Hi all, we''re doing some test with new puppet server and we''d like to run many clients against this new server. So I tried to stop puppetd (or cron) in one client and run it by hand like: /usr/bin/ruby /usr/sbin/puppetd --server=new_server.domain.com --test but I get: warning: Certificate validation failed; consider using the certname configuration option err: Could not retrieve catalog: Certificates were not trusted: certificate verify failed warning: Not using cache on failed catalog So, from the client side, how may I clean cert conf with previous server? TIA, Arnau --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
2009/6/8 Arnau Bria <arnaubria@pic.es>:> > Hi all, > > we''re doing some test with new puppet server and we''d like to run many > clients against this new server. > So I tried to stop puppetd (or cron) in one client and run it by hand > like: > > /usr/bin/ruby /usr/sbin/puppetd --server=new_server.domain.com --test > > but I get: > warning: Certificate validation failed; consider using the certname configuration option > err: Could not retrieve catalog: Certificates were not trusted: certificate verify failed > warning: Not using cache on failed catalog > > > So, from the client side, how may I clean cert conf with previous > server? > > TIA, > Arnau >changing $ssldir in puppet.conf might be a better / more flexible solution if you want to go back and forth between the two puppet servers. Otherwise, within $ssldir, files that matter: ./private_keys/${fqdn}.pem ./certs/${fqdn}.pem ./certs/ca.pem ./${fqdn}.pem ./public_keys/${fqdn}.pem A third option would be to put the contents of ca.pem from both puppetmasters on each puppetmaster and client. Not sure if that''ll work, in particular if you''re using webrick. YMMV. .r'' --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Arnau Bria
2009-Jun-09 09:03 UTC
[Puppet Users] Re: run client against two different servers
Hi, I found that if i remove /var/lib/puppet/ssl/certs/* I can connect to a new server. I have to it by hand, but at least, it works . Cheers, Arnau --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Just to confirm the third option of sharing ca.pem among puppetmasters, it does work with webrick and allow clients to connect to any puppetmaster without further cert errors if combined with autosign. Very useful for cluster setups. Cheers, H On Jun 9, 10:03 am, Arnau Bria <arnaub...@pic.es> wrote:> Hi, > > I found that if i remove /var/lib/puppet/ssl/certs/* I can connect to a > new server. I have to it by hand, but at least, it works . > > Cheers, > Arnau--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Arnau Bria
2009-Jun-10 12:56 UTC
[Puppet Users] Re: run client against two different servers
On Wed, 10 Jun 2009 05:53:44 -0700 (PDT) Hui Hui wrote:> > Just to confirm the third option of sharing ca.pem among > puppetmasters, it does work with webrick and allow clients to connect > to any puppetmaster without further cert errors if combined with > autosign. Very useful for cluster setups.thanks, I was involved in other puppet tests and could not test this... thanks!> Cheers, > HArnau --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---