Puppet: Trying to configure puppet client for first use but got some problems with certificates
Solution 1
Does you client know how to find the server?
root@client# ping puppet
What certname will the client use when connecting to the server?
root@client# puppet config print certname
Remove the ssl details on the client
root@client# rm -rf /var/lib/puppet/ssl
Remove all traces of the client on the server
root@puppet# puppet node clean $client_certname
root@puppet# puppet node deactivate $client_certname
Solution 2
First: On Server
puppet cert --revoke Itai-test
puppet cert --clean Itai-test
Second: On Client
rm -rf /usr/lib/puppet/ssl
puppet agent --server [puppetmaster domain name] --waitforcert 60
Third: On Server
puppet cert --list (you should see your host)
puppet cert --sign Itai-test
Also, double check that your client can reach your [puppetmaster domain name].
Solution 3
I think you got out of sync somehow. Assuming this is really just a test instance... On the server, run puppet node clean itai-test.domain
. Then, on the client run rm -rf /var/lib/puppet/ssl
. Now your SSL cert for the client is gone. Run puppet agent --server puppetmaster.domain --waitforcert 60 --test
on the client and look for the certificate request on the server.
Related videos on Youtube
![Itai Ganot](https://i.stack.imgur.com/ICkw8.jpg?s=256&g=1)
Itai Ganot
Architect and Lecturer in the field of DevOps Engineering. LinkedIn: https://www.linkedin.com/in/itaiganot Personal Website: http://geek-kb.com
Updated on September 18, 2022Comments
-
Itai Ganot almost 2 years
I'm trying to configure my clinet 'Itai-test' to receive puppet settings from the puppet server which is called 'puppetmaster'.
On the server I ran:
[root@puppetmaster requests]# puppet cert --generate itai-test.domain Error: A Certificate already exists for itai-test.domain [root@puppetmaster requests]# puppet cert --sign itai-test.domain Error: Could not find certificate request for itai-test.domain [root@puppetmaster requests]#
On the puppet client I ran:
[root@itai-test temp]# puppet agent --server puppetmaster.domain --waitforcert 60 --test Notice: Did not receive certificate Notice: Did not receive certificate Notice: Did not receive certificate
More information: On server:
[root@puppetmaster ~]# puppet cert --revoke Itai-test Error: Could not find a serial number for itai-test [root@puppetmaster ~]# puppet cert --revoke itai-test Error: Could not find a serial number for itai-test [root@puppetmaster ~]# puppet cert --clean itai-test Error: Could not find a serial number for itai-test [root@puppetmaster ~]# puppet cert --list [root@puppetmaster ~]# puppet cert --sign itai-test Error: Could not find certificate request for itai-test [root@puppetmaster ~]#
On client:
[root@itai-test ~]# rm -rf /usr/lib/puppet/ssl [root@itai-test ~]# puppet agent --server puppetmaster.domain --waitforcert 60 [root@itai-test ~]# ping puppetmaster.domain PING puppetmaster (192.168.X.X) 56(84) bytes of data. 64 bytes from puppetmaster (192.168.X.X): icmp_seq=1 ttl=64 time=0.294 ms
-
Itai Ganot over 10 yearsI've edited my question with the results of the commands you mentioned, thanks.
-
richardkmiller over 9 yearsThanks for "puppet config print certname" -- very useful and I hadn't seen that before.
-
the over 9 yearsThanks. Somehow the certname was not matching with my hostname, I fixed it by setting certname in puppet.conf
-
slec over 8 yearsI had the same problem as the op, and this finally worked for me.
-
nomadic_squirrel about 6 yearsDocs have moved. See certname in puppet.conf instead.