Ask Your Question
1

Running puppet is daemon mode doesn't generate certificate request

asked 2016-02-10 23:08:31 -0600

DeepthiR gravatar image

updated 2016-02-11 05:48:59 -0600

The old certificated has been clean on the puppet master. The ssl directory has been deleted

New certs have to be generated now. On starting puppet in daemon mode will a new certificate be generated ? Or is it necessary to run puppetd --test to generate the certificate request.

I'm seeing an issue where directly running in daemon mode is causing puppet to generate certs but see error "Could not request certificate: The certificate retrieved from the master does not match the agent's private key." for the newly generated cert.

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
0

answered 2016-02-11 02:36:51 -0600

grist gravatar image

I had this happen to me and it turned out somehow there were certs under a hidden .puppet/ssl folder in my home dir. Once I removed that folder it generated new certs with just puppet agent --verbose --no-daemonize.

edit flag offensive delete link more

Comments

That would suggest you ran the agent as a non root user?

Alex Harvey gravatar imageAlex Harvey ( 2016-02-11 09:21:46 -0600 )edit
0

answered 2016-02-11 04:11:27 -0600

updated 2016-02-11 09:32:05 -0600

Well, if you deleted all your certificates, then of course, you need to generate new ones. You might consider enabling auto-signing temporarily, if you trust the network's security.


As far as whether you can simply start the service to generate the certs with auto-signing enabled, or whether you need to run puppet agent -t manually, it looks like this changed in later versions of Puppet so it probably depends on your version. Compare PE 3.7 docs and PE 3.3 docs.

edit flag offensive delete link more

Comments

I know that I need to generate new certificates. What I want to know is if running puppet in daemon mode will generate the request or is it necessary to run "puppetd --test" to generate the certificate request Also, I have auto-signing enabled

DeepthiR gravatar imageDeepthiR ( 2016-02-11 04:44:50 -0600 )edit

Oh, I misunderstood. Updating.

Alex Harvey gravatar imageAlex Harvey ( 2016-02-11 09:29:53 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2016-02-10 23:08:31 -0600

Seen: 50 times

Last updated: Feb 11 '16