Skip to main content
dredstone

1 year ago

Lab: 'puppet agent --fingerprint' step - issue on web1


On web1 , I see this:
[root@web1 ~]# puppet agent --fingerprint
Fingerprint asked but no certificate nor certificate request have yet been issued

On the server, 'puppet',  things look normal:
root@puppet:~# puppetserver ca list
Requested Certificates:
web1.ec2.internal (SHA256) 4E:2D:45:D7:31:41:76:C3:27:4D:9F:C8:22:F0:D8:D4:53:0F:2E:BA:5D:F7:AF:0C:73:F0:6E:00:4F:C1:0C:0A
root@puppet:~# puppetserver ca sign --certname web1.ec2.internal
Successfully signed certificate request for web1.ec2.internal


root@puppet:~# cat /etc/puppetlabs/puppet/puppet.conf
# This file can be used to override the default puppet settings.
# See the following links for more details on what settings are available:
# - https://puppet.com/docs/puppet/latest/config_important_settings.html
# - https://puppet.com/docs/puppet/latest/config_about_settings.html
# - https://puppet.com/docs/puppet/latest/config_file_main.html
# - https://puppet.com/docs/puppet/latest/configuration.html

[main]
certname = puppet

[master]
certname = puppet
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code

On web1:
[root@web1 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.1.100 puppet
10.0.1.101 web1


I've ssh'd from each server to the other, accepting the fingerprints - didn't change anything for puppet.

Ping works by IP and name

root@web1 ~]# ping puppet
PING puppet (10.0.1.100) 56(84) bytes of data.
64 bytes from puppet (10.0.1.100): icmp_seq=1 ttl=64 time=1.08 ms
64 bytes from puppet (10.0.1.100): icmp_seq=2 ttl=64 time=0.643 ms
64 bytes from puppet (10.0.1.100): icmp_seq=3 ttl=64 time=0.593 ms
64 bytes from puppet (10.0.1.100): icmp_seq=4 ttl=64 time=0.606 ms


I've also tried:
[root@web1 ~]# puppet agent --test --ca_server=puppet
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Caching catalog for web1.ec2.internal
Info: Applying configuration version '1558411510'
Notice: Applied catalog in 0.01 seconds
[root@web1 ~]# puppet agent --fingerprint
Fingerprint asked but no certificate nor certificate request have yet been issued

[root@web1 ~]# puppet agent -t
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Caching catalog for web1.ec2.internal
Info: Applying configuration version '1558411949'
Notice: Applied catalog in 0.01 seconds
[root@web1 ~]# puppet agent --fingerprint
Fingerprint asked but no certificate nor certificate request have yet been issued

[root@web1 ~]# puppet agent --server puppet --waitforcert 20 --test 
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Caching catalog for web1.ec2.internal
Info: Applying configuration version '1558412264'
Notice: Applied catalog in 0.01 seconds
[root@web1 ~]# puppet agent --fingerprint
Fingerprint asked but no certificate nor certificate request have yet been issued


On the server:
root@puppet:~# puppetserver ca list --all
Signed Certificates:
puppet (SHA256) 1F:59:89:9F:C7:45:FF:D8:CB:77:AB:3F:BA:B6:95:1B:72:DF:B9:36:22:35:A8:C8:24:10:F4:EB:7C:B8:FD:2Ealt names: ["DNS:puppet", "DNS:puppet"]
web1.ec2.internal (SHA256) 82:A3:12:F6:57:DE:29:6F:54:3E:25:48:29:6B:DE:C7:16:10:3A:AD:17:B0:34:43:E2:40:7F:4E:77:10:A2:C5

Elle (or anyone who has it working with the provided lab servers, could you please assist?

Cheers
Dave

Image of
1 year ago
Hey there!

I'm actually still waiting for PuppetLabs to tell me what's up with this error, since it's undocumented. You can safely ignore it, however. Beyond the error, it doesn't seem to actually prevent anything.
Image of dredstone
dredstone
1 year ago
Thanks Elle.
Image of rlibertibt
rlibertibt
1 week ago
I got this error myself and after a little troubleshooting,  it turns out that my mistake was that I put the wrong IP address in the host file of the agent.