similar to: Odd SSL Error

Hi. When registering a new client with the puppetmaster I get the following error: [root@host ~]# puppetd --server puppetmaster --waitforcert 50 --test info: Creating a new certificate request for host info: Creating a new SSL key at /var/lib/puppet/ssl/private_keys/ host.pem warning: peer certificate won''t be verified in this SSL session err: Could not call puppetca.getcert:

Hi - I a ran puppetd -vt against a brand newly build host (which is what I normally do for a new host) and got the usual message: err: No certificate; running with reduced functionality. info: Creating a new certificate request for sega-dev-1. info: Requesting certificate On the puppetmaster, I then list the waiting host with: puppetca --list then sign the key. In this case, I decided that the

Just started a "pilot" puppet server for real after messing around in VMs for the past week or so... I used the 0.24.0 since it was available, and on the test run, got this: err: Could not prefetch package provider ''yum'': Execution of ''/usr/bin/python /usr/lib/ruby/site_ruby/1.8/puppet/provider/package/yumhelper.py'' returned 512: /usr/bin/python:

I testing Puppet 0.19.3. If we decide to use it, we''d deploy it across several thousand hosts. The method described for creating client certificates described in the documentation - running "puppetd --server <server> --waitforcert 60 --test" and "puppetca --sign <client>" - is not practical for our installation. I''ve tried creating

Greetings! As you undoubtedly know, the fixes for CVE 2007-5162 in ruby break installations where puppetca has created certificates with a CommonName different from the server's real hostname. The Puppet clients quite correctly complains about hostname mismatch. A number of better and worse solutions have been suggested for this problem, especially in ticket #896. IMHO, there are two good

Hello, I try to install puppet on freebsd 6.X. All is well but i cannot get the certificte to install and be recognized. I run .19.3. I run the puppetd --test --waitforcert 60 then sign and then i got: err: No certificate; running with reduced functionality. info: Creating a new SSL key at /usr/local/.aqadmin/puppet/conf/ssl/private_keys/xxxxxxxxxxxxxx.pem info: Creating a new certificate

I restarted puppetmasterd and it announced that the Cert does not match existing key ! [root@puppet ~]# puppetmasterd --verbose --no-daemonize info: Starting server for Puppet version 0.24.1 info: mount[files]: allowing 10.100.0.0/16 access info: mount[files]: allowing *.gridapp.com access info: mount[files]: allowing *.dev.gridapp.com access info: Retrieving existing certificate for

Anyone ever migrated the puppetca to a different host? What are the steps that are involved?

Thorsten Sandfuchs wrote: > Hio, > I''m looking for a way to manage openssl client/server classes which correspond > to each other. As I don''t want to reinvent the wheel, I''d be glad if someone > could share his solution? :) > > It should be possible to provide and distribute ssl-certificates corresponding > to one (or perhaps even many) CAs and for

I''ve tried to implement puppetmaster High Availability (mon+heartbeat). Herefore, the puppet client and puppet master are running on both servers. When the puppet client starts up, it generates a certificate, public and private key for the machine it runs on. When the puppet master starts up, it changes something so that the puppet client have no valid certificate anymore (the

i thought i would run up a fedora 8 installation and take a look around, my default kickstart installation includes puppet which shouldn''t be a problem however the puppet client fails with Certificates were not trusted: hostname was not match with the server certificate The cause is obvious, the hostname of my puppetmaster is ''puppet1.mydomain.com'' and

Hello, I want a simple operation in a puppet node like restarting the ssh service if it was stopped. My site.pp is simple as this: import "services/*" node default { include ssh } The services directory as a ssh.pp : class ssh { service { ssh: ensure => running, subscribe => File["/etc/ssh/sshd_config"] } } I''ve stopped the ssh service in the

I recently had a working puppet server serving around 4-5 clients. One of the clients needed to be re-built and now only that client cannot connect. puppetca --clean hostname did not work So here is what I did on both the server/client I removed /var/lib/puppet/* Then I restarted the server via puppetmasterd --mkusers --verbose I then connect in via the client with /usr/bin/ruby

Is there an easy way to list which puppet daemons a puppetmaster controls? ... and from that, is there a way of getting the puppetmaster to store a copy of their compiled configuration somewhere? Thanks, mike

I''m seeing these in my logs on my puppetmaster: puppetmasterd[4111]: Could not store configs: SQLite3::SQLException: SQL logic error or missing database: DELETE FROM fact_values WHERE "id" = 8 currently this is 0.24.0 relect from some previously collected resource that wasn''t cleaned up? upgrade issue? nothing to worry about? that''s the only

I have the following in my site.pp node "pclient.example.com" inherits default {} When I try to start puppetmaster it gives me the following error Starting puppetmaster: Syntax error at ''pclient.example.com'' at /etc/puppet/manifests/site.pp:24 When I change the node declaration to this node ''pclient.example.com'' inherits default {} puppetmaster

Hi, I''m new to Puppet, but it looks very good, so far. We are going to use it for a multi-tier (DEV, QA, staging, production) environment which is consists of web, app, and database servers. I have a couple of suggestions for the Puppet documentation that may save others some time. First, it seems node names MUST be FQDNs (hostname and hostname. will not work). Since we are not using

It appears that --report only works to send reports to puppetmaster. Is there a way or could an option be added to have the puppet client print out it''s report to stdout or stderr, for folks who are using puppet without the puppetmaster/puppetd? Thanks, Abe _______________________________________________ Puppet-users mailing list Puppet-users@madstop.com

In my puppet client I have puppet.conf defined puppet server as mypuppet server = mypuppet.example.net Not sure why the puppet client puppet-test is still sending these noises to the syslog Jun 10 13:36:23 puppet-test puppetd[10863]: [ID 702911 daemon.error] Could not find server : getaddrinfo: node name or service name not known Jun 10 13:36:23 puppet-test puppetd[10863]: [ID 702911

For those of you out there using export/collect (which we really need to come up with a better name for...), can you test the current SVN code? I''m mostly wondering if the performance is any better. To use it, you''ll have to remove your current database, since the database schema is significantly changed. I''m getting what looks like an additional 25% reduction