Puppet agent: Exiting; no certificate found and waitforcert is disabled -
Such type of error coming when puppet agent connecting to a Puppet master server for a first time will generate a certificate and give it to a Puppet master server to sign.
Basically its depend upon your puppet configuration, a default behavior is that the certificate must by signed manually and thus puppet agent exits with an error.
[root@puppet-client:~]#puppet agent -t
Exiting; no certificate found and waitforcert is disabled
To resolve this issue login to the Puppet master server and run the below command to list all certificates awaiting a signature.
[root@puppet-master ~]# puppet cert list
"puppet-client" (SHA256)
B3:67:17:66:8E:78:1F:69:4E:11:8E:34:BA:86:A0:E7:07:84:BF:E9:8A:94:A9:41:DD:6C:9D:1B:07:D2:72:6A
From the above output we can see that certificate from a single host puppet-client is waiting for its certificate to be signed.
Note: Your output may be different and contain multiple certificates awaiting for a signature.
Now we have two options on how to sign the above certificate.
Option 1: We can sign each certificate individually.
Option 2: We can sign all awaiting certificates at once.
For option 1 , please run the below command
[root@puppet-master ~]# puppet cert sign puppet-client
For Option 2, please run the below command
[root@puppet-master ~]# puppet cert sign --all
Using above option you can remove such errors. Now login on the puppet-client machine and run the puppet agent again.
[root@puppet-client:~]#puppet agent -t
Now you will not receive certificate error. In case you have any query on above article, please comment on this post. Thanks!!
