similar to: using puppetmaster with SSL/TLS LDAP server?

Hello, i have a couple of VLAN where each has its own subnet, now I would like to use one puppetserver for all these machines. the puppetserver has a DNS entry for each subnet and its own IP-Address VLAN 1: puppet-vm1.domain1 172.1.0.1/255.255.255.0 VLAN 2: puppet-vm1.domain2 172.1.1.1/255.255.255.0 ..... the hostname of the puppetserver is puppet-vm1.domain0, puppet created a

Hi, I''m trying to develop a manifest to setup a new puppet master. To solve the SSL certificates I''ve created a root CA outside of puppet, and have generated an intermediate CA for the new puppet master to use. I''ve also configured my puppetmaster daemon to use it''s own ssl directory. So the new puppetmaster is at the same time a client of the old puppet

Hi appreciate your help. I am new to puppet. I have taken over a system. Running Debian v4.0 Puppetmaster & puppet v0.20.1-1 I keep getting the following error from puppetmaster Could not connect to LDAP: Can''t contact LDAP server. Please advise me how to analyse and work through this problem. Thanks John --~--~---------~--~----~------------~-------~--~----~ You received this

I am at the end of my rope here so I pray to the gods that puppet-users can help. Using Debian apt-get install puppetmaster-passenger you get a fairly complete puppetmaster setup. I have the Pro Puppet book next to me and following Chapter 4 on setting up Puppet with Passenger I can see that apt has already done most of the ground work. For example the config.ru script is owned by puppet,

Is is possible to have a puppetmaster that is a client of a different puppetmaster? We manage our customers'' server via puppet, but one customer has a puppetmaster server which looks after their internal systems. We''ve tried the following in /etc/puppet/puppet.conf ("customer" and "us" replacing the domain names) on their puppetmaster: [puppetmasterd]

Hi All, I am setting up puppetmaster with nginx and passenger and separating the Puppetmaster primary CA server. I have 3 host loadbalancer01 - Nginx doing LB on IP address and also running puppetmaster with passenger under 127.0.0.1 (port 8140). primaryca - Puppetmaster Primary CA pclient - Puppet Client The did the following steps: On Primary CA server: ---------------------------- cd

Unfortunately I haven''t been able to find anything in the docs... I just built a new puppetmaster to replace my testing install on an old box. The hostname is different, and obviously the master certificates are different. What needs to be done to the clients to get them to play nice with the new box? Thanks, Jason Antman --~--~---------~--~----~------------~-------~--~----~ You

Hi- I recently upgrade from 0.24 to 0.25. In my 0.24 config, I had LDAP working such that Puppet was matching nodes in my directory to determine what classes to apply. I upgraded to 0.25 and this stopped working. I do not even see attempts from the Puppetmaster to search the directory (i.e., no connections to the ldap server). I *did* update the puppetmasterd conf, adding the variable

(I know more questions... :-)) I know the default for puppetd is to check puppetmasterd every half hour, but my question does each puppetd check at the same time? Or does it depend when puppetd is started or like a cronjob does it run at the 1/2 hour and hour mark? Is there some randomness to the times they run? My point is if they all run at the same time then if you have a large amount of

Hi, I''m trying to do ssl offload on amazon ELB for my puppetmaster servers, it seems amazon ELB is not sending ssl_client_header & client_verify_header puppetmaster Listen 8141 <VirtualHost *:8141> SSLEngine off DocumentRoot /etc/puppet/rack/puppetmaster_8141/public/ RackBaseURI / <Directory /etc/puppet/rack/puppetmaster_8141/> PassengerEnabled on

Hi, We have a couple of puppet clients we can''t reach after installation, is there a way to accept the client certificates when the certificates are lost on the master site? If that''s not possible what part of the certificates on the master need to be in the backup to restore connectivity? Or is there a better way for a fail safe mechanism? Thanks, Paul. -- You received this

Hello List, I have a problem with the CA on my Puppetmaster. This Puppetmaster is connected to different Networks with different sub domainnames. The Puppet clients connecting via different Interfaces. There is no routing between subnets. Only one subnet can connect successfully. This is because the subject in the Certificate is the name of this subnet. All other clients get: Could not

I am working on setting up a Puppet configuration where some of the data is stored on a DRBD volume. The modules and vardir are stored on the drbd volume. The puppet.conf files point to the drbd volume for vardir. I created a cert for a VIP puppet-master using the puppetca -- create command I had everything working on the primary drbd node, but when I fail over, everything starts up fine, but I

I''m having an issue with the default puppet.conf distributed with puppet 2.6.4 (FreeBSD port). I''ve reproduced the problem with a completely fresh install on a completely fresh OS in a VM. Under these conditions, running puppetmaster with no config is fine, but simply moving the puppet.conf-dist file to puppet.conf causes the following errors on console: Performing sanity

Hello... I started testing puppet 0.25.x on my puppetmaster (RH 5.4 x64_64). I first tried 0.25.1 from EPEL testing, then 0.25.2rc1. I am using apache/mongrel with 10 ports. My puppetmaster configs are in /srv/puppet not /var/puppet. When starting puppetmaster I get the following errors: Port: 18140Could not prepare for execution: Got 1 failure(s) while initializing: change from directory

I''m getting certificate errors when I attempt to run puppetd on the puppetmaster. As near as I can tell, this is because I''m using the same puppet.conf for both puppetd and puppetmasterd; but puppetmaster runs as user "puppet" and puppetd runs as user "root", yet both expect the certificates to be readable and chmod 600. I tried telling puppetd to use

I''m trying to load balance multiple puppetmasters using apache and passenger as described in James''s book. Was able to get a single passenger server installation to work correctly. When I configure the frontend load balancer and backend workers, the backend workers does not authenticate even though I am passing the headers to it. curl -v -H "Accept: pson, yaml" \

Hey Guys, So i have puppetmaster running and well. I have a few questions 1) Even though i followed instructions on http://projects.puppetlabs.com/projects/1/wiki/Using_Mongrel on using Mongrel, puppetmaster is probably still using webrick since the client connection timeout still occurs. How do i make it use mongrel? 2) Now after messing a little with /etc/sysconfig/puppetmaster i increased

Hi, I''m currently trying to debug a performance issue I''m having. Therefore I would need "DEBUG" output. When using one puppetmaster process, this is fairly easy by starting it like this: > puppet master --no-daemonize --debug Now I need to see this debug output when running puppetmaster the way I ususally do - using Apache/Rack/Passenger. After looking

hey all, trying to get SSL cert deligation working based on http://reductivelabs.com/trac/puppet/wiki/PuppetScalability. All of the commands run without any problems, however I''m still not getting it to work. One perplexing thing is openssl reports the cert is okay. # openssl verify -CAfile /var/lib/puppet/ssl/certs/ca.pem /var/lib/puppet/ssl/certs/test1.localdomain.pem