search for: hostcerts

I am getting myself confused, and need someone who fully understands this process to help me out a bot. I would like to obtain an ssl certificate, so I can run my own imap server on a machine in my office. My domain is hosted by networksolutions, but I don't run my imap server there. I am assuming I'll need to pay a CA to generate what I need, but I'm confused about what I

Hi All Apologies if this is obvious, but I''m a bit flaky around SSL certificates. NB puppet version 0.25.5 We use the brilliant feature of certificates where you can have Alternate DNS names for a certificate which is manifested in the puppet master config file as certdnsnames. All our clients connect to puppet-$ location.example.com, and if $location is down, we can point the CNAME to

Hi all, I''m setting up puppetdb to for storing facts et cetera. I installed puppetdb-1.3.0-1.el6.noarch.rpm on my puppetdb.local host (which is puppetized). This seems to work, service starts :). When I edit the settings on my puppetmaster (puppet.local), something goes wrong. I am following the guide [1]. I put the settings (storeconfigs = true, storeconfigs_backend=puppetdb) on my

...user, execute doveadm expunge mailbox Spam37 savedbefore 3day #User's actual cmd doveadm who #The simplest possible command, for testing It says: doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 12: ssl_cert: Can't open file /etc/ssl/hostcerts/hostw.cia: Permission denied The actual EPERM occurs trying to traverse a directory in /etc/letsencrypt, but the next configuration item to be read (in the SSL section) is the host's private key, and the user is surely not ever going to get permission to read that. (I did test giving the use...

...veadm expunge mailbox Spam37 savedbefore 3day #User's actual cmd > doveadm who #The simplest possible command, for testing > It says: > doveconf: Fatal: Error in configuration file > /etc/dovecot/conf.d/10-ssl.conf line 12: ssl_cert: > Can't open file /etc/ssl/hostcerts/hostw.cia: Permission denied This was mentioned before on this list. See https://dovecot.org/pipermail/dovecot/2020-August/119650.html how to solve this. > The actual EPERM occurs trying to traverse a directory in /etc/letsencrypt, > but the next configuration item to be read (in the SS...

Hi all, I have applied the patch at http://metastatic.org/source/rsync-ssl.patch to the rsync v2.6.2 tree, and have it installed between two hosts. Unfortunately the patch contains no docs, so I have no idea whether I've configured it correctly. Any attempt at making an rsync transfer bombs out with the error: [fma@chandler fma]$ rsync -a --ssl-ca-certs=/usr/share/ssl/certs/caCert.pem

I''m getting certificate errors when I attempt to run puppetd on the puppetmaster. As near as I can tell, this is because I''m using the same puppet.conf for both puppetd and puppetmasterd; but puppetmaster runs as user "puppet" and puppetd runs as user "root", yet both expect the certificates to be readable and chmod 600. I tried telling puppetd to use

Hello all! Some month ago I upgraded our dovecot installation from version 1.0.5 to version 2.1.7 without having any trouble. Postfix is delivering email directly per virtual transport to the maildirs and mailboxes of the users in /var/spool/vhosts/domains/.... Now I want to use dovecot-lda and created a new entry in the master.cf of postfix. dovecot unix - n n - -

In my puppet client I have puppet.conf defined puppet server as mypuppet server = mypuppet.example.net Not sure why the puppet client puppet-test is still sending these noises to the syslog Jun 10 13:36:23 puppet-test puppetd[10863]: [ID 702911 daemon.error] Could not find server : getaddrinfo: node name or service name not known Jun 10 13:36:23 puppet-test puppetd[10863]: [ID 702911

Hi all, Could anyone help me at least start debugging this issue? All agents have the same error, but i can''t find anything on the master-side logs. And the agent-side logs are non-existent (/var/log/puppet is empty). Thanks. Versions: Master: Red Hat Enterprise Linux Server release 6.3 puppet-server-3.1.0-1.el6.noarch puppetdb-1.1.1-1.el6.noarch puppetdb-terminus-1.1.1-1.el6.noarch

I am having troubles with getting puppetd running on some of my Solaris10 update 7 (05/2009) boxes. I use Jumpstart to build my servers, so the installation is repeatable, consistent, and automated, so it is especially confusing that some boxes work, and others don''t. I can ssh into both of these machines, so the host certs should be OK. As part of my installation, I download the

Hello, Running into a problem when wanting to daemon-ize the agent. It doesnt seems to do anything: - cannot find any daemon process with (ps aux | grep puppet) - the config is not updated after editing some params on the master - /var/log/puppet stay empty... while, when logged as root, it is working without issue with $puppet agent --test. ##Conf Ubuntu 12.04 Puppet 2.7.11 ## Daemon is

I''d like to extend my use of puppet to manage my desktop/notebook macs. As others have noted, the hostname of the mobile machines tends to change frequently, so basing the node name (in my site.pp) and the corresponding cert and private key names seems to be an issue. I seem to recall somewhat talking about this at Puppet Camp last week….. Generally my signing strategy is always to

Hello, It seems that, for one reason or another, two thing happened: the postgres for puppetdb was dead, and the puppetmaster service was started, even though it''s run from apache. After a bit of cleanup, everything works now. Thanks for your suggestion, and sorry for the stupid issue. On Tue, Mar 26, 2013 at 11:43 AM, Keith Burdis <keith@burdis.org> wrote: > The agent only

Hi all, Last week I noticed that the CertChecker in the Go implementation of x/crypto/ssh seems to be doing host principal validation incorrectly and filed the following bug: https://github.com/golang/go/issues/20273 By default they are looking for a principal named "host:port" inside of the certificate presented by the server, instead of just looking for the host as I believe OpenSSH

Hello all, I''ve tried to run ''puppetrun'', but there seems something unconfigured regarding the certificates. The reverse way (puppetd pulls the config from puppetmasterd) works fine. The namespaceauth.conf on the client (where puppetd runs) is configured as follows: [puppetrunner] allow *.abc.net (also tried the calling host: puppet1.abc.net) But when I call

Hello, I searched through the archive of the google group but did not found any solution or hint for my problem. I want to assign the following parameterized class to a node. class httpd($certMail, $certOU) { ... } This is the node statement to assign the class to a node. node "someserver" inherits basenode { class { httpd: certEMail =>

I too have been pushed into Puppet 3.0. Clients and PuppetMaster are now at 3.0.0. Not sure if this is a version change or syntax error that I am experiencing. We''ll use ''ntp'' as the example and the "build" host is a VM. The old way: class baseline::ntpd { package { "ntp": ensure => $virtual ? { physical => present,

Hi, i recently updated our windows 2008 r2 servers to puppet 3.3.0 . Im getting the following error* (only on our exchange 2010 db servers)*ever since: LevelMessageSourceFileLineTimeerrCould not retrieve local facts: undefined method `gsub'' for nil:NilClassPuppet13.09.2013 15:12 CESTerrFailed to apply catalog: Could not retrieve local facts: undefined method `gsub'' for

When I use the latest puppet 0.25.1 I got the same problem. This is what I do: 0. Install the Ubuntu 8.04 server with ssh, ruby, rdoc, libopenssl- ruby and git-core (which gets removed after clone). 1. Install the latest puppet from git repositories on both machines using git clone «git clone git://github.com/reductivelabs/puppet» and «git clone git://github.com/reductivelabs/facter» 2. Install it