similar to: Template variable "hostname" not working with certname= parameter?

I''m having a heck of a time trying to fix #1178, which is a problem related to inconsistent node names, and it all stems from the ''node_name'' setting. In the default setup, your certificate gets created with your host''s fully qualified node name, and Puppet uses the value from the certificate for everything. In addition, there''s a setting,

Hi, I am using the cloud provisioner to bootstrap some ec2 nodes, and these clients are signed using a randomly generated certname, which is put in /etc/puppet.conf at the bootstrap time (eg certname = d7bcd693-73fd-495f-0876-ff91ea11111e). But my puppet code repo also manages the puppet.conf file, so the file will be overwritten on the client at the first puppet run. Nevertheless, i should not

Hi guys, I have a box that needs to identify itself to the puppetmaster as something different from the FQDN. I added certname to the agent configuration before the first run, but it doesn''t seem to be sufficient. The certificate was generated for the FQDN, and the host appears in the dashboard as the FQDN, and the node name used to evaluate the manifest is also the FQDN. I would

I want to manage my puppet.conf files on every node, via a puppet module on the puppetmaster. However, in puppet.conf on each of my nodes, I also *must* specify the certname attribute. (This is because my company''s NIS domain doesn''t match it''s DNS domain and the fqdn comes out erroneous unless I enforce the DNS name with the certname attribute.) Does anyone know how

Hello Gang, I''m working on scaling my puppet solution, and I''m deploying multiple masters w/ passenger that are going sit behind a load balancer. If anyone is using these type of setup, would you share how you deal with the SSL certs? I''ve been following Bode''s Blog (http://bodepd.com/wordpress/?p=7), and it''s not working to good for me.

When I try to connect to my new puppet master, I get an error because of a self-signed certificate: ---snip--- # puppet agent --test --noop Warning: Unable to fetch my node definition, but the agent run will continue: Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA:

hi, i''m trying to set up my puppetmaster infrastructure with multiple puppetservers behind load balancers in each of our datacenters. i''m using 0.24.6. i''ve read the howto on puppet scalability, and i think i''ve got the ssl config working correct, but i''m noticing that when puppetd is used to build a puppetmaster, some of the files in $vardir/ ssl

Hi, I have a puppetmaster - agent architecture. I have a module for the vsftpd configuracion in the agents. The configuration of the value ''max_per_ip'' in the agents may vary. This is a line of the manifest: $max_per_ip = hiera(''max_per_ip'',10) I want to specify different values for each agent using hiera. The problem is I am only able to specify the

Hi all, I ran into the following problem: Until now, i used fqdn as certname (i.e. had no certname defined in puppet.conf, so defaults applied) and everything worked fine. However, I wanted to use tthe short hostname as certname, so I redeployed the puppet.conf file, re-generated the certificates and signed them, and removed the old certificates from the master. Now I have the following status:

I am trying to come up with a workable solution in managing numerous Mac workstations allowing a high degree of flexibility with regards to certs. My puppet environment is setup to application installation on machines that have been ''imaged'' with a base OS and the puppet and facter apps. So, when a Mac is ''imaged'' and subsequently re-booted, puppet is run at

I am having SSL difficulties setting up a new puppet client: Client: fedora (rawhide) using 0.23.2 Server: centos 4.4 using 0.22.3 After initiating contact with puppetd --test --server=puppet.myclient.com, I see the CSR on the server. After signing it, and running puppet again, I get the signed certificate, but also see: err: Could not retrieve configuration: Certificates were not trusted:

Hi all I''m trying to set up a separate puppet master and client on EC2. I''ve used two instances of CentOS5.4 with nothing other than the base install and have installed puppet via the ruby gems. Puppet is at 2.6.4 on both machines. I''ve been following the guide to get a basic configuration working (http://docs.puppetlabs.com/guides/configuring.html) with a little tweak

Hello, Running into a problem when wanting to daemon-ize the agent. It doesnt seems to do anything: - cannot find any daemon process with (ps aux | grep puppet) - the config is not updated after editing some params on the master - /var/log/puppet stay empty... while, when logged as root, it is working without issue with $puppet agent --test. ##Conf Ubuntu 12.04 Puppet 2.7.11 ## Daemon is

Hello, Let''s consider the scenario when a client node in a puppet environment gets compromised. In case some of the puppet modules make decisions based on agent facts, these modules are potentially exposed to abuse from the malicious puppet agent. For example, if a class has: if $some_fact == ''some value'' { # deploy some configuration } then the compromised node

Hi Everyone, I am using Puppet 2.6.5 to configure fresh VMs. These VMs have their hostname set to localhost.localdomain initially at boot-time. There is this script file that runs in rc.local and this is what I do inside it 1. I change the hostname from localhost to xxx.xxxxxx using the hostname command. 2. start the puppet agent as /usr/sbin/puppetd --certname=xxx.xxxxxx

1. I get the following error when I run “puppet device’ err: Could not request certificate: Could not write /var/opt/lib/pe-puppet/devices/certname/ssl/private_keys/certname.pem to privatekeydir: Permission denied - /var/opt/lib/pe-puppet/devices/certname/ssl/private_keys/certname.pem Any thought? Thanks, -- You received this message because you are subscribed to the Google Groups

All- Poking around in the bug database it looks like storeconfigs is being actively worked on. I am using 2.7.6 on my master as well as all the clients. I have clients boot , start puppet and get a signed cert via auto signing. The nagios module (and currently the only thing puppet does) complains a lot during compile time about not having storeconfigs enabled, which is not the case in my

Is there a way to force the puppetmaster to resign certificates for existing certificates when a new CSR for the same hostname arrives? When we reinstall freshly formatted clients with puppet (with the same hostname) the puppet client complains: err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it

Hi Everybody, I have a puppet setup working, but run into issue, which couldn''t figure out how to solve. Say I have puppet agent generated certificate and signed it on puppet master. If somehow puppet agent''s hostname has been changed it will stop communication with puppet master. I would like to know if there is a way to be able to change hostname of puppet agent, without

I''d like to extend my use of puppet to manage my desktop/notebook macs. As others have noted, the hostname of the mobile machines tends to change frequently, so basing the node name (in my site.pp) and the corresponding cert and private key names seems to be an issue. I seem to recall somewhat talking about this at Puppet Camp last week….. Generally my signing strategy is always to