Displaying 20 results from an estimated 135 matches for "certnam".
Did you mean:
certname
2012 Nov 05
6
err: Could not request certificate when I run "puppet device"
1. I get the following error when I run “puppet device’
err: Could not request certificate: Could not write
/var/opt/lib/pe-puppet/devices/certname/ssl/private_keys/certname.pem to
privatekeydir: Permission denied -
/var/opt/lib/pe-puppet/devices/certname/ssl/private_keys/certname.pem
Any thought?
Thanks,
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To view this discussion...
2011 Oct 19
5
How to know the generated certname used by a puppet client, for reuse within erb (because of cloud provisioner) ?
Hi,
I am using the cloud provisioner to bootstrap some ec2 nodes, and these
clients are signed using a randomly generated certname, which is put in
/etc/puppet.conf at the bootstrap time (eg certname =
d7bcd693-73fd-495f-0876-ff91ea11111e).
But my puppet code repo also manages the puppet.conf file, so the file will
be overwritten on the client at the first puppet run. Nevertheless, i should
not lose what was the original cer...
2012 Nov 20
2
hiera values issue
...using hiera. The problem
is I am only able to specify the ''common'' values, not the values using the
the variable ''clientcert''. This is my configuration in the puppetmaster:
The ''/etc/hiera.yaml'' file:
---
:backend:
- yaml
:hierarchy:
- ${certname}
- common
:yaml:
# datadir is empty here, so hiera uses its defaults:
# - /var/lib/hiera on *nix
# - %CommonAppData%\PuppetLabs\hiera\var on Windows
# When specifying a datadir, make sure the directory exists.
:datadir:
I created the file ''/var/lib/hiera/c108.dfgserver.com.yaml'&...
2010 Feb 14
2
How can I set certname in managed puppet.conf?
I want to manage my puppet.conf files on every node, via a puppet
module on the puppetmaster.
However, in puppet.conf on each of my nodes, I also *must* specify the
certname attribute.
(This is because my company''s NIS domain doesn''t match it''s DNS domain
and the fqdn comes out erroneous unless I enforce the DNS name with
the certname attribute.)
Does anyone know how to make that value dynamic within puppet.conf?
--
You received this mes...
2011 Feb 25
2
"hostname not match with the server certificate" error
...ration working
(http://docs.puppetlabs.com/guides/configuring.html) with a little
tweak because I''m on EC2, but I''m not able to authenticate my agent
with the master.
Here''s the steps I''m taking, and the output:
[agent]# echo "foobar" > /etc/puppet/certname
[agent]# puppet agent --certname=$(cat /etc/puppet/certname) --server
puppet.mydomain.org --waitforcert 30 --test
info: Creating a new SSL key for webserver
warning: peer certificate won''t be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won'&...
2008 Jun 14
9
Disabling 'node_name = facter' setting
...names, and it all stems from the
''node_name'' setting.
In the default setup, your certificate gets created with your host''s
fully qualified node name, and Puppet uses the value from the
certificate for everything.
In addition, there''s a setting, ''certname'', that allows you to
override the value that goes into the certificate. This is
reasonable, because your host name might be some dhcp gibberish, or
you might want to use a UUID or whatever.
However, for some reason I added the ''node_name'' setting to allow you
t...
2012 Jun 08
2
certname=hostname SSL errors
Hi all,
I ran into the following problem:
Until now, i used fqdn as certname (i.e. had no certname defined in
puppet.conf, so defaults applied) and everything worked fine. However,
I wanted to use tthe short hostname as certname, so I redeployed the
puppet.conf file, re-generated the certificates and signed them, and
removed the old certificates from the master.
Now I hav...
2009 Jun 30
43
Workstations and Certs
I am trying to come up with a workable solution in managing numerous
Mac workstations allowing a high degree of flexibility with regards to
certs.
My puppet environment is setup to application installation on machines
that have been ''imaged'' with a base OS and the puppet and facter apps.
So, when a Mac is ''imaged'' and subsequently re-booted, puppet is run
at
2013 Jan 22
6
Security considerations for basing decisions on facts
Hello,
Let''s consider the scenario when a client node in a puppet environment
gets compromised.
In case some of the puppet modules make decisions based on agent facts,
these modules are potentially exposed to abuse from the malicious puppet
agent.
For example, if a class has:
if $some_fact == ''some value'' {
# deploy some configuration
}
then the compromised node
2008 Apr 27
4
Template variable "hostname" not working with certname= parameter?
I recently upgraded my Puppetmaster to 0.24.4 and it looks like my templates
are not working properly. All of my clients use the same certificate, built
by my original client "xx". I do this using the certname=blah parameter in
the puppet.conf on each client. Up until I upgraded each client would use
the "xx" certificate (which I had renamed to "blah") and everything worked
great. Now however, they are all connecting as "xx" and reconfiguring the
systems (i.e. DHCP3.conf)...
2008 Oct 14
2
Certificate validation failing
...nning puppet 0.24.5.
