Ask Your Question

Revision history [back]

Ok no need to answer , i have already found the problem myself .

Now I have installed a puppet agent , and am configuring it for he 1st time with :

[root@c6a ~]# puppet agent --no-daemonize --verbose --onetime   
Info: Creating a new SSL key for c6a.default
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for c6a.default
Info: Certificate Request fingerprint (SHA256): F6:42:E9:FC:6A:7B:1F:E8:A8:2B:3F:AF:68:3D:AD:5D:B1:8C:A8:38:0E:3D:30:97:82:4D:C0:7D:DA:BD:23:DD
Info: Caching certificate for ca
Exiting; no certificate found and waitforcert is disabled
[root@c6a ~]#

While on the server, the apache log file "/var/log/httpd/access_log" ( note : this is the only file that is getting updated when i run the command on the agent ) i get :

192.168.122.20 - - [21/Feb/2018:12:54:00 -0500] "GET /production/certificate/ca?fail_on_404=true HTTP/1.1" 200 1944 "-" "-"
192.168.122.20 - - [21/Feb/2018:12:54:00 -0500] "GET /production/certificate/c6a.default? HTTP/1.1" 404 49 "-" "-"
192.168.122.20 - - [21/Feb/2018:12:54:01 -0500] "GET /production/certificate_request/c6a.default? HTTP/1.1" 200 1586 "-" "-"
192.168.122.20 - - [21/Feb/2018:12:54:01 -0500] "GET /production/certificate/c6a.default? HTTP/1.1" 404 49 "-" "-"
192.168.122.20 - - [21/Feb/2018:12:54:02 -0500] "GET /production/certificate/ca?fail_on_404=true HTTP/1.1" 200 1944 "-" "-"
192.168.122.20 - - [21/Feb/2018:12:54:02 -0500] "GET /production/certificate/c6a.default? HTTP/1.1" 404 49 "-" "-"
192.168.122.20 - - [21/Feb/2018:12:54:02 -0500] "GET /production/certificate/c6a.default? HTTP/1.1" 404 49 "-" "-"
192.168.122.20 - - [21/Feb/2018:12:54:03 -0500] "GET /production/certificate/c6a.default? HTTP/1.1" 404 49 "-" "-"

And from what I see , the client is asking for the file path "/production/certificate/c6a.default" (relative to apache ) which obiously does not exist because it was not created .

Searching thru the folders of the server , I have found a certification file for "c6a" ( the agent ) at the path :

/var/lib/puppet/ssl/ca/requests/c6a.default.pem

I am bummed , what should i do , is it normal ? does it have to happend like that ? should I continue , or is it essential that i receive the file at path " /production/certificate/c6a.default" from the server ??

Regards .