Ask Your Question
0

Will not sign certificates on first run for nodes not in 'production' environment - What's wrong?

asked 2015-01-26 11:51:34 -0500

scaryrobot gravatar image

updated 2015-01-27 05:44:26 -0500

Hello!

I've just enabled directory environments, which work fine for existing nodes. However, if I bring up a new node, the puppetmaster never responds with a signed certificate. If the new node is in the 'production' environment, it works fine, but any other environment, and nothing. The agent sites there with the 'waiting for cert' message. There's nothing in the puppetmaster (apache2) logs. Autosign is true. Any ideas?

[master]
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
hiera_config = /etc/puppet/hiera.yaml
storeconfigs = true
storeconfigs_backend = puppetdb
reports = puppetdb
environmentpath = $confdir/environments
environment_timeout = 1s
autosign = true

On the new node:

/usr/bin/puppet agent --onetime --verbose --debug --color false --environment throwable_alerter --server my-puppet-server.my-domain.com --no-daemonize --certname my-server-name.my-domain.com --pluginsync --waitforcert 60

...

1422294066,,ui,message,    amazon-ebs: debug: Finishing transaction 70233789640840
1422294066,,ui,message,    amazon-ebs: info: Creating a new SSL key for my-server-name.my-domain.com
1422294069,,ui,message,    amazon-ebs: info: Creating a new SSL certificate request for my-server-name.my-domain.com
1422294191,,ui,message,    amazon-ebs: notice: Did not receive certificate
1422294251,,ui,message,    amazon-ebs: notice: Did not receive certificate
1422294312,,ui,message,    amazon-ebs: notice: Did not receive certificate
1422294372,,ui,message,    amazon-ebs: notice: Did not receive certificate
1422294433,,ui,message,    amazon-ebs: notice: Did not receive certificate
1422294493,,ui,message,    amazon-ebs: notice: Did not receive certificate
edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2015-01-27 03:46:28 -0500

does "sudo puppet cert --list" on the server give any output? on the client what does "puppet config print certname" give you? also I assume you can ping the server from the client? also - do you have a separate autosign.conf for this new environment - maybe thats overriding the master one?

worth trying again with debugging turned on on the master?

cheers Stuart

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2015-01-26 11:50:46 -0500

Seen: 107 times

Last updated: Jan 27 '15