Page MenuHomePhabricator

Remove puppet-phabricator.phabricator.eqiad.wmflabs from
Closed, ResolvedPublic


Hi, could this puppet-phabricator.phabricator.eqiad.wmflabs be removed from please?

Im am trying to move the agent from using puppet-phabricator.phabricator.eqiad.wmflabs on puppet-phabricator.phabricator.eqiad.wmflabs to

it's to prevent it from having the ldap outrage we had before, so i can at least ssh into this instance without needing to git pull in /var/lib/git which i won't be able to (if it has merge conflicts)

1root@puppet-phabricator:/home/paladox# puppet agent -tv
2Info: Creating a new SSL key for puppet-phabricator.phabricator.eqiad.wmflabs
3Info: Caching certificate for puppet-phabricator.phabricator.eqiad.wmflabs
4Error: Could not request certificate: The certificate retrieved from the master does not match the agent's private key.
5Certificate fingerprint: 4C:B3:3A:71:A1:F4:F6:F6:C7:52:1B:61:E1:F5:F4:2E:86:99:23:CF:43:72:16:B7:1E:D3:BB:EA:4E:B6:E7:78
6To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certificate.
7On the master:
8 puppet cert clean puppet-phabricator.phabricator.eqiad.wmflabs
9On the agent:
10 1a. On most platforms: find /var/lib/puppet/ssl -name puppet-phabricator.phabricator.eqiad.wmflabs.pem -delete
11 1b. On Windows: del "\var\lib\puppet\ssl\certs\puppet-phabricator.phabricator.eqiad.wmflabs.pem" /f
12 2. puppet agent -t

Event Timeline

Paladox updated the task description. (Show Details)

To be clear you would like the certificate for puppet-phabricator.phabricator.eqiad.wmflabs that is currently on the cloud-wide puppetmaster to be removed?

I ran it. It's been cleaned.

Paladox claimed this task.

@Dzahn thanks :).

Works now :).