Ask Your Question

puppet cert list returns nothing, although PE Console shows unsigned certificates

asked 2015-12-30 11:51:55 -0600

NickMRamirez gravatar image

I'm new to Puppet, so this may be something I'm doing wrong...

The steps I'm taking are:

  1. I installed Puppet Master on CentOS

  2. Ran the command: puppet cert generate puppetmaster --dns_alt_names="puppet;". This seems to have generated a certificate for the puppet master.

  3. On a Windows machine, installed the puppet master agent MSI with the command: msiexec /norestart /i C:\\puppet-agent-1.3.2-x64.msi /qn PUPPET_MASTER_SERVER= PUPPET_AGENT_CERTNAME=node1

  4. Opened port 8140 outbound, since the MSI doesn't seem to do this

  5. Ran the command: C:\\Program Files\\Puppet Labs\\Puppet\\bin\\puppet.bat" agent --test. This is the only way I've found for the agent to send its certificate request to the puppet master.

  6. On the Puppet Enterprise Web GUI, I see a new certificate request under Nodes > Unsigned Certificates.

When I SSH into the puppet master server and run the command: puppet cert list

...nothing is returned. Shouldn't it show the certificate that I'm seeing in the GUI? Also, once I accept the certificate through the GUI, it doesn't show up as a node when I run:

puppet node find

I only see the puppet master's information then.

Any help much appreciated!

edit retag flag offensive close merge delete

3 Answers

Sort by ยป oldest newest most voted

answered 2017-09-24 10:01:47 -0600

reesek gravatar image

Try supplying the --all option, so puppet cert list --all. This will need to be run as the root user (as it seems you've discovered).

In the output of puppet help cert

* list: List outstanding certificate requests. If '--all' is specified, signed certificates are also listed, prefixed by '+', and revoked or invalid certificates are prefixed by '-' (the verification outcome is printed in parenthesis).

Regarding trying to run the puppet command via sudo: sudo resets environment variables by default (env_reset), hence the 'command not found'. You could amend the secure_path Defaults in /etc/sudoers to include the path to the puppet command, probably /usr/local/bin, or disable env_reset. I would recommend on reading up on any risks associated with either of these approaches relative to your organizations security policies, but wanted to provided an explanation nonetheless as to why sudo puppet cert list resulted in puppet; command not found.

edit flag offensive delete link more

answered 2015-12-30 12:01:50 -0600

NickMRamirez gravatar image

I figured it out. I had to run the puppet cert list command as sudo, or else nothing is returned. On CentOS, the command :

sudo puppet cert list

returned: sudo: puppet: command not found

But I could do:

su -

To log on as root.

edit flag offensive delete link more


This does not work either

Taragrg6 gravatar imageTaragrg6 ( 2017-09-24 00:50:52 -0600 )edit

sudo resets environment variables by default (`env_reset`), hence the 'command not found'. You could amend the `secure_path` Defaults in `/etc/sudoers` to include the path to the puppet command, probably `/usr/local/bin`, or disable `env_reset`. Or, run puppet commands as the root user as you found

reesek gravatar imagereesek ( 2017-09-24 09:55:04 -0600 )edit

answered 2017-09-24 00:50:31 -0600

Taragrg6 gravatar image

I am on the similar problem need a fix help

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools



Asked: 2015-12-30 11:50:39 -0600

Seen: 1,820 times

Last updated: Sep 24 '17