search for: puppetscalability

hey all, trying to get SSL cert deligation working based on http://reductivelabs.com/trac/puppet/wiki/PuppetScalability. All of the commands run without any problems, however I''m still not getting it to work. One perplexing thing is openssl reports the cert is okay. # openssl verify -CAfile /var/lib/puppet/ssl/certs/ca.pem /var/lib/puppet/ssl/certs/test1.localdomain.pem /var/lib/puppet/ssl/certs/test1.l...

...al webrick setup. Seems that webrick doens''t handle the SSL certs correctly enough to get this type of setup working. .r'' 2008/6/3 RijilV <rijilv@gmail.com>: > hey all, trying to get SSL cert deligation working based on > http://reductivelabs.com/trac/puppet/wiki/PuppetScalability. All of > the commands run without any problems, however I''m still not getting > it to work. One perplexing thing is openssl reports the cert is okay. > > > # openssl verify -CAfile /var/lib/puppet/ssl/certs/ca.pem > /var/lib/puppet/ssl/certs/test1.localdomain.pem >...

hi, i''m trying to set up my puppetmaster infrastructure with multiple puppetservers behind load balancers in each of our datacenters. i''m using 0.24.6. i''ve read the howto on puppet scalability, and i think i''ve got the ssl config working correct, but i''m noticing that when puppetd is used to build a puppetmaster, some of the files in $vardir/ ssl

hi,all I want set up a puppet HA structure. but if the puppetd can set more than one server address ,the work will be simple :D if one puppetmaster have error, the client can auto try the next. I think I can use the heartbeat or dns to do this same thing,but not so good. so I want know the puppetd can direct set in the configure file ? if not,will be add this option? -- Huang

...de. In an effort to mitigate the problem, I''ve switched all fileserver operations to another server process, ensuring only CA methods and configuration methods are being called from the default server process. This is described in: http://reductivelabs.com/cgi-bin/puppet.cgi/wiki/PuppetScalability Even after offloading all fileserver operations, the getconfig method is taking a minute or more on average. I''m currently running puppet every half hour from cron with a 15 minute splay. I''m wondering if anyone else has suggestions or insight into reducing response time in...

Is is possible to have a puppetmaster that is a client of a different puppetmaster? We manage our customers'' server via puppet, but one customer has a puppetmaster server which looks after their internal systems. We''ve tried the following in /etc/puppet/puppet.conf ("customer" and "us" replacing the domain names) on their puppetmaster: [puppetmasterd]

Hi all Luke and I have been discussing the wiki and how its future development might pan out. As a result I thought I''d canvas people for feedback. Currently the wiki''s layout and structure is fairly ad hoc and it''s a mix of wiki mark-up and REStructured Text (RST). We''d like to make it more "manual" like or at least move a significant portion of

I''m having difficulty getting my head around some CA issues My client has: [puppetd] ca_server=puppetca.mydomain.com and puppet resolves to a different machine. when puppet connects, it requests a signature from puppetca.mydomain.combut then on the next pass fails with the following: err: Could not retrieve catalog: Certificates were not trusted: SSL_connect returned=1 errno=0