In working with puppet I often get the error “puppet run already in progress” when I know no such run is happening…
The solution is to delete the file
/var/lib/puppet/state/puppetdlock
and then try the run again. The puppet command I use on the command line is:
/usr/sbin/puppetd –server=puppet1 –onetime –no-daemonize –no-usecacheonfailure –ignorecache –no-noop -v
This provides pretty output in color on the command line, making it easier to spot errors and issues.
When we do patching in the environment we regularly lose a disk or a server – the rebuilt server is up very quickly, but suddenly there is this error:
[root@server init.d]# /usr/sbin/puppetd --server=puppet --onetime --no-daemonize --no-usecacheonfailure --ignorecache --no-noop -v err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key Exiting; failed to retrieve certificate and waitforcert is disabled
The solution is to delete the local puppet ssl directory and to revoke the certificates for that specific server on the puppet master.
[root@server init.d]# rm -rf /var/lib/puppet/ssl/ (on the local server)
and on puppet master:
[root@server2 ~]# /usr/sbin/puppetca --clean jboss-server notice: Revoked certificate with serial 584 notice: Removing file Puppet::SSL::Certificate server. at '/var/lib/puppet/ssl/ca/signed/server.pem' notice: Removing file Puppet::SSL::Certificate server at '/var/lib/puppet/ssl/certs/server.pem'
The rerun the puppet command. You will see a one time acceptance of the certs.
–doug