search for: puppetca

I''m having difficulty getting my head around some CA issues My client has: [puppetd] ca_server=puppetca.mydomain.com and puppet resolves to a different machine. when puppet connects, it requests a signature from puppetca.mydomain.combut then on the next pass fails with the following: err: Could not retrieve catalog: Certificates were not trusted: SSL_connect returned=1 errno=0 state=SSLv3 read fin...

Is there a Best Practices method for doing this? :) I''m trying to configure clients by ssh''ing to them from the puppetmaster. My steps are: ssh $host ''svccfg import ...'' sleep puppetca --sign $host scp namespaceauth.conf $host ssh $host ''svcadm restart puppet'' The problem is that I''d like to stop and log an error if the cert signing fails. Sometimes the client doesn''t respond fast enough and there''s no cert waiting to be signed. Unfor...

Currently the puppetca CA password is set to ''secret'' How would one go about changing it? I agree with puppetlabs documentation that you should be an SSL expert to implement your own CA. I am not. However I would like to use puppet''s CA PKI infrastructure with ActiveMQ over TLS and it is se...

...s: Server: /etc/init.d/puppetmaster start * Starting puppetmaster ... [ ok ] Client: puppetd --test warning: peer certificate won''t be verified in this SSL session notice: Did not receive certificate notice: Set to run ''one time''; exiting with no certificate Server: puppetca --generate client.here.there Generating certificate for client.here.there Client: puppetd --waitforcert 60 --test warning: peer certificate won''t be verified in this SSL session err: Could not request certificate: Certificate retrieval failed: Certificate request does not match existing c...

Greetings! As you undoubtedly know, the fixes for CVE 2007-5162 in ruby break installations where puppetca has created certificates with a CommonName different from the server's real hostname. The Puppet clients quite correctly complains about hostname mismatch. A number of better and worse solutions have been suggested for this problem, especially in ticket #896. IMHO, there are two good solutions...

Hello I have a puppetmasterd installation running on a Mac OS X 10.6.3 Server with puppet installed via macports. Earlier today it was happily signing requests, before I upgraded puppet from 0.24.8 to 0.25.4. Now I get "Invalid argument": bash-3.2# puppetca --sign bouti.carbonplanet.com bouti.carbonplanet.com err: Could not call sign: Invalid argument The only mention I can find on the internets of this error is an IRC chat on 25 May from bdd: http://pelin.lovedthanlost.net/puppet/%23puppet-2010-05-25.log.html <bdd> interesting. after an upgr...

...try to get my first puppet installation up and running. (puppet-0.24.5, ruby-1.8.5) everything works as expected witch puppetmasterd + puppetd on the same machine. but i''ve problems connecting to the puppet-server from any client host. all i get is the error ------------ debug: Calling puppetca.getcert err: Could not call puppetca.getcert: #<Errno::EHOSTUNREACH: No route to host - connect(2)> err: Could not request certificate: Certificate retrieval failed: No route to host - connect(2) ------------ i tried the default ''bindaddress'' (0.0.0.0) and ''bindadd...

Hello there, I have a problem while I''m trying to puppetize a client, I get this error: err: Could not request certificate: Certificate retrieval failed: Certificate request does not match existing certificate; run ''puppetca --clean puppetclienttest.sl.ss''. I checked -Shutdown puppet on client/server side, delete ssl/ dir to regenerate certificate. -Be sure that the time is the same on both host. Now I don''t know what I can do else. Client version: 0.24.8 Server version: 2.6.6 -- You received thi...

So set up new node, ran on the client puppetd --server puppetmaster --waitforcert 60 --test on the puppetmaster itself I ran puppetca --list saw the hostname and then ran: puppetca --sign hostname.domain.com and on the puppet node itself I went back and ran puppetd -tv and get the following error: err: Could not retrieve catalog from remote server: certificate verify failed warning: Not using cache on failed catalog err: Co...

...nstallation", I followed foreman howtos and set up the pre-requisites accordingly. However, when I click on "Build" button, I get the following errors in the foreman''s console and another error in the web interface indicating that the installation failed. Any ideas? *"PuppetCA: SSL/CA or puppetca unavailable on this machine"* *"Failed to enable hostname_here for installation"* Thanks in advance. -- LOhit -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to pu...

