2

I did this

sudo puppet agent --test
err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run

I deleted the ssl directory but nothing help. I read the docs and none seem to work out. Any suggestion where to tackle?

the client is signed on the master.

Thanks.

Is time sync? I checked date and they both seem okay.

openssl x509 -text -in /var/lib/puppet/ssl/certs/...

Weird... I don't have ssl directory? What should I use to generate? There are too many commands ... I just wan to be careful.

This is the log for running sudo puppet master --debug --no-daemonize: http://pastebin.com/TM3KHmzx

Then on client

admin@client:~$ sudo puppet agent --test
err: Could not retrieve catalog from remote server: Connection refused - connect(2)
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run

Here is my fileserver.conf

[blueprint1234]
path /etc/puppet/modules/blueprint1234/files
allow 10.10.0.0/12

Did I put the IP right? The internal IP of the client (it is a VM) is 10.10.0.12 Here is the site.pp

node blueprint1234 {
        include blueprint1234
}

node 'client' inherits blueprint1234 {
}

Thanks

Daniel Huger
  • 223
  • 4
  • 10
  • Since puppet has the least helpful error messages I've ever come across on a program, you might want to do the following for us to try and help you: Stop your puppet master, then type `puppet master --debug --no-daemonize` on the console and run it. Then run the puppet agent. When you start seeing errors on the `Master`, copy and append them here. – qweet Jun 15 '12 at 19:50

2 Answers2

2

The most common cause for that is that the time of both machines are different by more than a few seconds.

Daniel C. Sobral
  • 5,713
  • 6
  • 34
  • 48
2

I've dealt with this a bunch of time and the solution that usually works is doing an rm -r on /var/lib/puppet/ssl (or whatever the ssldir is) on the puppet client (i.e. where you are running puppet agent commands). Then, on the puppet master, run sudo puppetca --clean FQDN where FQDN is the fully qualified domain name. That means not just blueprint1234 but blueprint1234.yourdomain.com or whatever. If you don't get any output from the clean command, then you don't have the correct name...if it worked you'll seeing something about removing the certificate that you specified.

Richard Martinez
  • 131
  • 2
  • I had a similar issue with a similar error. The problem I had was my hostnames were all messed up may just double check – JMeterX Jun 29 '12 at 18:17