Puppet agent: Exiting; no certificate found and waitforcert is disabled - Solution
Any Puppet agent connecting to a Puppet master server for a first time will generate a certificate and give it to a Puppet master server to sign. Depending on your puppet configuration, a default behavior is that the certificate must by signed manually and thus puppet agent exits with an error:
Exiting; no certificate found and waitforcert is disabled
To resolve this issue login to the Puppet master server and list all certificates awaiting a signature eg.:
# puppet cert list
"agent1" (SHA256) 73:D4:EF:1A:F6:B9:D8:2F:AB:6F:4F:95:CA:73:CE:3F:8C:8B:5C:23:BB:B2:17:47:98:08:C7:01:96:C1:17:E2
From the above we can see that certificate from a single host agent1 is waiting for its certificate to be signed. Your output may be different and contain multiple certificates awaiting for a signature. From here we have two options on how to sign the above certificate. First, we can sign each certificate individually:
# puppet cert sign agent1
Notice: Signed certificate request for agent1
Notice: Removing file Puppet::SSL::CertificateRequest agent1
or we can sign all awaiting certificates at once:
# puppet cert sign --all
ARE YOU LOOKING FOR A LINUX JOB? Submit your RESUME, create a JOB ALERT or subscribe to RSS feed on LinuxCareers.com.
LINUX CAREER NEWSLETTER Subscribe to NEWSLETTER and receive latest news, jobs, career advice and tutorials.
DO YOU NEED ADDITIONAL HELP? Get extra help by visiting our LINUX FORUM or simply use comments below.