I want to sign certificate signing requests from nodes that aren't the Puppet Enterprise certificate authority (CA). I added hostnames to the certificate authority whitelist in the puppet_enterprise::profile::certificate_authority::client_whitelist
parameter in the console. When I run Puppet, I get a duplicate declaration error. How can I resolve this?
Error messages and logs
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Duplicate declaration: Class[Puppet_enterprise::Profile::Master] is already declared; cannot redeclare on node pe-201640-master
This error occurs due to a known issue in the console.
Version and installation information
PE version: 2016.2 to 2019.2.2 and 2019.5
Solution
Resolve the issue by adding the hostname to the CA whitelist using Hiera instead of the console.
Note: If you're not using the default Hiera configuration with common.yaml for common or default values, you'll need to modify these instructions.
-
Add hostnames to the CA whitelist in
common.yaml
.puppet_enterprise::profile::certificate_authority::client_whitelist: - agent2.example.com - 192.168.0.24
Note: The Puppet master's certname is included in the CA whitelist by default, you do not need to add it.
-
Update Hiera's configuration. On the master, run
puppet agent -t
How can we improve this article?
0 comments
Please sign in to leave a comment.
Related articles