetmaster.int.xxx.com:8081: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=puppetmaster.int.xxx.com] Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run

Thanks for any help!

+4

ssl puppet

heinkunibert Feb 07 '13 at 9:57

source share

5 answers

Patrick · Answer 1 · 2013-02-09T06:08:30+0000

Go to this same problem. The problem was that the puppetdb-terminus package was in version 1.1.0 , and puppetdb itself was still in 1.0.5 .

After lowering puppetdb-terminus to 1.0.5 everything works fine.

user1529891 · Answer 2 · 2014-03-15T21:40:39+0000

In puppet 3.4, I noticed that if hostnames are not set, this error can be reset.

For instance; I had two debian drawers; one of them was named debian1 , and the other debian2 in the hosts file. But both of their options are /etc/hostname , where debian ; after I changed the name to hostname and set their names to /etc/hostname , they worked fine.

chrskly · Answer 3 · 2013-02-07T23:44:41+0000

This might be a dumb question, but do you have a node definition for this machine? I.e.

 node 'esx-poc-1.xxx.de' { ..... }

caiman · Answer 4 · 2013-12-10T15:15:01+0000

I had this error after changing the file permissions in / etc / puppet. Changing them back to "pe-puppet" (for the corporate version) allowed this for me

heinkunibert · Answer 5 · 2013-02-07T13:37:36+0000

After reinstalling puppetdb completely, it finally works ...

Puppet agent cannot connect to master

More articles: