similar to: SSL delegation difficulties

The problem was solved when we moved to an Apache+mongrel setup from the initial webrick setup. Seems that webrick doens''t handle the SSL certs correctly enough to get this type of setup working. .r'' 2008/6/3 RijilV <rijilv@gmail.com>: > hey all, trying to get SSL cert deligation working based on > http://reductivelabs.com/trac/puppet/wiki/PuppetScalability.

hi, i''m trying to set up my puppetmaster infrastructure with multiple puppetservers behind load balancers in each of our datacenters. i''m using 0.24.6. i''ve read the howto on puppet scalability, and i think i''ve got the ssl config working correct, but i''m noticing that when puppetd is used to build a puppetmaster, some of the files in $vardir/ ssl

I''m having difficulty getting my head around some CA issues My client has: [puppetd] ca_server=puppetca.mydomain.com and puppet resolves to a different machine. when puppet connects, it requests a signature from puppetca.mydomain.combut then on the next pass fails with the following: err: Could not retrieve catalog: Certificates were not trusted: SSL_connect returned=1 errno=0

I am working on setting up a Puppet configuration where some of the data is stored on a DRBD volume. The modules and vardir are stored on the drbd volume. The puppet.conf files point to the drbd volume for vardir. I created a cert for a VIP puppet-master using the puppetca -- create command I had everything working on the primary drbd node, but when I fail over, everything starts up fine, but I

Hi, I have a the annoying problem that the puppet master cannot connect to itself. It fails with: puppet# puppetd --test err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read finished A: tlsv1 alert decrypt error History: I have had this problem on our old puppet server: puppet.domain.com. It was annoying but not critical. Recently I built a new

Hi all, following http://reductivelabs.com/trac/puppet/wiki/UsingMongrel it says that hostkey/cert must be owned by puppet:puppet. I tried to keep original path (and also owner) of both files and seems to puppet still works... what problems could it cause to my conf? # grep lib mongrel.conf SSLCertificateFile /var/lib/puppet/ssl/certs/gridinstall.pic.es.pem SSLCertificateKeyFile

Hi, I''m currently trying to debug a performance issue I''m having. Therefore I would need "DEBUG" output. When using one puppetmaster process, this is fairly easy by starting it like this: > puppet master --no-daemonize --debug Now I need to see this debug output when running puppetmaster the way I ususally do - using Apache/Rack/Passenger. After looking

I have tried to setup Apache with passenger to host the puppetmaster but I also want to cache. I have no problems running puppet within Passenger with httpd. I also enabled mod_disk_cache within Apache. However, I still see my puppet client htting the puppetmaster and the puppetmaster compiles the manifest every time. In /var/cache/mod_cache, I can see that the data was properly cached.

Hello Gang, I''m working on scaling my puppet solution, and I''m deploying multiple masters w/ passenger that are going sit behind a load balancer. If anyone is using these type of setup, would you share how you deal with the SSL certs? I''ve been following Bode''s Blog (http://bodepd.com/wordpress/?p=7), and it''s not working to good for me.

Hi! I''ve installed puppetmaster 2.7.13 on a server with CentOS 6.2 with a rpm supplied by yum.puppetlabs.com. I''ve setup a apache2 vhost with mod_ssl and passenger. The server is configured to autosign the cert requests. The agent installed on the puppetmaster''s server works fine. I''ve a second agent on a server which can sync with the server too. This

Hello, I just installed the latest version of puppet and puppetmaster on an up to date RHEL4 system. If I turn on ''storeconfigs'' on the puppetmaster server I get the following error: debug: Calling puppetmaster.getconfigerr: Could not retrieve configuration: Uncaught exception No such file to load -- sqlite3 in method puppetmaster.getconfig I have gems and rails installed

Hi all, I launched a Puppet service a few month ago and it did function pretty well for some time. Last week, I tried to clean old entries but I think I deleted too much information as I can no more synchronize my clients. I get a certificate error : *[root@REBITPUPPET01 ~]# puppet agent --test Warning: Unable to fetch my node definition, but the agent run will continue: Warning: SSL_connect

Hi All, I am setting up puppetmaster with nginx and passenger and separating the Puppetmaster primary CA server. I have 3 host loadbalancer01 - Nginx doing LB on IP address and also running puppetmaster with passenger under 127.0.0.1 (port 8140). primaryca - Puppetmaster Primary CA pclient - Puppet Client The did the following steps: On Primary CA server: ---------------------------- cd

Greetings ... Andrew Bartlett wrote: >> I am posting here, because I believe this a little more technical than >>"I can't get my server work?" ... >> >> > >This is still not the place. Samba technical is not technical >support, it's technical development of Samba. > > Okay, sorry ... done ... Sorry for the long delay, but

I''m running a two headed puppetmaster and have disabled crl''s. Let''s call them the primary and the secondary. The primary and secondary both use the primary as their master. The secondary only is used when the primary isn''t responding (I wrap the puppetd call in cron with a short shell script) I''m managing these ca files on the masters, pushing

Hello, I really didn''t expect this to be difficult, but I''ve been struggling with this all day :( I''m running CentOS 5.3, with rubygems, rack and fastthread, from EPEL. I''m running puppet-0.25.0-1 built from the spec file in the latest stable tarball. I''m using mod_passenger-2.2.5-2.el5 from Jeroen van Meeuwen (kanarip), which is effectively EPEL

Hello, When I kick off SVN1992 with storeconfigs=yes, I get the following error: err: Could not store configs: SQLite3::SQLException: SQL logic error or missing database: INSERT INTO resources ("exported", "line", "title", "host_id", "restype", "source_file_id") VALUES(NULL, 23, ''svnpkgadd-emacs-nox-etc'', NULL, NULL,

Hi, I''ve setup a puppet-3.2.2 master, on a new server, and I''ve updated 1 server (agent) to 3.2.2 as well - and when I run that against the new master (where I''ve copied my /etc/puppet folder over incl. modules etc.), the client removes all facts etc. and does absolutely nothing. I''ve tried to change the manifest - but nothing is done anyways. I''m

Dear experts, Since I''ve moved my *puppetmaster* form SL5 (Scientific Linux) to SL6 with SELinux on, I''m facing loads of trouble. I also move away from WEBrick to apache/passenger, following the instruction here: http://projects.puppetlabs.com/projects/1/wiki/Using_Passenger > and I can''t start httpd any more. It fails with this: Starting httpd: (98)Address

Hi, My puppet master don''t want to start anymore. Any idea ? [root@puppetmaster requests]# puppet master --no-daemonize --debug debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does not exist debug: Puppet::Type::User::ProviderPw: file pw does not exist debug: Puppet::Type::User::ProviderUser_role_add: file rolemod does not exist debug: