What to do if puppet agent is reporting following errors:
Try 1: Recreate SLL certificate
- Compare /etc/puppetlabs/puppet/puppet.conf of host with another working system and fix any discrepancy
- Run puppet agent
puppet agent -tv
Try-2 : Recreate certificate
- Delete certificate from host
find /etc/puppetlabs/puppet/ssl -type f
find /etc/puppetlabs/puppet/ssl -type f -exec rm -f {} \;
- Delete certificte from puppet CA server
puppet cert clean host-fqdn-name
- Run puppet agent
puppet agent -t
- Sign client certificate on puppet CA Server
puppet sign cert host-fqdn-name
Try-3: Most interesting one ! Sync your host time with same ntp time source as your puppet master
service ntp stop
ntpdate -s time.nist.gov
service ntp start
puppet agent -t
- SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL is not yet valid for /CN=puppetmaster]
- Failed to generate additional resources using 'eval_generate': SSL_connect
- Could not retrieve catalog from remote server: SSL_connect
- Could not send report: SSL_connect
Try 1: Recreate SLL certificate
- Compare /etc/puppetlabs/puppet/puppet.conf of host with another working system and fix any discrepancy
- Run puppet agent
puppet agent -tv
Try-2 : Recreate certificate
- Delete certificate from host
find /etc/puppetlabs/puppet/ssl -type f
find /etc/puppetlabs/puppet/ssl -type f -exec rm -f {} \;
- Delete certificte from puppet CA server
puppet cert clean host-fqdn-name
- Run puppet agent
puppet agent -t
- Sign client certificate on puppet CA Server
puppet sign cert host-fqdn-name
Try-3: Most interesting one ! Sync your host time with same ntp time source as your puppet master
service ntp stop
ntpdate -s time.nist.gov
service ntp start
puppet agent -t
This just helped me . Thanks!
ReplyDeleteso i can't force sync from puppet master?
ReplyDeleteNo. Fixing master-client cert is pre requirement for any communication between master and client.
Delete