search for: ca_server

I''m having difficulty getting my head around some CA issues My client has: [puppetd] ca_server=puppetca.mydomain.com and puppet resolves to a different machine. when puppet connects, it requests a signature from puppetca.mydomain.combut then on the next pass fails with the following: err: Could not retrieve catalog: Certificates were not trusted: SSL_connect returned=1 errno=0 state=SSLv3...

I did a quick look for it but I could not find it. When it comes to puppet masters, is it required to copy the puppet/ssl/ca directory to each puppet master or is there a configuration to make the puppet master not try to generate its own CA if there is a ca_server option specified? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/9BVZR8rIQ24J. To post to this group, send email to puppet-users@googlegroups.com....

I am trying to setup a different CA_server and master server. I am following these links : http://bodepd.com/wordpress/?p=7 http://docs.puppetlabs.com/guides/scaling_multiple_masters.html Kindly help as am getting this error info: Retrieving plugin err: /File[/var/opt/lib/pe-puppet/lib]: Failed to generate additional resources us...

.../1.2/configuring.html In the documentation page linked above, it says: Puppet uses SSL certificates to control who can make requests to the puppet > master, so Dashboard has to obtain a signed cert before asking for facts or > files. To do this, edit config/settings.yml to ensure that the ca_server > and ca_port settings match the address and port of your puppet master, > then run the following commands: > > $ sudo -u puppet-dashboard rake cert:create_key_pair > $ sudo -u puppet-dashboard rake cert:request > > You’ll need to sign the certificate request on the master by...

...error occurs when date between servers is different, it''s not). My setup is: CA: puppet.mydomain.com with config: certdnsnames = puppet.mydomain.com certname = puppet.mydomain.com server = puppet.mydomain.com Masters behind an Amazon ELB, with config: certdnsnames = master.mydomain.com ca_server = puppet.mydomain.com server = master.puppet.3ev.info ca = false Does anyone have any idea why this might happen? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To un...

...ppet.conf lacks an include statement. imagine: # puppet.conf [main] logdir = /var/log/puppet rundir = /var/run/puppet confdir = /etc/puppet environment = test include $confdir/conf.d/main/* [agent] classfile = $vardir/classes.txt localconfig = $vardir/localconfig ca_server = puppet.blee.edu server = puppet.blee.edu include $confdir/conf.d/agent/* [master] ca_server = puppet.blee.edu server = puppet.blee.edu include = $confdir/conf.d/master/* include $confdir/conf.d/environments/* # end puppet.conf ls -1 /etc/puppet/conf.d/master dashboard puppe...

Hello Gang, I''m working on scaling my puppet solution, and I''m deploying multiple masters w/ passenger that are going sit behind a load balancer. If anyone is using these type of setup, would you share how you deal with the SSL certs? I''ve been following Bode''s Blog (http://bodepd.com/wordpress/?p=7), and it''s not working to good for me.

...irectories above /var/lib/puppet/lib in their trees are identical. /var/lib/puppet/lib isn''t _in_ the modules and manifests paths on either master. The only differences in the puppet.confs of the two masters are: - each master points at itself - the development one has ca = false and ca_server = production.server.fqdn How can I determine where /var/lib/puppet/lib''s mode should be determined (and since it''s not even in the modules, why are the two masters trying to control it on the agent)? --Shawn -- You received this message because you are subscribed to the Goog...

Hi, I have looked all over the place and can''t seem to find a complete answer to my query I am setting up MCollective to run alongside my puppet deployment and am having some problems getting it to play as I want it to Basically, I need to make sure that puppet NEVER makes any changes without them being triggered by someone (I honestly can''t see how anyone would ever want

Hello All, I require some help for creating multiple puppetmaster with separate Puppet CA server. I followed the steps given in the link below for creating a separate CA server http://bodepd.com/wordpress/?p=7 My requirement is to create 2 Puppetmasters running nginx and unicorn which will be loadbalanced via RR DNS with a separate single Puppet CA server only for issuing and signing

...would like to set up an additional puppet master but have the CA server handled by only 1 puppet master. I have set this up as per the documentation here: http://docs.puppetlabs.com/guides/scaling_multiple_masters.html I have configured my second puppet master as follows: [main] ... ca = false ca_server = puppet-master1.test.net I am using passenger so I am a bit confused how the virtual-host.conf file should look for my second puppet-master2.test.net. Here is mine: LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-3.0.18/ext/apache2/mod_passenger.so PassengerRoot /usr/lib/ruby...

