search for: certnames

1. I get the following error when I run “puppet device’ err: Could not request certificate: Could not write /var/opt/lib/pe-puppet/devices/certname/ssl/private_keys/certname.pem to privatekeydir: Permission denied - /var/opt/lib/pe-puppet/devices/certname/ssl/private_keys/certname.pem Any thought? Thanks, -- You received this message because you are subscribed to the Google Groups

Hi, I am using the cloud provisioner to bootstrap some ec2 nodes, and these clients are signed using a randomly generated certname, which is put in /etc/puppet.conf at the bootstrap time (eg certname = d7bcd693-73fd-495f-0876-ff91ea11111e). But my puppet code repo also manages the puppet.conf file, so the file will be overwritten on the client at the first puppet run. Nevertheless, i should not

Hi, I have a puppetmaster - agent architecture. I have a module for the vsftpd configuracion in the agents. The configuration of the value ''max_per_ip'' in the agents may vary. This is a line of the manifest: $max_per_ip = hiera(''max_per_ip'',10) I want to specify different values for each agent using hiera. The problem is I am only able to specify the

I want to manage my puppet.conf files on every node, via a puppet module on the puppetmaster. However, in puppet.conf on each of my nodes, I also *must* specify the certname attribute. (This is because my company''s NIS domain doesn''t match it''s DNS domain and the fqdn comes out erroneous unless I enforce the DNS name with the certname attribute.) Does anyone know how

Hi all I''m trying to set up a separate puppet master and client on EC2. I''ve used two instances of CentOS5.4 with nothing other than the base install and have installed puppet via the ruby gems. Puppet is at 2.6.4 on both machines. I''ve been following the guide to get a basic configuration working (http://docs.puppetlabs.com/guides/configuring.html) with a little tweak

I''m having a heck of a time trying to fix #1178, which is a problem related to inconsistent node names, and it all stems from the ''node_name'' setting. In the default setup, your certificate gets created with your host''s fully qualified node name, and Puppet uses the value from the certificate for everything. In addition, there''s a setting,

Hi all, I ran into the following problem: Until now, i used fqdn as certname (i.e. had no certname defined in puppet.conf, so defaults applied) and everything worked fine. However, I wanted to use tthe short hostname as certname, so I redeployed the puppet.conf file, re-generated the certificates and signed them, and removed the old certificates from the master. Now I have the following status:

I am trying to come up with a workable solution in managing numerous Mac workstations allowing a high degree of flexibility with regards to certs. My puppet environment is setup to application installation on machines that have been ''imaged'' with a base OS and the puppet and facter apps. So, when a Mac is ''imaged'' and subsequently re-booted, puppet is run at

Hello, Let''s consider the scenario when a client node in a puppet environment gets compromised. In case some of the puppet modules make decisions based on agent facts, these modules are potentially exposed to abuse from the malicious puppet agent. For example, if a class has: if $some_fact == ''some value'' { # deploy some configuration } then the compromised node

I recently upgraded my Puppetmaster to 0.24.4 and it looks like my templates are not working properly. All of my clients use the same certificate, built by my original client "xx". I do this using the certname=blah parameter in the puppet.conf on each client. Up until I upgraded each client would use the "xx" certificate (which I had renamed to "blah") and

I am trying to use puppet to configure Amazon EC2 instances. The server is my own box at home. Both server and clients are Ubuntu 8.04 running puppet 0.24.5. On the client when I run: puppetd --server myserver.com --waitforcert 60 --test I get a cert to sign on the server. I sign it and run the command above again on the client. But then I get 3 errors similar to this: warning: Certificate

A quick overview of our setup: We have an EBS-backed puppet master instance with an Elastic IP, and a number of puppet agent AMI images in various regions. When these AMIs were created, they were authenticated with the puppet master using the following command: # puppet agent --certname=$(cat /etc/puppet/certname) --server puppet.ourdomain.net --waitforcert 30 --test ...and accepted on the

If I run below command on puppet master. I am able to get output pasted here. But the same information, I am trying to capture via browser using http://puppetdb:8080/v2/facts/operatingsystem but not working [root@puppetmaster ~]curl -X GET http://puppetdb:8080/v2/facts/operatingsystem curl: (6) Couldn''t resolve host ''puppetdb'' [root@puppetmaster ~]# curl -X

Is is possible to have a puppetmaster that is a client of a different puppetmaster? We manage our customers'' server via puppet, but one customer has a puppetmaster server which looks after their internal systems. We''ve tried the following in /etc/puppet/puppet.conf ("customer" and "us" replacing the domain names) on their puppetmaster: [puppetmasterd]

I''m getting these errors when running ''puppet agent --test'' after doing a new installation of an agent: err: /Stage[main]/Pe_mcollective::Plugins/File[/opt/puppet/libexec/mcollective/mcollective/security/sshkey.rb]/content: change from {md5}512f42272699eaa085c83d2cc67c27ea to {md5}8fa3e9125fd917948445e3d2621d40e5 failed: Could not back up

Hi guys, I have a box that needs to identify itself to the puppetmaster as something different from the FQDN. I added certname to the agent configuration before the first run, but it doesn''t seem to be sufficient. The certificate was generated for the FQDN, and the host appears in the dashboard as the FQDN, and the node name used to evaluate the manifest is also the FQDN. I would

Hi, I''m having a problem with extlookup not respecting the ''certname'' parameter[1].  When executing a puppet run with either the --certname or --fqdn parameters, it ends up using the specified SSL certificate and gets the correct node definition applied from the puppetmaster.  However, it still retrieves extlookup data using the node''s actual FQDN, not the one

Hi, ppl I dont know what to do. I configure a new client do sync with my server. the server accept de client_cert without errors and then when i run the "puppet agent -t" agaion i got this error output info: Retrieving plugin err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using ''eval_generate: SSL_connect returned=1 errno=0 state=SSLv3 read server

Hello, I am testing Puppet and I would like to use it without having to add a DNS entry. Is there a way around this, or am I required to rely on DNS? More specifically, the reason I ask is I am getting the following error when trying to invoke puppet --mkusers: # puppet master --mkusers warning: Could not retrieve fact fqdn Could not parse for environment production: Could not find file /root/

I''m setting up a dev / test environment using a couple of Ubuntu 12.04 VMs. I have puppet installed on one of them, and am trying to get it to sync against itself to get certain things in place to distribute with the nodes. However, I am having some issues. # puppet agent --test info: Creating a new SSL key for puppet-local-master err: Could not request certificate: getaddrinfo: Name