home
design & development
Lotus application development
print design
web site development
request a design quote
solutions & consulting
Notes and Domino application development
Lotus Domino administration
Securence Mail Filtering
UNITRENDS backup and recovery
Lotus Notes / Domino Apps
free Lotus Notes apps
hosting
web site hosting
Lotus application hosting
check your mail
request a hosting quote
publishing
media and publishing
sound
client services
help & support
Make Payment
Client Access - Workboard
billing & payment policies
copyright & liability policies
pricing & turnaround policies
privacy statement
contact
e-mail MW
get files
send files
Puppet Error with Receiving Certificate Between Local Agent and Puppet Master
Mindwatering Incorporated
Author: Tripp W Black
Created: 04/02/2021 at 12:28 PM
Category:
General Web Tips
Other
Error:
Exiting; failed to retrieve certificate and waitforcert is disabled
Could not request certificate: The certificate retrieved from the master does not match the agent's private key. Did you forget to run as root?
Possible Solutions:
1. Sudo promotion failed for the system id being used? This would be the obvious "did you forget to run as root".
2. Was another previous machine already provisioned with that same hostname?
e.g. This is similar to the SSH client issue to a server that was swing upgrade from RHAT 6 to RHAT 7, for example, where the new VM has a new key, but has the same IP and address of the previous VM.
For this error, manually remove the botched/old cert from the client agent, and the puppet master's agent node list.
3a. Bad configuration or DNS for the puppet master puppet.conf with the [master] and [agent] domain entries, where they don't match the environment's DNS. Was the VM moved to a new domain?
3b. Another version of 3, where the firstboot.sh doesn't properly setup puppet.conf agent. Did the script fail to run. What is in the /var/log/messages, etc.?
Causes could be LDAP and AD issues.
Commands to reset/remove/replace certs between
Puppet Master Removal of Node (VM) Hostname
$ sudo puppet cert clean "vmhostname"
Puppet Agent Cert Removal on VM Node:
$ sudo rm -f /etc/puppetlabs/puppet/ssl/certs/vmhostname
$ find /var/lib/puppet -name vmhostname -delete
$ puppet agent -t
To Re-add a VM Hostname to Master:
$ puppet cert --list
$ puppet cert --sign "vmhostname"
Back on the VM node:
$ puppet agent -t
To manually update the puppet.conf (instead of firstboot.sh):
/etc/puppetlabs/puppet/
$ sudo vi puppet.conf
[master]
certname=vmpuppetmaster.mindwatering.net
[agent]
certname=vmhostname.mindwatering.net
previous page
×