Ask Your Question
0

Unable to sign certificate.

asked 2014-10-18 13:11:59 -0500

jimsonpai gravatar image

updated 2014-10-19 13:09:31 -0500

I am trying to get my hands with puppet. I boot up 2 VM both running on linuxmint 17. I intended one as puppetmaster and one as puppetclient. I am follow this guide https://help.ubuntu.com/12.04/serverg...

in /etc/hostname in /etc/hosts 127.0.1.1 puppetmaster // 192.168.75.141 puppetclient //this client's ip address after nm-tool search.

127.0.1.1 puppetclient 192.168.75.142 puppetmaster // this is the master's ip address

In both client and master I created a file in etc/puppet/manifests/site.pp

package {
    'apache2':
        ensure => installed
}

service {
    'apache2':
        ensure => true,
        enable => true,
        require => Package['apache2']
}

In master I created a file in /etc/puppet/manifests/nodes.pp

  node 'meercat02.example.com' {
         include apache2
}

In client I create a file /etc/default/puppet and put START=yes. Here's what I think there's a problem. In the guide, the file should already exist but in my case I have to create it.

So then I followed everything in the guide to sign the client certificate. I typed in sudo puppetca --sign puppetclient in puppetmaster's terminal . That didn't work and I found the solution in another post. http://serverfault.com/questions/457349/installed-puppetmaster-but-why-do-i-get-puppetca-command-not-found. So after reading the post I typed sudo puppet cert list --sign 'puppetclient'. Then it gives me this

Notice: Signed certificate request for ca
Error: Could not find certificates request for list

After the first five pages of google search I end up here asking for help. =) Anyone can help me resolve this issue? Thanks.

Update 1:

puppetclient@puppetclient ~ $ sudo puppet agent --enable puppetclient@puppetclient ~ $ sudo puppet agent --test --verbose --server puppetmaster

Warning: Unable to fetch my node definition, but the agent run will continue: Warning: Server hostname 'puppetmaster' did not match server certificate; expected one of puppetmaster.localdomain, DNS:puppet, DNS:puppet.localdomain, DNS:puppetmaster.localdomain Info: Retrieving plugin Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': Server hostname 'puppetmaster' did not match server certificate; expected one of puppetmaster.localdomain, DNS:puppet, DNS:puppet.localdomain, DNS:puppetmaster.localdomain Error: /File[/var/lib/puppet/lib]: Could not evaluate: Server hostname 'puppetmaster' did not match server certificate; expected one of puppetmaster.localdomain, DNS:puppet, DNS:puppet.localdomain, DNS:puppetmaster.localdomain Could not retrieve file metadata for puppet://puppetmaster/plugins: Server hostname 'puppetmaster' did not match server certificate; expected one of puppetmaster.localdomain, DNS:puppet, DNS:puppet.localdomain, DNS:puppetmaster.localdomain Error: Could not retrieve catalog from remote server: Server hostname 'puppetmaster' did not match server certificate; expected one of puppetmaster.localdomain, DNS:puppet, DNS:puppet.localdomain, DNS:puppetmaster.localdomain Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run Error: Could not send report: Server hostname 'puppetmaster' did not match server certificate; expected one of puppetmaster.localdomain, DNS:puppet, DNS:puppet.localdomain, DNS:puppetmaster.localdomain

Update 2:

Info: Caching certificaterevocationlist for ca Info: Retrieving plugin Error: Could not retrieve catalog ... (more)

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
0

answered 2014-10-20 07:55:46 -0500

bytwocoffee gravatar image

Did you change your site.pp as suggested by golja? Paste the entire site.pp.

Can you also send the output of these commands on the agent:

puppet agent --configprint server
puppet agent --configprint environment 
puppet agent -t -d
edit flag offensive delete link more
0

answered 2014-10-18 21:12:16 -0500

golja gravatar image

updated 2014-10-18 21:14:36 -0500

First of all confirm that the client can actually communicate with the master. If that's the case you should have a pending request on the master. To confirm that execute on the master sudo puppet cert list --all.

To sign all pending cert requests on the master just run sudo puppet cert sign --all. The command you tried to use (sudo puppet cert list --sign 'pupeptclient') doesn't really make sense.

On the puppet client try to confirm that the service is actually running. Try to execute something like service puppet start . Alternatively you can run the client manually with sudo puppet agent --test --verbose --server puppetmaster. If this is the first run it will create an certificate request on the master. If that's the case sign the cert on master as described above.

Also please modify the site.pp (etc/puppet/manifests/site.pp) on the master with something like that:

node default {
   package {  'apache2':
      ensure => installed
  }

  service { 'apache2':
      ensure => true,
      enable => true,
      require => Package['apache2']
  }    
}

That will define that for each puppet client it will install apache2 package/service. I used the reserved word default, because I believe your node client node name is not meercat02.example.com. To get the "right" node node from your puppet client, execute facter fqdn.

Personally I would recommend that you finish all Learning videos from Puppetlabs.

edit flag offensive delete link more

Comments

Thanks for the reply. However, I'm getting an error when I typed "udo puppet agent --test --verbose --server puppetmaster" on the client's vm. I edited it in my original post.

jimsonpai gravatar imagejimsonpai ( 2014-10-18 22:40:53 -0500 )edit

try to add that on your client /etc/hosts file 192.168.75.142 puppet and run again with sudo puppet agent --test --verbose --server puppet

golja gravatar imagegolja ( 2014-10-19 01:04:49 -0500 )edit

^ I already did that from the very beginning.

jimsonpai gravatar imagejimsonpai ( 2014-10-19 01:31:43 -0500 )edit

no you added puppetmaster, but add also puppet

golja gravatar imagegolja ( 2014-10-19 04:35:40 -0500 )edit

192.168.75.142 is puppet master's IP. 192.168.75.141 is puppet client's IP. You are asking me to add 192.168.75.142 puppet in my hosts file? I did what you asked and run sudo puppet agent --test --verbose --server puppet on the client. My error message is shown in update 2 in the original post.

jimsonpai gravatar imagejimsonpai ( 2014-10-19 13:07:07 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2014-10-18 13:11:59 -0500

Seen: 1,995 times

Last updated: Oct 19 '14