Puppet users - Sep 2010 - 'sslv3 alert handshake failure' when using puppet load-balanced through Apache

I''ve setup a puppet load-balanced solution based on these
instructions:
http://projects.puppetlabs.com/projects/puppet/wiki/Puppet_Scalability

I have 4 puppetmaster instances running on my puppet server and an
Apache instance running on that server listening on port 8140 and
round-robining the requests from puppet clients. This works fine for
all my existing client machines.

The problem is that when adding a new machine I get errors like this:
puppetd --test -v --server puppet --waitforcert 60
warning: peer certificate won''t be verified in this SSL session
err: Could not request certificate: sslv3 alert handshake failure

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

I''ve found that there are three major pieces that can be going wrong in
this case:
1) Getting the ca.pem file to the client.
2) Getting the Certificate sign request to the server.
3) Getting the signed certificate to the client.

Test them like this:
To test 1) Grab /var/lib/puppet/ssl/ca.pem from a working client and put it on
the client that doesn''t work.
To test 2) Check if you see the client''s name when you run
"puppetca --list --all" on the server.  If not, try using "sudo
puppetca --generate hostname.domainname" on the server.



On Sep 16, 2010, at 7:12 AM, Tim wrote:
> I''ve setup a puppet load-balanced solution based on these
> instructions:
http://projects.puppetlabs.com/projects/puppet/wiki/Puppet_Scalability
> 
> I have 4 puppetmaster instances running on my puppet server and an
> Apache instance running on that server listening on port 8140 and
> round-robining the requests from puppet clients. This works fine for
> all my existing client machines.
> 
> The problem is that when adding a new machine I get errors like this:
> puppetd --test -v --server puppet --waitforcert 60
> warning: peer certificate won''t be verified in this SSL session
> err: Could not request certificate: sslv3 alert handshake failure
> 
> -- 
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
> 
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.