I have been all over the internet and tried different fixes to which none have worked.
Issue: When setting up a new agent to connect to the Puppet Master I run:
sudo /opt/puppetlabs/bin/puppet agent --test
The output of this command is (with certain text removed or modified):
Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for puppetmaster.example.com
Info: Certificate Request fingerprint (SHA256): <<intentionally removed>>
Error: Could not request certificate: Error 500 on SERVER: Internal Server Error: java.io.FileNotFoundException: /etc/puppetlabs/puppet/ssl/ca/requests/puppetagent.example.com.pem (Permission denied)
Exiting; failed to retrieve certificate and waitforcert is disabled
Couple of things I have tried/verified that have not worked:
--I can successfully telnet to the master via DNS name on port 8140
--Just to be sure it wasn't the agent server I tried with another server and have the same issue there.
-- When I use waitforcert is just has the same error over and over.
-- When I do:
sudo /opt/puppetlabs/bin/puppet cert list
I don't get anything in the list.
I read articles about permissions on the master. Here is a ls -lh of the SSL dir
root@puppetmaster:/home/ubuntu# ls -lh /etc/puppetlabs/puppet/ssl/
total 28K
drwxr-xr-x 5 root 999 4.0K Jan 2 10:14 ca
drwxr-xr-x 2 root 999 4.0K Jan 2 10:10 certificate_requests
drwxr-xr-x 2 root 999 4.0K Jan 4 08:58 certs
-rw-r--r-- 1 root 999 1.1K Jan 4 08:58 crl.pem
drwxr-x--- 2 root 999 4.0K Jan 2 10:10 private
drwxr-x--- 2 root 999 4.0K Jan 2 10:10 private_keys
drwxr-xr-x 2 root 999 4.0K Jan 2 10:10 public_keys
It's obvious what is wrong... the agent can't get the cert to the master so I can't sign the cert at the master. Problem is I am at a complete loss as to what to look at next. Any advise would be very much appreciated.
Thanks !
