Ask Your Question

Running puppetmaster that is already a puppet agent of another PuppetMaster

asked 2015-11-30 08:26:45 -0600

Yasebriy gravatar image

Hello Community, Please How can I run puppetmaster that's is already a puppet agent of another Puppetmaster ?

When I am trying to run puppetmaster is shows me this : err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key

Actually I have a puppetmaster that is working fine with agents and I want that agent to be also a puppetmaster of another agents... I hope I am clear.

Details : facterversion => 1.5.8 fqdn => util02.dms01.tt016.lan puppetversion => 2.6.6 rubyversion => 1.8.6

I have deleted all the contenant of /var/lib/puppet/ssl/ and cleaned the certs in the Master.

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted

answered 2015-12-03 10:56:06 -0600

you can only have one ca (not strictly true as you can have a load balancer in front of multiple ca's with shared storage..)

choose 1st puppetmaster as ca - then specify in puppet.conf the ca_server setting - then should work,

edit flag offensive delete link more

answered 2015-12-03 16:57:28 -0600

Yasebriy gravatar image


thanks for your answer, however I have created a new directory in /var/lib/puppet/ (sslmaster) in the agent and added theses lines to /etc/puppet/puppet.conf : ... [master] ssldir = $vardir/sslmaster

This way the new puppetmaster (which is an agent of an existing ppmaster) has his own CA.

both agent and ppmaster are running.


edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2015-11-30 08:26:45 -0600

Seen: 109 times

Last updated: Dec 03 '15