On the client when I run:
puppetd --server myserver.com --waitforcert 60 --test
I get a cert to sign on the server. I sign it and run the command
above again on the client. But then I get 3 errors similar to this:
warning: Certificate validation failed; considering using the certname
configuration option
err: /File[/var/lib/puppet/lib]: Failed to generate additional
resources during transaction: Certificates were not trusted: hostname
was not match with the server certificate
I have tried to setting certname on the client to the hostname (for
FQDN and hostname only) with no l...
2011 Mar 08
1
EC2 master restart, broken agents
A quick overview of our setup:
We have an EBS-backed puppet master instance with an Elastic IP, and a
number of puppet agent AMI images in various regions. When these AMIs
were created, they were authenticated with the puppet master using the
following command:
# puppet agent --certname=$(cat /etc/puppet/certname) --server
puppet.ourdomain.net --waitforcert 30 --test
...and accepted on the puppet master with:
# puppet cert --certname=$(cat /etc/puppet/certname) --sign {instance-
name}
Spinning up new instances of the AMIs worked without issue.
Now, the problem:
Recently we h...
2013 Sep 18
4
Not able to capture node info via browser
...8080/v2/facts/operatingsystem but not working
[root@puppetmaster ~]curl -X GET
http://puppetdb:8080/v2/facts/operatingsystem
curl: (6) Couldn''t resolve host ''puppetdb''
[root@puppetmaster ~]# curl -X GET
http://localhost:8080/v2/facts/operatingsystem
[ {
"certname" : "es-w2k8sql2k804.vshimslab.com",
"name" : "operatingsystem",
"value" : "windows"
}, {
"certname" : "infafr00012.nmumarl.lntinfotech.com",
"name" : "operatingsystem",
"value" : &quo...
2009 Sep 08
7
Puppetmaster be client of another puppetmaster?
...our customers'' server via puppet, but one customer
has a puppetmaster server which looks after their internal systems. We''ve
tried the following in /etc/puppet/puppet.conf ("customer" and "us"
replacing the domain names) on their puppetmaster:
[puppetmasterd]
certname = puppetmaster.customer.com
templatedir=/var/lib/puppet/templates
[puppetd]
server = puppetmaster.us.com
certname = puppetmaster.us.com
When we run "puppetd -t" on that server, we get:
# puppetd -t
warning: Certificate validation failed; consider using the certname
configuration opti...
2012 Aug 21
3
mcollective getaddrinfo: Name or service not known
...abs/mcollective/server.cfg: getaddrinfo: Name or service not
known
I know the above error is commonly related to DNS but I''m not sure where
the disconnect it. These are brand new agent installations. server field in
the agent puppet.conf is the server hostname which is also the listed
certname shown when ''puppet master --configprint certname,certdnsnames'' is
typed from the server (certdnsname is blank).
Any help or direction?
Thanks -- James
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To view this d...
2012 Jul 11
6
certname doesn't seem to work on the agent
Hi guys,
I have a box that needs to identify itself to the puppetmaster as something
different from the FQDN. I added certname to the agent configuration before
the first run, but it doesn''t seem to be sufficient. The certificate was
generated for the FQDN, and the host appears in the dashboard as the FQDN,
and the node name used to evaluate the manifest is also the FQDN. I would
like to set it up so that, fo...
2012 Oct 26
2
Using regex to match hostnames in hiera
Hi, I''m having a problem with extlookup not respecting the ''certname'' parameter[1]. When executing a puppet run with either the --certname or --fqdn parameters, it ends up using the specified SSL certificate and gets the correct node definition applied from the puppetmaster. However, it still retrieves extlookup data using the node''s actual FQDN...
2013 Oct 18
1
'eval_generate: SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: tlsv1 alert unknown ca
...own ca
What i already checked the /etc/config of the client and de server. And the
config files, but maybe i m missing something.
Could you help me, thank.
*## Client config*
*- hosts*
.....
*192.168.0.112 doforte.geofusion doforte
192.168.0.107 gfn-puppetmaster*
.....
*-puppet.config*
*[agent]
certname = generic-gfn-puppetmaster.pem
certificate_revocation = false
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
server = gfn-puppetmaster
report = true
pluginsync = true
certname = doforte.geofusion*
*### Server config*
*-host*
...
*192.168.0.107 gfn-puppetmaster...
2011 Mar 03
1
Puppet without FQDN (could not retrieve fact fqdn)
Hello,
I am testing Puppet and I would like to use it without having to add a
DNS entry. Is there a way around this, or am I required to rely on
DNS?
More specifically, the reason I ask is I am getting the following
error when trying to invoke puppet --mkusers:
# puppet master --mkusers
warning: Could not retrieve fact fqdn
Could not parse for environment production: Could not find file /root/
2012 Jul 06
5
Certificate problems.
I''m setting up a dev / test environment using a couple of Ubuntu 12.04 VMs.
I have puppet installed on one of them, and am trying to get it to sync
against itself to get certain things in place to distribute with the nodes.
However, I am having some issues.
# puppet agent --test
info: Creating a new SSL key for puppet-local-master
err: Could not request certificate: getaddrinfo: Name