Exiting; no certificate found and waitforcert is disabled – Installing puppet

I had this error today when trying to install puppet that just buffled me. It got this message when trying to generate a SSL certificate from the puppet-master. I had previously tried running

On puppet Master

puppet cert sign --all
puppet cert clean --all

On the Agent

rm -rf /var/lib/puppet/ssl/*

But still nothing when I tried to generate the SSL cert from PuppetMaster

root@ubuntu1:~# puppet agent --no-daemonize --onetime --verbose
Exiting; no certificate found and waitforcert is disabled

It turns out the client requests the revocation list from the master, you can disable that by setting it’s property to false. You add this line in the puppet.conf file

root@ubuntu1:~# cat /etc/puppet/puppet.conf
[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates
prerun_command=/etc/puppet/etckeeper-commit-pre
postrun_command=/etc/puppet/etckeeper-commit-post
certificate_revocation = false
server=puppet-razor.karanja.local
[master]
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY

Then run
On puppet Master

puppet cert sign --all
puppet cert clean --all

On the Agent

rm -rf /var/lib/puppet/ssl/*

Then you can then you can now generate a new cert successfully

root@ubuntu1:~# puppet agent --no-daemonize --server puppet-razor.karanja.local --onetime --verbose
info: Creating a new SSL key for ubuntu1.karanja.local
info: Caching certificate for ca
info: Creating a new SSL certificate request for ubuntu1.karanja.local
info: Certificate Request fingerprint (md5): 76:DA:A4:D2:A0:92:4E:94:7B:3F:34:B5:EF:F1:F0:29
Exiting; no certificate found and waitforcert is disabled

And then sign it from the master

root@puppet-razor:~# puppet cert --list
  "ubuntu1.karanja.local" (76:DA:A4:D2:A0:92:4E:94:7B:3F:34:B5:EF:F1:F0:29)
root@puppet-razor:~# puppet cert sign "ubuntu1.karanja.local"
notice: Signed certificate request for ubuntu1.karanja.local
notice: Removing file Puppet::SSL::CertificateRequest ubuntu1.karanja.local at '/etc/puppetlabs/puppet/ssl/ca/requests/ubuntu1.karanja.local.pem'
Advertisements

3 thoughts on “Exiting; no certificate found and waitforcert is disabled – Installing puppet

  1. puppet agent –no-daemonize –server puppetmaster.example.org –onetime –verbose
    /usr/lib/ruby/1.8/puppet/util/plugins.rb:49:in `expand_path’: No such file or directory – getcwd (Errno::ENOENT)
    from /usr/lib/ruby/1.8/puppet/util/plugins.rb:49:in `look_in’
    from /usr/lib/ruby/1.8/puppet/util/plugins.rb:49:in `collect’
    from /usr/lib/ruby/1.8/puppet/util/plugins.rb:49:in `look_in’
    from /usr/lib/ruby/1.8/puppet/util/plugins.rb:54
    from /usr/lib/ruby/1.8/puppet/util/command_line.rb:1:in `require’
    from /usr/lib/ruby/1.8/puppet/util/command_line.rb:1
    from /usr/bin/puppet:3:in `require’
    from /usr/bin/puppet:3

    Any ideas what I am doing wrong?

    • Hi Robertico,

      You might get that error if you are inside the ssl directory while running puppet again.

      I mean to say you cd to /var/lib/puppet/ssl then do rm -rf /var/lib/puppet/ssl/ and then if you try to run puppet while still in the ssl directory you will get that error…

      I am assuming this is what you might be doing from the error “expand_path’: No such file or directory – getcwd ”

      Just move to previous directory and you should be fine.

      Regards,
      Niel.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s