Ask Your Question
0

puppet cert --clean puppetmaster.host accident

asked 2014-12-10 18:16:02 -0600

Hi everyone, There was some confusion on cleaning up a client and the puppet cert was cleaned for the host machine running the puppetmaster. An attempt to sign the machine again was met by this error:

err: Could not retrieve catalog from remote server: SSLconnect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=puppet.host] warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run err: Could not send report: SSLconnect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=puppet.host]

There are over 400 clients puppetized in this environment. Is there a way to resign the puppet master without affecting the clients?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2014-12-11 18:56:38 -0600

GregLarkin gravatar image

I don't think so, but there is this document describing how to get everything back in shape: https://docs.puppetlabs.com/puppet/la...regeneratecertificates.html

The drawback is that you will have to put a process together to log into each agent node and run some commands. Perhaps a script fired by parallel SSH would be your best bet for that.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2014-12-10 18:16:02 -0600

Seen: 153 times

Last updated: Dec 11 '14