This document outlines the steps to clean or regenerate puppet agent certificates in a traditional master/client setup.
First thing is to ssh into the agent
Then, delete all *.pem
files in /var/lib/puppet/ssl
associated to your instance.
e.g they should be in the form of
1 | root@gateway:/var/lib/puppet/ssl# hostname -f |
Next step is to ssh into the puppet master and do the same
1 | root@puppet-master:/var/lib/puppet/ssl# find . -type f | grep "gateway" |
Ideally there should be only one file hanging in there.
Then back to the agent and try running a –noop puppet run to force a new certificate request. After this, go back to the puppet master and check for any pending cert waiting for approval.
1 | root@puppet-master:/var/log/puppet# puppet cert list | grep "gateway" |
Lastly, go back to the agent host and try running a couple of puppet runs.
1 | sudo puppet agent --enable && sudo puppet agent -tv --noop; sudo puppet agent --disable |