...libdir = /var//opt/csw/puppet/lib statedir = /var//opt/csw/puppet/state railslog = /var//opt/csw/puppet/log/rails.log dblocation = /var//opt/csw/puppet/state/clientconfigs.sqlite3 runinterval = 60 localconfig = /var//opt/csw/puppet/state/localconfig puppetdlog = /var//opt/csw/puppet/log/puppetd.log ca_server = mypuppet.example.net statefile = /var//opt/csw/puppet/state/state.yaml server = mypuppet.example.net httplog = /var//opt/csw/puppet/log/http.log splaylimit = 60 config = /etc//opt/csw/puppet/puppet.conf reportserver = mypuppet.example.net ca_port = 8140 puppetdlockfile = /var//opt/csw/puppet/stat...

I am wondering how to manually (using openssl instead of puppet cert command) create CA that would be usable by Puppet? The goal would be to script creation of such CA''s to deploy them on multiple puppetmasters, instead of certificates being created on them via puppet cert command. Any ideas on how to do it? I was only able to find something like that:

Heya, I''m using puppet on Ubuntu (Gutsy/Hardy) and there''s a problem with the default setup of Ubuntu. Ubuntu uses network-manager to start the network in the background, which in turn causes puppet to start before the network is up. Puppet will then exit because it can''t resolve the server name. Currently I "solve" this problem by uninstalling

...puppet-agent fi cat > /etc/puppetlabs/puppet/puppet.conf << EOF [main] vardir = /opt/puppetlabs/puppet/cache logdir = /var/log/puppetlabs/puppet rundir = /var/run/puppetlabs ssldir = /etc/puppetlabs/puppet/ssl [agent] pluginsync = true report = true ignoreschedules = true ca_server = urzlxdeploy.rz.uni-leipzig.de certname = galaxy110.sc.uni-leipzig.de environment = production server = urzlxdeploy.rz.uni-leipzig.de EOF puppet_unit=puppet /usr/bin/systemctl list-unit-files | grep -q puppetagent && puppet_unit=puppetagent /usr/bin/systemctl e...

...iles = false async_storeconfigs = false authconfig = /etc/puppet/namespaceauth.conf autoflush = false autosign = /etc/puppet/autosign.conf bindaddress = "" bucketdir = /var/lib/puppet/bucket ca = true ca_days = "" ca_md = md5 ca_name = Puppet CA: vusion-production ca_port = 8140 ca_server = puppet ca_ttl = 5y cacert = /var/lib/puppet/ssl/ca/ca_crt.pem cacrl = /var/lib/puppet/ssl/ca/ca_crl.pem cadir = /var/lib/puppet/ssl/ca cakey = /var/lib/puppet/ssl/ca/ca_key.pem capass = /var/lib/puppet/ssl/ca/private/ca.pass caprivatedir = /var/lib/puppet/ssl/ca/private capub = /var/lib/puppet/ss...

...et/share/puppet-dashboard) rake aborted! getaddrinfo: Name or service not known This adds exception handling that will add the relevant context to the exception and re-raise it. In this case, we would get (in /opt/puppet/share/puppet-dashboard) rake aborted! Unable to contact ca_server example.unreachable.foo: getaddrinfo: Name or service not known So when the task fails, there''s a clear explanation for what exactly is failing. (#10562) Adds header so IE8 users can download nodes.csv Due to IE8''s idiosyncrasies, the following header is necessary f...

Hi, I am new in puppet, and I just wonder whether it is possible to create multiple levels of puppet masters. Can puppet work this way? First-level(master): root-master Second-level(masters): master1, master2 Third-level nodes(as agents): agent1, agent2, agent3, agent4 All master nodes in the second-level are agents of root-master, and each of third-level

Hello, I''m running Puppet 2.7.6 and currently expanding the number of servers managed by Puppet. At around the 160-170 host mark (with a 5-minute run interval + splay), my puppetmaster server is starting to die. Is this normal? What I''m getting in the agent logs is the following: Wed Jun 20 12:15:08 +0200 2012 Puppet (debug): Failed to load library

...stdir = /etc/puppet/ssl/certificate_requests httplog = /var/puppet/log/http.log libdir = /var/puppet/lib passfile = /etc/puppet/ssl/private/password splaylimit = 1800 statefile = /var/puppet/state/state.yaml puppetdlog = /var/puppet/log/puppetd.log report_port = 8140 ca_server = puppet puppetdlockfile = /var/puppet/state/puppetdlock clientyamldir = /var/puppet/client_yaml reportserver = puppet ca_port = 8140 localconfig = /var/puppet/state/localconfig clientbucketdir = /var/puppet/clientbucket classfile = /var/puppet/state/classes.txt repo...