Be aware : Puppet uses SSL protocol which doesn’t accept time difference between nodes.

You may experience this issue :

root@puppet:~# puppet agent -tv --waitforcert=60 --server=puppetmaster.argonay.wou
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [CRL is not yet valid for /CN=Puppet CA: puppetmaster.localdomain]
Info: Retrieving pluginfacts
Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [CRL is not yet valid for /CN=Puppet CA: puppetmaster.localdomain]
Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet://puppetmaster.argonay.wou/pluginfacts: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [CRL is not yet valid for /CN=Puppet CA: puppetmaster.localdomain]
Wrapped exception:
SSL_connect returned=1 errno=0 state=error: certificate verify failed: [CRL is not yet valid for /CN=Puppet CA: puppetmaster.localdomain]
Info: Retrieving plugin
Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [CRL is not yet valid for /CN=Puppet CA: puppetmaster.localdomain]
Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve file metadata for puppet://puppetmaster.argonay.wou/plugins: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [CRL is not yet valid for /CN=Puppet CA: puppetmaster.localdomain]
Wrapped exception:
SSL_connect returned=1 errno=0 state=error: certificate verify failed: [CRL is not yet valid for /CN=Puppet CA: puppetmaster.localdomain]
xenstore-read: couldn't read path vm-data/provider_data/provider
xenstore-read: couldn't read path vm-data/provider_data/provider
xenstore-read: couldn't read path vm-data/provider_data/provider
Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [CRL is not yet valid for /CN=Puppet CA: puppetmaster.localdomain]
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [CRL is not yet valid for /CN=Puppet CA: puppetmaster.localdomain]

Before banging your head against a wall, launch “date” command on both Puppet server and agent …

Configuring NTP can help you to avoid time drift !

 

PDF24    Send article as PDF   

Leave a Reply

Your email address will not be published. Required fields are marked *


*