Page MenuHomePhabricator
Paste P3623

Error when decommissioning if Puppet cert clean hasn't been run on puppet-master
ActivePublic

Authored by madhuvishy on Aug 1 2016, 11:34 PM.
madhuvishy@tools-worker-1010:~$ sudo puppet agent -tv
Error: Could not request certificate: The certificate retrieved from the master does not match the agent's private key.
Certificate fingerprint: 37:0A:78:07:F0:98:E6:8A:A1:5E:E9:1B:C1:A7:05:C4:D1:F6:7F:B7:54:63:E6:6A:40:0D:8A:BB:50:10:B0:46
To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate.
On the master:
puppet cert clean tools-worker-1010.tools.eqiad.wmflabs
On the agent:
1a. On most platforms: find /var/lib/puppet/ssl -name tools-worker-1010.tools.eqiad.wmflabs.pem -delete
1b. On Windows: del "/var/lib/puppet/ssl/tools-worker-1010.tools.eqiad.wmflabs.pem" /f
2. puppet agent -t