Created
January 20, 2017 09:28
-
-
Save crayfishx/994720f8dfad644dcfa7b54b3be6c68c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
##### On the PuppetCA - clean the new masters cert.... | |
[root@puppetca /]# puppet cert clean b3b0d92345fb | |
Notice: Revoked certificate with serial 13 | |
Notice: Removing file Puppet::SSL::Certificate b3b0d92345fb at '/etc/puppetlabs/puppet/ssl/ca/signed/b3b0d92345fb.pem' | |
Notice: Removing file Puppet::SSL::Certificate b3b0d92345fb at '/etc/puppetlabs/puppet/ssl/certs/b3b0d92345fb.pem' | |
##### On the new master, verify puppet.conf has ca_server and ca | |
environmentpath = /etc/puppetlabs/code/environments | |
ca_server = puppetca | |
# This file can be used to override the default puppet settings. | |
# See the following links for more details on what settings are available: | |
# - https://docs.puppetlabs.com/puppet/latest/reference/config_important_settings.html | |
# - https://docs.puppetlabs.com/puppet/latest/reference/config_about_settings.html | |
# - https://docs.puppetlabs.com/puppet/latest/reference/config_file_main.html | |
# - https://docs.puppetlabs.com/puppet/latest/reference/configuration.html | |
[master] | |
vardir = /opt/puppetlabs/server/data/puppetserver | |
logdir = /var/log/puppetlabs/puppetserver | |
rundir = /var/run/puppetlabs/puppetserver | |
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid | |
codedir = /etc/puppetlabs/code | |
autosign = true | |
ca = false | |
#### On the new master, remove old SSL directory and run puppet agent.... | |
[root@b3b0d92345fb puppet]# rm -rf ssl/* | |
[root@b3b0d92345fb puppet]# puppet agent -t --ca_server puppetca --waitforcert 20 | |
Info: Creating a new SSL key for b3b0d92345fb | |
Info: Caching certificate for ca | |
Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml | |
Info: Creating a new SSL certificate request for b3b0d92345fb | |
Info: Certificate Request fingerprint (SHA256): ED:D9:B1:19:6F:B5:33:B4:FF:B0:79:F5:EE:F6:F6:6B:E8:83:2C:13:80:54:DA:80:CB:50:44:4C:77:F4:DE:72 | |
Info: Caching certificate for b3b0d92345fb | |
#### On the PuppetCA verify the cert exists and is signed | |
[root@puppetca /]# puppet cert list b3b0d92345fb | |
+ "b3b0d92345fb" (SHA256) 75:EA:F1:0F:B6:1C:94:70:98:C3:39:2B:A9:30:6E:44:0D:A0:D5:8D:54:B5:96:18:AA:71:66:0B:77:AE:95:9D | |
#### On the new master, start puppetserver | |
[root@b3b0d92345fb puppet]# puppetserver foreground & | |
#### On the new master, try a puppet run against itself.... | |
[root@b3b0d92345fb puppet]# puppet agent -t --server b3b0d92345fb --ca_server puppetca | |
Warning: Unable to fetch my node definition, but the agent run will continue: | |
Warning: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get certificate CRL for /CN=b3b0d92345fb] | |
Info: Retrieving pluginfacts | |
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get certificate CRL for /CN=b3b0d92345fb] | |
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get certificate CRL for /CN=b3b0d92345fb] | |
Info: Retrieving plugin | |
Error: /File[/opt/puppetlabs/puppet/cache/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get certificate CRL for /CN=b3b0d92345fb] | |
Error: /File[/opt/puppetlabs/puppet/cache/lib]: Could not evaluate: Could not retrieve file metadata for puppet:///plugins: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get certificate CRL for /CN=b3b0d92345fb] | |
Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get certificate CRL for /CN=b3b0d92345fb] | |
Warning: Not using cache on failed catalog | |
Error: Could not retrieve catalog; skipping run | |
Error: Could not send report: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get certificate CRL for /CN=b3b0d92345fb] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment