search for: certname

1. I get the following error when I run “puppet device’ err: Could not request certificate: Could not write /var/opt/lib/pe-puppet/devices/certname/ssl/private_keys/certname.pem to privatekeydir: Permission denied - /var/opt/lib/pe-puppet/devices/certname/ssl/private_keys/certname.pem Any thought? Thanks, -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion...

Hi, I am using the cloud provisioner to bootstrap some ec2 nodes, and these clients are signed using a randomly generated certname, which is put in /etc/puppet.conf at the bootstrap time (eg certname = d7bcd693-73fd-495f-0876-ff91ea11111e). But my puppet code repo also manages the puppet.conf file, so the file will be overwritten on the client at the first puppet run. Nevertheless, i should not lose what was the original cert...

...using hiera. The problem is I am only able to specify the ''common'' values, not the values using the the variable ''clientcert''. This is my configuration in the puppetmaster: The ''/etc/hiera.yaml'' file: --- :backend: - yaml :hierarchy: - ${certname} - common :yaml: # datadir is empty here, so hiera uses its defaults: # - /var/lib/hiera on *nix # - %CommonAppData%\PuppetLabs\hiera\var on Windows # When specifying a datadir, make sure the directory exists. :datadir: I created the file ''/var/lib/hiera/c108.dfgserver.com.yaml'...

I want to manage my puppet.conf files on every node, via a puppet module on the puppetmaster. However, in puppet.conf on each of my nodes, I also *must* specify the certname attribute. (This is because my company''s NIS domain doesn''t match it''s DNS domain and the fqdn comes out erroneous unless I enforce the DNS name with the certname attribute.) Does anyone know how to make that value dynamic within puppet.conf? -- You received this mess...

...ration working (http://docs.puppetlabs.com/guides/configuring.html) with a little tweak because I''m on EC2, but I''m not able to authenticate my agent with the master. Here''s the steps I''m taking, and the output: [agent]# echo "foobar" > /etc/puppet/certname [agent]# puppet agent --certname=$(cat /etc/puppet/certname) --server puppet.mydomain.org --waitforcert 30 --test info: Creating a new SSL key for webserver warning: peer certificate won''t be verified in this SSL session info: Caching certificate for ca warning: peer certificate won'...

...names, and it all stems from the ''node_name'' setting. In the default setup, your certificate gets created with your host''s fully qualified node name, and Puppet uses the value from the certificate for everything. In addition, there''s a setting, ''certname'', that allows you to override the value that goes into the certificate. This is reasonable, because your host name might be some dhcp gibberish, or you might want to use a UUID or whatever. However, for some reason I added the ''node_name'' setting to allow you to...

Hi all, I ran into the following problem: Until now, i used fqdn as certname (i.e. had no certname defined in puppet.conf, so defaults applied) and everything worked fine. However, I wanted to use tthe short hostname as certname, so I redeployed the puppet.conf file, re-generated the certificates and signed them, and removed the old certificates from the master. Now I have...

I am trying to come up with a workable solution in managing numerous Mac workstations allowing a high degree of flexibility with regards to certs. My puppet environment is setup to application installation on machines that have been ''imaged'' with a base OS and the puppet and facter apps. So, when a Mac is ''imaged'' and subsequently re-booted, puppet is run at

Hello, Let''s consider the scenario when a client node in a puppet environment gets compromised. In case some of the puppet modules make decisions based on agent facts, these modules are potentially exposed to abuse from the malicious puppet agent. For example, if a class has: if $some_fact == ''some value'' { # deploy some configuration } then the compromised node

I recently upgraded my Puppetmaster to 0.24.4 and it looks like my templates are not working properly. All of my clients use the same certificate, built by my original client "xx". I do this using the certname=blah parameter in the puppet.conf on each client. Up until I upgraded each client would use the "xx" certificate (which I had renamed to "blah") and everything worked great. Now however, they are all connecting as "xx" and reconfiguring the systems (i.e. DHCP3.conf)...

