List of steps to reproduce (step by step, including full links if applicable):
- ssh pontoon.traffic.eqiad1.wikimedia.cloud
- sudo puppet agent -t
What happens?:
Error: Could not request certificate: The certificate retrieved from the master does not match the agent's private key. Did you forget to run as root? Certificate fingerprint: 4A:51:D6:13:45:20:6B:1E:C2:EC:41:EA:AA:F8:69:F8:19:25:81:2D:62:87:0D:1B:FC:35:3D:27:95:6C:2F:28 To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certificate. On the master: puppet cert clean pontoon.traffic.eqiad1.wikimedia.cloud On the agent: 1a. On most platforms: find /var/lib/puppet/ssl -name pontoon.traffic.eqiad1.wikimedia.cloud.pem -delete 1b. On Windows: del "\var\lib\puppet\ssl\certs\pontoon.traffic.eqiad1.wikimedia.cloud.pem" /f 2. puppet agent -t
What should have happened instead?:
- A clean agent run, or
- Certificate regeneration when running the advised commands
Software version (if not a Wikimedia wiki), browser information, screenshots, other information, etc.:
Debian Buster, VM launched 2021-11-16