puppet agents fail due to Puppet Master CA issues (workaround)
ISSUE
puppet agent -toutput
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA:
Workaround to fix it, based on [Satellite 6] How to regenerate the Puppet CA and Puppet Client certificates for Red Hat Satellite with Puppet4 or Puppet 5
I write this, as I found some of the steps in the article were missing and I found myself in trouble
Some of the steps I added, as they were provided by a fellow customer @johnT
On the server
# service puppet stop # for i in `puppet cert list --all | cut -d '"' -f2`; do puppet cert clean $i; done # service puppetserver stop # rm -rf /etc/puppetlabs/puppet/ssl/* # puppet master --no-daemonize --verbose (Wait until you see: "Notice: Starting Puppet master version 5.5.0", then press Ctrl+C) # service puppetserver start # service puppet start
On each client
# yum erase puppet -y # rm -rf /etc/puppetlabs/* # yum install puppet -y # echo "server=satellite.example.com" >> /etc/puppetlabs/puppet.conf # puppet agent -tv # systemctl enable --now puppet
Responses