This message was deleted.

This message was deleted.

See the

puppetlabs-postgresql

module at https://forge.puppet.com/puppetlabs/postgresql?src=slack&channel=puppet

Hi puppeteers, My private key on agent does not match the root certificate. Any suggestions on how could I resolve this? I have tried puppet ssl clean and regenerate the certificate again but no luck

You will need to do a clean on the primary server as well as the agent. On server

puppetserver ca clean --certname=name.of.cert.of.agent

It says hostcert not found

@n3snah Any suggestion?

@Raj Parpani try removing the cached CA cert from the agent host:

/etc/puppetlabs/puppet/ssl/certs/ca.pem

Hi all, i have been attempting to use the package resource to install a .deb file with the dpkg provider. whenever my code is run, I am informed that my package is created (corrective). upon running puppet resource package <package that installs deb> it returns this:

package { 'package name removed': ensure => 'purged', provider => 'apt', }

is this some form of misconfiguration on my end? or is this expected?

This message was deleted.

@Nick Bertrand I removed it

What about after removing it?

I do see a private key listed as well in the ssl folder. Should I remove what is inside it

@Raj Parpani if you want to try starting from scratch, you could remove the agent private key and cert as well. I think a command like this should do it:

find /etc/puppetlabs/puppet/ssl -name $(hostname -f).pem -delete

. If you still have trouble, could you paste the output of

puppet agent -t

?

Info: Creating a new RSA SSL key for us03cpt1.ppe.nxtravel.com Info: csr_attributes file loading from C:/ProgramData/PuppetLabs/puppet/etc/csr_attributes.yaml Info: Creating a new SSL certificate request for us03cpt1.ppe.nxtravel.com Info: Certificate Request fingerprint (SHA256): 9C5FA0f58E561B5689C8E0E7B09E498C980F8BC92B7B0457F4982E68F0F80D:1F Info: Downloaded certificate for us03cpt1.ppe.nxtravel.com from https://us03pup01.pacific.nxtravel.com:8140/puppet-ca/v1 Error: The certificate for 'CN=us03cpt1.ppe.nxtravel.com' does not match its private key Error: The certificate for 'CN=us03cpt1.ppe.nxtravel.com' does not match its private key

Looks like I'm still getting that error after removing the ca and private key

OK, it looks like the issue is that there is already a cert for that node on the puppet server. What happens when you run

puppetserver ca clean --certname <http://us03cpt1.ppe.nxtravel.com|us03cpt1.ppe.nxtravel.com>

on us03pup01.pacific.nxtravel.com?

Could not find 'hostcert' at '/home/rparpani@pacific.nxtravel.com/.puppetlabs/etc/puppet/ssl/certs/us03pup01.pacific.nxtravel.com.pem'

Might need to run that command with

sudo

?

Or

sudo -u <user running puppetserver>

says I am not in the sudoers file

I think you might need assistance from somebody with superuser privileges on the puppet server

yes i did sudo su and it said i'm not in sudoers file

Are you able to log in as root to that server? If not, it sounds like you'll need help from somebody who is able to become the root user

The paranoid admin in me wonders if this isn't some subversive way to remove a host from being managed by Puppet so as to bypass an enforced control ... 😆

Could not find 'hostcert' at '/home/<mailto:rparpani@pacific.nxtravel.com|rparpani@pacific.nxtravel.com>/...

--> make sure to run

puppetserver ca

as

root

so that it finds the right config and key files.

While I try to troubleshoot this, another quick question:

What is the process to update the location for your puppet repo on the puppet master