Ask Your Question
0

Two masters with one running a CA

asked 2014-07-15 10:35:52 -0600

AdamB gravatar image

I'm trying to set-up a secondary master that does not run its own CA. The primary master runs a CA and has autosign=true. However, I can't get the agent to connect and get following errors. What am I doing wrong?

[root@hostA~]# puppet agent --test --ca_server hostB --server hostC
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for hostA
Info: Certificate Request fingerprint (SHA256): F0:AE:AE:0B:30:F7:53:C8:B0:BF:91:10:12:9F:9E:BA:AF:C7:5D:EF:E0:8D:D9:CF:0C:A8:FD:7B:06:09:56:BA
Info: Caching certificate for hostA
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for hostA
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: puppet]
Info: Retrieving pluginfacts
Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: puppet]
Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet://hostC/pluginfacts: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: puppet]
edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
0

answered 2014-07-22 02:51:00 -0600

On the secondary, try moving your ssl directory (rename it) and try the run again. That's /var/lib/puppet/ssl by default in the open source version.

edit flag offensive delete link more
0

answered 2014-11-04 00:11:14 -0600

I am having the exact error with the exact setup. AdamB, or anyone have any hint?

I have reviewed the net and came ac cross these two link, and have tried it to the teeth, and still have no luck.

http://sanjivblogs.blogspot.com/2012/... http://seriousbirder.com/blogs/scalin...

Would appreciate any pointers!

Thanks

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2014-07-15 10:35:52 -0600

Seen: 412 times

Last updated: Jul 22 '14