search for: dns_alt_names

Hi All, I''ve run into a bit of a tangle. I currently have two puppet masters which are "load balanced" with round robin DNS (one is also the CA). I''m using dns_alt_names to let them each answer to puppet.my.domain.com For the past year this has been fine. About a week ago I tried to add a third & while all my Linux clients are happy with the new arrangement, my smaller number of FreeBSD9 systems fail with: puppet-agent[73345]: Failed to apply catalog: SSL_c...

...ster on an EC2 instance, and have it be accessible to agentes using either its EC2 DNS name (e.g., ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com) or a friendlier alias (e.g., puppet.example.com). My /etc/puppet/puppet.conf looks like: [master] certname=ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com dns_alt_names=ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com,puppet.example.com,puppet When I try to connect to puppet.example.com, I get the following error: Jun 29 20:57:58 precise32 puppet-agent[1178]: Could not send report: Server hostname ''puppet.example.com'' did not match server certifica...

...processor failed: Failed to submit ''store report'' command for puppet1.allantgroup.com to PuppetDB at fqdn:8081: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=fqdn] I have puppetdb in the dns_alt_names line in puppet.conf Why does it work on 8140. but not 8081? How can I fix this problem? Thanks, Andy -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email t...

...e SSL certificates are kept. # The default value is ''$confdir/ssl''. ssldir = $vardir/ssl # Proxy settings http_proxy_host = xxxxxx.xxxxxxxxx.xxx http_proxy_port = 3128 [master] reporturl = http://127.0.0.1:3000/reports/upload reports = store, http dns_alt_names = xxxxxx.xxxxxxxxx.xxx Can someone help me with this? Thanks Olivier Trempe -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@...

Hi Guys, I am new to the world of puppet. I have successfully configured puppet on centos 6 and am now trying to install puppetb on the same host. After the configuration when I try to run puppetd --test command on the client I get : [root@puppettest ~]# puppetd --test notice: Ignoring --listen on onetime run err: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to

...;'$vardir/run''. rundir = /var/run/puppet # Where SSL certificates are kept. # The default value is ''$confdir/ssl''. ssldir = $vardir/ssl report = true pluginsync = true server = devops.XXXXXX.com certname = blramisr195602.XXXXXX.com dns_alt_names = 10.209.47.31 modulepath = /etc/puppet/modules and resigned certifcates on master after clean up, but the puppet master still blocks it. However If I run through puppet master daemon (without nginx + passenger) all requests go through. Is there any specific configuration for Nginx host he...

...nment/modules:/etc/puppet/modules manifest = /etc/puppet/manifests/site.pp environment = production autosign = false ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY certname = puppetmaster.tld dns_alt_names = puppetmaster.tld,puppetmaster-host.tld report = true reports = store #reports = store, foreman [production] manifest = /etc/puppet/manifests/site.pp Has anyone run into this issue with puppetlabs-apache or know...

Hello, Attempting to setup a CA primary/standby as well as seperate puppetmaster servers (all running Apache/Passenger) behind another Apache/Passenger type load balancer. Clients are not getting certs:- err: Could not request certificate: Could not intern from s: nested asn1 error Clearly an SSL issue but not something I know a great deal about. loadbalancer.conf # Puppet Load Balancing

...} } and the puppet.conf [main] # The Puppet log directory. # The default value is ''$vardir/log''. logdir = /var/log/puppet # Where Puppet PID files are kept. # The default value is ''$vardir/run''. rundir = /var/run/puppet dns_alt_names = devops.XXXXX.com,devops confdir = /etc/puppet vardir = /var/lib/puppet storeconfigs = true storeconfigs_backend = puppetdb thin_storeconfigs = false async_storeconfigs = false ssl_client_header = SSL_CLIENT_S_D ssl_client_verify_header = SSL_CLIENT_VERIFY # Wh...

I''m trying to split out my certificate authority and have one CA and multiple masters, currently using round robin DNS, possibly using HAproxy later. Got most of the way there but tangled up in names and certificates. When the Puppet CA generated it''s certificate the PTR record for it''s IP pointed back to it''s domain name ("henson") and it had a CNAME

...ll of the following be true in order to add default subjectAltNames to the CSR: 1. We are a CA and master 2. We''re signing the master''s cert, not self-signing the CA 3. The CSR is for the current host 4. No subjectAltNames have been specified, e.g. Puppet[:dns_alt_names] 5. The master can resolve its fqdn These should only ever be true when bootstrapping the initial master. In particular, it should never be true for the CA''s self-signed cert, for remote agents, or for servers that are either masters or CAs, but not both. The fqd...

...ot; dblocation = /var/lib/puppet/state/clientconfigs.sqlite3 dbmigrate = false dbname = puppet dbpassword = puppet dbport = "" dbserver = localhost dbsocket = "" dbuser = puppet deviceconfig = /etc/puppet/device.conf devicedir = /var/lib/puppet/devices diff = diff diff_args = -u dns_alt_names = "" document_all = false downcasefacts = false dynamicfacts = memorysize,memoryfree,swapsize,swapfree environment = production evaltrace = false external_nodes = none factdest = /var/lib/puppet/facts/ factpath = /var/lib/puppet/lib/facter facts_terminus = facter factsignore = .svn CVS fa...

Hi All, I currently have two puppet masters which are "load balanced" with round robin DNS (one is also the CA). I''m using dns_alt_names to let them each answer to puppet.my.domain.com For the past year this has been fine. Today I''m trying to add a third & while all my Linux clients seem happy with the new arrangement, my smaller number of FreeBSD9 systems fail with: puppet-agent[73345]: Failed to apply catalog: SSL_...

I''m not sure at all what''s going on here, but I''ve spent a lot of time reading over the puppet hiera docs and setting everything up, but when I run puppet agent it just seems to ignore the hiera setup completely. Both the puppet master and agent nodes have exactly the same versions of puppet and hiera (installed via the official puppet APT repository). I''ve

I am installing puppet enterprise manager (master) on a RHEL box. Though the install itself succeeds without any issues, the first run of puppet when it tries to deploy the pe_mcollective module fails with the following error. Message: change from notrun to 0 failed: sh -c ''umask 077; keytool - importkeystore -deststorepass puppet -destkeypass puppet -destkeystore broker.ks -srckeystore

...$vardir/classes.txt # Where puppetd caches the local configuration. An # extension indicating the cache format is added automatically. # The default value is ''$confdir/localconfig''. localconfig = $vardir/localconfig [master] certname=puppettest.eng.com dns_alt_names = ip-10-172-161-25.us-west-1.compute.internal,puppettest.eng.com,puppet Puppetdb.cof ========== [root@ip-10-172-161-25 modules]# cat /etc/puppet/puppetdb.conf [main] server = ip-10-172-161-25.us-west-1.compute.internal #server = puppettest.eng.com port = 8081 jetty.in ====== [jetty] # Hos...

Greetings, we are trying to setup puppetdb, nut our clients get the following error: Warning: Unable to fetch my node definition, but the agent run will continue: Warning: Error 400 on SERVER: Could not retrieve facts for lxa7t.unix.lan: Failed to submit ''replace facts'' command for lxa7t.unix.lan to PuppetDB at puppetdb:8081: Connection refused - connect(2) Info: Retrieving

I have a single LB running Apache with mod_proxy in front of a Puppet master. These are the LB and Puppet master configs: <Proxy balancer://puppetmaster> BalancerMember http://192.168.1.10:8140 </Proxy> Listen 8140 <VirtualHost *:8140> SSLEngine on SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite