no new certificate generated
I'm just getting started with connecting a collection of CentOS linux 5,6 & 7 to a new puppet-master, actually the one bundled with Foreman , (and I've been learning a lot).
I have found a known issue where my puppet-master is requiring sha256 digests be used on certs however some of the stock clients by default use MD5. OK, so I know how to add the Puppet Labs repo to my machines and gain updated clients, HOWEVER there is another known issue with puppet-master affecting deletion of certificate requests.
The situation I'm running into is:
- A stock RHEL5 client runs "puppet agent --test", generates a new cert req. using the MD5 digest.
- On the master I pick up the req. but I can only list it, I cannot clear it. (if I clear ALL it will go away, along with my entire deployment).
- I manually remove the cert request with 'rm'. remove and install the correct puppet packages on the client.
- "puppet agent --test" does not seem to do anything, no new req seen on the puppet-master.
This is how I manually removed the cert req:
[root@4man manifests]# puppet cert list "anix.example.com" (MD5) 61:87:21:C9:5A:78:57:F4:1E:B0:17:F3:51:8A:1C:97 [root@4man manifests]# puppet cert clean anix.example.com Error: Could not find a serial number for anix.example.com [root@4man manifests]# [root@4man manifests]# find /var/lib/puppet/ssl/ -name 'anix*' /var/lib/puppet/ssl/ca/requests/anix.example.com.pem [root@4man manifests]# rm /var/lib/puppet/ssl/ca/requests/anix.example.com.pem rm: remove regular file ‘/var/lib/puppet/ssl/ca/requests/anix.example.com.pem’? y [root@4man manifests]# puppet cert list [root@4man manifests]#
Currently I run "puppet agent --test --waitforcert 99" and no certificate is received, ( I don't see any errors or other acknowledgement on the puppet-master box).