Puppet agent: Exiting; no certificate found and waitforcert is disabled – Solution

After installing a brand new puppet master and client you may want to test the communication between them.  First you setup variable “server” in /etc/puppet/puppet.conf

Screenshot from 2017-09-21 16-19-34

You should have the puppetmaster or puppetserver up, in the same or other machine.  In this case i have setup a second independent server called “puppet01”.  If in doubt, you can test the connection to the default puppet port TCP 8140.

Screenshot from 2017-09-21 16-21-03

And it could happen that you get this error:

Screenshot from 2017-09-21 16-19-13

This happens because the puppet agent tries to reach the puppet master to receive the catalog which is later applied.  But this can happen if the master allows the certificate from the agent (client), the solution is to query the Puppet Server and see which certificates are pending to be approved:

puppet cert list

Screenshot from 2017-09-21 16-27-56

Your output may be slightly different, but the idea is the same.  If you want to allow this agent to get the catalog then you can accept this certificate.  Notice that the servername should be the same.

puppet cert sign <servername>
puppet cert sign puppet02.argentina

Or you could just accept all the certificates at once:

puppet cert sign --all

Screenshot from 2017-09-21 16-40-17



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s