...for Puppet version 0.24.1 info: mount[files]: allowing 10.100.0.0/16 access info: mount[files]: allowing *.gridapp.com access info: mount[files]: allowing *.dev.gridapp.com access info: Retrieving existing certificate for puppet.dev.gridapp.com Certificate does not match private key. Try ''puppetca --clean puppet.dev.gridapp.com'' on the server. when I clean, it creates a new one and claims the same thing [root@puppet ~]# puppetca --clean puppet.dev.gridapp.com Removing /var/lib/puppet/ssl/ca/signed/puppet.dev.gridapp.com.pem Removing /var/lib/puppet/ssl/public_keys/puppet.dev.grid...

Anyone ever migrated the puppetca to a different host? What are the steps that are involved?

Hello, How can I eliminate pending signing requests with puppetca?

...ting a new certificate request for v26.domain.com info: Creating a new SSL key at /var/lib/puppet/ssl/private_keys/v26.domain.com.pem warning: peer certificate won''t be verified in this SSL session. notice: No certificates; exiting Then I sign the cert in puppet server using Puppetca -sign v26.domain.com I now run the #puppetd -test on client again I get the below message . err: Could not retrieve configuration: Could not find v26.silverspringnet.com with names v26.silverspringnet.com, v26 warning: Not using cache on failed configuration I have removed t...

...t a brand newly build host (which is what I normally do for a new host) and got the usual message: err: No certificate; running with reduced functionality. info: Creating a new certificate request for sega-dev-1. info: Requesting certificate On the puppetmaster, I then list the waiting host with: puppetca --list then sign the key. In this case, I decided that the domain for the host was not correct so I did not sign the cert and went to /etc/puppet/ssl/ca and removed the waiting key from /etc/puppet/ssl/ca/requests and then re-ran puppetd -vt again. Since then, the master has been unable to see the...

I have a problem I can''t figure out. I was having cert problems with a host - it seemed to have multiple host names (mot likely from dns changes in the past) and all the certs were valid. Although it was giving an error about a cert I could not identify. So I tried: puppetca --revoke hostname puppetca --clean hostname restart puppetmaster puppetca --list --all (host does not show up - good) On client re-issue puppetd --server puppet --waitforcert 30 --test Error is : err: Could not retrieve catalog: Certificates were not trusted: sslv3 alert certificate revoked S...

All, I have --confdir=/etc/puppet/common in my /etc/init.d/puppetmaster and /etc/init.d/puppet files, vardir set to /var/lib/puppet in /etc/puppet/common/puppet.conf, and yet, every time I run puppetca it creates /etc/puppet/ssl. Anyone know why? Doug. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscri...

...t_collector/file=/usr/local/.aqadmin/puppet/var/facts: Could not retrieve information on /usr/local/.aqadmin/puppet/var/facts err: Could not retrieve configuration: Certificates were not trusted: certificate verify failed warning: Not using cache on failed configuration on the server: puppet:/# puppetca --list No certificates to sign puppet:/# puppetca --list xxxxxxxxxxxxxxxxxxx puppet:/# puppetca --sign xxxxxxxxxxxxxxxxxxx Signed xxxxxxxxxxxxxxxxx puppet:/# With the debug on the client i got : debug: getting config info: Retrieving facts debug: Calling fileserver.describe err: fact_collector/...

...--verbose and stop it with ctrl-C. > If you prefer to only maintain one shell session, you can start a WEBrick master with puppet master and stop it with kill $(cat $(puppet master --configprint pidfile)). Source: README.pdf inside the toolkit. I used to be able to do this by running ''puppetca''. But ever since puppetca isn''t available anymore I can''t seem to find any information on how to do it instead. Well other than what''s described above that is. But that''s not feasible in an automated fashion. I''d like to deploy a second puppet m...

...uppet/manifests/classes/sudo.pp class sudo { file { "/etc/sudoers": owner => "root", group => "root", mode => 440, } } /etc/puppet/manifests/site.pp import "classes/*" node default { include sudo } I make puppetca --list debian.lokku.net and puppetca --sign debian.lokku.net Signed debian.lokku.net But even I restart both client and master 100 times if I do: ls -l /etc/sudoers -rwxrwxrwx 1 root root 5 2009-10-20 17:52 /etc/sudoers What I did wrong? --~--~---------~--~----~------------~-------~--~----~...