...nning puppet 0.24.5. On the client when I run: puppetd --server myserver.com --waitforcert 60 --test I get a cert to sign on the server. I sign it and run the command above again on the client. But then I get 3 errors similar to this: warning: Certificate validation failed; considering using the certname configuration option err: /File[/var/lib/puppet/lib]: Failed to generate additional resources during transaction: Certificates were not trusted: hostname was not match with the server certificate I have tried to setting certname on the client to the hostname (for FQDN and hostname only) with no lu...

A quick overview of our setup: We have an EBS-backed puppet master instance with an Elastic IP, and a number of puppet agent AMI images in various regions. When these AMIs were created, they were authenticated with the puppet master using the following command: # puppet agent --certname=$(cat /etc/puppet/certname) --server puppet.ourdomain.net --waitforcert 30 --test ...and accepted on the puppet master with: # puppet cert --certname=$(cat /etc/puppet/certname) --sign {instance- name} Spinning up new instances of the AMIs worked without issue. Now, the problem: Recently we ha...

...8080/v2/facts/operatingsystem but not working [root@puppetmaster ~]curl -X GET http://puppetdb:8080/v2/facts/operatingsystem curl: (6) Couldn''t resolve host ''puppetdb'' [root@puppetmaster ~]# curl -X GET http://localhost:8080/v2/facts/operatingsystem [ { "certname" : "es-w2k8sql2k804.vshimslab.com", "name" : "operatingsystem", "value" : "windows" }, { "certname" : "infafr00012.nmumarl.lntinfotech.com", "name" : "operatingsystem", "value" : &quot...

...our customers'' server via puppet, but one customer has a puppetmaster server which looks after their internal systems. We''ve tried the following in /etc/puppet/puppet.conf ("customer" and "us" replacing the domain names) on their puppetmaster: [puppetmasterd] certname = puppetmaster.customer.com templatedir=/var/lib/puppet/templates [puppetd] server = puppetmaster.us.com certname = puppetmaster.us.com When we run "puppetd -t" on that server, we get: # puppetd -t warning: Certificate validation failed; consider using the certname configuration optio...

...abs/mcollective/server.cfg: getaddrinfo: Name or service not known I know the above error is commonly related to DNS but I''m not sure where the disconnect it. These are brand new agent installations. server field in the agent puppet.conf is the server hostname which is also the listed certname shown when ''puppet master --configprint certname,certdnsnames'' is typed from the server (certdnsname is blank). Any help or direction? Thanks -- James -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this di...

Hi guys, I have a box that needs to identify itself to the puppetmaster as something different from the FQDN. I added certname to the agent configuration before the first run, but it doesn''t seem to be sufficient. The certificate was generated for the FQDN, and the host appears in the dashboard as the FQDN, and the node name used to evaluate the manifest is also the FQDN. I would like to set it up so that, for...

Hi, I''m having a problem with extlookup not respecting the ''certname'' parameter[1].  When executing a puppet run with either the --certname or --fqdn parameters, it ends up using the specified SSL certificate and gets the correct node definition applied from the puppetmaster.  However, it still retrieves extlookup data using the node''s actual FQDN,...

...own ca What i already checked the /etc/config of the client and de server. And the config files, but maybe i m missing something. Could you help me, thank. *## Client config* *- hosts* ..... *192.168.0.112 doforte.geofusion doforte 192.168.0.107 gfn-puppetmaster* ..... *-puppet.config* *[agent] certname = generic-gfn-puppetmaster.pem certificate_revocation = false ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY server = gfn-puppetmaster report = true pluginsync = true certname = doforte.geofusion* *### Server config* *-host* ... *192.168.0.107 gfn-puppetmaster 1...

Hello, I am testing Puppet and I would like to use it without having to add a DNS entry. Is there a way around this, or am I required to rely on DNS? More specifically, the reason I ask is I am getting the following error when trying to invoke puppet --mkusers: # puppet master --mkusers warning: Could not retrieve fact fqdn Could not parse for environment production: Could not find file /root/

I''m setting up a dev / test environment using a couple of Ubuntu 12.04 VMs. I have puppet installed on one of them, and am trying to get it to sync against itself to get certain things in place to distribute with the nodes. However, I am having some issues. # puppet agent --test info: Creating a new SSL key for puppet-local-master err: Could not request certificate: getaddrinfo: Name