Page MenuHomePhabricator

tools-docker-registry-01 has incorrect puppetmaster key
Closed, ResolvedPublic

Description

Exiting; failed to retrieve certificate and waitforcert is disabled
Error: Could not request certificate: The certificate retrieved from the master does not match the agent's private key.
Certificate fingerprint: 96:CC:F6:F3:F5:DC:4A:EA:37:02:1B:8A:DB:74:A2:75:55:9D:93:25:38:03:6D:4C:B9:1A:36:B7:8C:08:46:8E
To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate.
On the master:
  puppet cert clean tools-docker-registry-01.tools.eqiad.wmflabs
On the agent:
  1a. On most platforms: find /var/lib/puppet/ssl -name tools-docker-registry-01.tools.eqiad.wmflabs.pem -delete
  1b. On Windows: del "/var/lib/puppet/ssl/tools-docker-registry-01.tools.eqiad.wmflabs.pem" /f
  2. puppet agent -t

Event Timeline

valhallasw updated the task description. (Show Details)
valhallasw raised the priority of this task from to Needs Triage.
yuvipanda closed this task as Resolved.Feb 7 2016, 9:23 PM
yuvipanda claimed this task.
yuvipanda added a subscriber: yuvipanda.

Fixed it by switching it to the appropriate puppetmaster (tools-puppetmaster-01)

Johsthao closed this task as a duplicate of T126250: <spam>.Feb 8 2016, 6:24 PM
JEumerus changed the task status from Duplicate to Resolved.Feb 8 2016, 6:31 PM
JEumerus set Security to None.
matmarex reopened this task as Open.Feb 8 2016, 6:32 PM
scfc closed this task as Resolved.Feb 8 2016, 7:23 PM
scfc added a subscriber: scfc.
valhallasw reopened this task as Open.Feb 9 2016, 5:54 PM

Still broken:

Exiting; no certificate found and waitforcert is disabled
yuvipanda closed this task as Resolved.Feb 18 2016, 3:25 AM

Um, fixed for real now.