After we have configured our network and installed, configured and verified our Puppet Server (puppetmaster), it’s now time to install our first puppet client and configure it to receive a signed certificate and puppet recipes. If you haven’t performed those pre-requisite setups, please start with Setup Puppet to configure your servers.
Let’s first install puppet from the ubuntu package:
# apt-get install puppet
Then we start our client
# puppetd –server puppet-server01.example.com –verbose –waitforcert 60
A peak at /var/log/syslog confirms our request for a certificate: Creating a new SSL certificate request for puppet-client01.example.com
And the same log on the server should contain: puppet-master[617]: puppet-client01.example.com has a waiting certificate request
If this state on the server is confirmed, it’s time to sign the certificate on the server:
# puppetca –list (and again we should see the hostname of our client that has requested the cert)
# puppetca –sign puppet-client01.example.com
We should get confirmation as such: notice: Signed certificate request for puppet-client01.nextpt.com. Anything else or errors will likely point towards network and/or dns configuration issues.
If you have followed our tutorial on how to setup puppetmaster, you should now have htop installed on your client. Also check /var/log/syslog for additional info.
Finally we should enable puppet to start on reboot. We do this by editing /etc/default/puppet and set START=yes.
How can I solve this problem???
The /var/log/syslog shows the following:
Nov 21 02:06:00 puppet-client puppet-agent[18255]: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key
mdesales@puppet-client:~$ sudo puppetd –server puppet.localdomain –verbose –waitforcert 60 –test
err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key
err: Could not retrieve catalog from remote server: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
I was trying to start it without setting the hostnames… Instead, I was using IP address… PLEASE let me know how I can delete the CA. Where is it?
Marcello
Depending on your OS (on Ubuntu it’s in your home folder) find .ssh/known_hosts and delete the line that matches the host name of your puppet server, which seems to be puppet.localdomain in your case.