similar to: SSL delegation difficulties

The problem was solved when we moved to an Apache+mongrel setup from the initial webrick setup. Seems that webrick doens''t handle the SSL certs correctly enough to get this type of setup working. .r'' 2008/6/3 RijilV <rijilv@gmail.com>: > hey all, trying to get SSL cert deligation working based on > http://reductivelabs.com/trac/puppet/wiki/PuppetScalability.

hi, i''m trying to set up my puppetmaster infrastructure with multiple puppetservers behind load balancers in each of our datacenters. i''m using 0.24.6. i''ve read the howto on puppet scalability, and i think i''ve got the ssl config working correct, but i''m noticing that when puppetd is used to build a puppetmaster, some of the files in $vardir/ ssl

I am working on setting up a Puppet configuration where some of the data is stored on a DRBD volume. The modules and vardir are stored on the drbd volume. The puppet.conf files point to the drbd volume for vardir. I created a cert for a VIP puppet-master using the puppetca -- create command I had everything working on the primary drbd node, but when I fail over, everything starts up fine, but I

I''m having difficulty getting my head around some CA issues My client has: [puppetd] ca_server=puppetca.mydomain.com and puppet resolves to a different machine. when puppet connects, it requests a signature from puppetca.mydomain.combut then on the next pass fails with the following: err: Could not retrieve catalog: Certificates were not trusted: SSL_connect returned=1 errno=0

Hi, I have a the annoying problem that the puppet master cannot connect to itself. It fails with: puppet# puppetd --test err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read finished A: tlsv1 alert decrypt error History: I have had this problem on our old puppet server: puppet.domain.com. It was annoying but not critical. Recently I built a new

Hi all, following http://reductivelabs.com/trac/puppet/wiki/UsingMongrel it says that hostkey/cert must be owned by puppet:puppet. I tried to keep original path (and also owner) of both files and seems to puppet still works... what problems could it cause to my conf? # grep lib mongrel.conf SSLCertificateFile /var/lib/puppet/ssl/certs/gridinstall.pic.es.pem SSLCertificateKeyFile

Hi, I''m currently trying to debug a performance issue I''m having. Therefore I would need "DEBUG" output. When using one puppetmaster process, this is fairly easy by starting it like this: > puppet master --no-daemonize --debug Now I need to see this debug output when running puppetmaster the way I ususally do - using Apache/Rack/Passenger. After looking

Hello Gang, I''m working on scaling my puppet solution, and I''m deploying multiple masters w/ passenger that are going sit behind a load balancer. If anyone is using these type of setup, would you share how you deal with the SSL certs? I''ve been following Bode''s Blog (http://bodepd.com/wordpress/?p=7), and it''s not working to good for me.

Hi! I''ve installed puppetmaster 2.7.13 on a server with CentOS 6.2 with a rpm supplied by yum.puppetlabs.com. I''ve setup a apache2 vhost with mod_ssl and passenger. The server is configured to autosign the cert requests. The agent installed on the puppetmaster''s server works fine. I''ve a second agent on a server which can sync with the server too. This

I have tried to setup Apache with passenger to host the puppetmaster but I also want to cache. I have no problems running puppet within Passenger with httpd. I also enabled mod_disk_cache within Apache. However, I still see my puppet client htting the puppetmaster and the puppetmaster compiles the manifest every time. In /var/cache/mod_cache, I can see that the data was properly cached.

Hello, I really didn''t expect this to be difficult, but I''ve been struggling with this all day :( I''m running CentOS 5.3, with rubygems, rack and fastthread, from EPEL. I''m running puppet-0.25.0-1 built from the spec file in the latest stable tarball. I''m using mod_passenger-2.2.5-2.el5 from Jeroen van Meeuwen (kanarip), which is effectively EPEL

Hi all, I have experience using puppet, however I am new to setting puppet up as it was already done for me in past environments. I am running into an issue while trying to set puppet up for the first time on RHEL 6.4. I was hoping y''all might be able to help me! I get the following error from the puppet client''s /var/log/messages log: May 30 07:06:30 pclient

Greetings ... Andrew Bartlett wrote: >> I am posting here, because I believe this a little more technical than >>"I can't get my server work?" ... >> >> > >This is still not the place. Samba technical is not technical >support, it's technical development of Samba. > > Okay, sorry ... done ... Sorry for the long delay, but

Hi all, I launched a Puppet service a few month ago and it did function pretty well for some time. Last week, I tried to clean old entries but I think I deleted too much information as I can no more synchronize my clients. I get a certificate error : *[root@REBITPUPPET01 ~]# puppet agent --test Warning: Unable to fetch my node definition, but the agent run will continue: Warning: SSL_connect

Hello, I just installed the latest version of puppet and puppetmaster on an up to date RHEL4 system. If I turn on ''storeconfigs'' on the puppetmaster server I get the following error: debug: Calling puppetmaster.getconfigerr: Could not retrieve configuration: Uncaught exception No such file to load -- sqlite3 in method puppetmaster.getconfig I have gems and rails installed

Hi All, I am setting up puppetmaster with nginx and passenger and separating the Puppetmaster primary CA server. I have 3 host loadbalancer01 - Nginx doing LB on IP address and also running puppetmaster with passenger under 127.0.0.1 (port 8140). primaryca - Puppetmaster Primary CA pclient - Puppet Client The did the following steps: On Primary CA server: ---------------------------- cd

I''m running a two headed puppetmaster and have disabled crl''s. Let''s call them the primary and the secondary. The primary and secondary both use the primary as their master. The secondary only is used when the primary isn''t responding (I wrap the puppetd call in cron with a short shell script) I''m managing these ca files on the masters, pushing

I downloaded the puppet-dashboard.git from http://github.com/puppetlabs/puppet-dashboard and did the installation in my ubuntu lucid puppet server following the steps in "Installation". Now I can run it fine using the WEBrick like this root@sys-ubuntu { ~/git/puppet-dashboard }$ ./script/server -e production => Booting WEBrick => Rails 2.3.5 application starting on

Hi, It seems that webrick cannot handle too much client and that luke is making mongrel the ''default'' server to use so i wanted to switch to mongrel. Then i read that i cannot use directly mongrel like webrick because it does not speak SSL. So my issue is : how to be sure things stay secure in the way that the proxy should be the one speaking ssl and making client ssl

I am getting all these messages when run `passenger-status''. Do I need to worry about this? I am using passenger 2.2.2 with puppet 0.24.8 and apache2 on ubuntu 9.04. I installed it using the wiki http://reductivelabs.com/trac/puppet/wiki/UsingPassenger Thread ''Main thread'': in ''int Server::start()'' (ApplicationPoolServerExecutable.cpp:553)