similar to: autosign issues

Hello All. I read in an earlier post at http://markmail.org/search/?q=autosign+issues#query:autosign%20issues+page:1+mid:we6jrbn7hdjnhrie+state:results that as of puppet v24.4, autosigning did not support IP addresses. I am running v25.5. Is this still the case? Cheers, David -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To

Hello! The FAQ contains an entry about autosigning: http://reductivelabs.com/trac/puppet/wiki/FrequentlyAskedQuestions#why-shouldn-t-i-use-autosign-for-all-my-clients It says: > The certificate itself is stored, so two nodes could not connect with the same CN I tried this (using 0.25.4), and actually, that doesn''t seem to be correct. I was able to run puppetd on two different

Hi, Can puppet autosign work by giving vlan IP instead of domain? For example, in the autosign.conf file, instead of using *.mydomain.org, I want to give 172.18.133.* But it does not seem to work if I give the IP address. But I don''t want to limit the client from *.mydomain.org by only allow certain vlan client not all the are in the same domain. Thanks, -Haiyan -- You received this

I testing Puppet 0.19.3. If we decide to use it, we''d deploy it across several thousand hosts. The method described for creating client certificates described in the documentation - running "puppetd --server <server> --waitforcert 60 --test" and "puppetca --sign <client>" - is not practical for our installation. I''ve tried creating

I saw this feature became available in 2.7.0rc1 and wanted to try it out. I entered ''allow_duplicate_certs = true'' on both my master and agent systems in the puppet.conf (not sure if its need in both, saw it in genconf for puppetd and puppetmasterd though ...). I also have autosign.conf configured to allow autosigning for our domain (*.domain.com). I had my agent register with

Hi all, I''m trying to set up puppet 0.24.5 using the packages provided for Mandriva 2009.0. After installing the packages and starting the puppetmaster service for the first time, the relevant CA certificates and keys are generated automatically and placed in subdirectories of $ssldir. However, when I then run puppetd on the same machine thus: $ puppetd --server myhost.mydomain

I''m simply trying to run puppet inside a bash script but I''m not seeing any output. #!/bin/bash puppet master --mkusers --autosign --verbose --no-daemonize Is there an I/O redirection incantation I''m missing? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit

Hi, I would like to use Puppet in the cloud (think gogrid) to configure stem images. Virtual machines are created/destroyed on the fly under control of a load monitor. For this reason we cannot sign manually new Puppet clients, instead, we must use Puppet''s autosign feature. At the moment, Puppet just permits to filter client manifest requests with some regex over the hostname of the

Hello, We''ve been running puppet for 5 years until the last week when the certificate on the puppet server is expired. We were looking for a procedure describing how to create a new server certificate without a need to reconfigure certificates on puppet clients (about 100 servers) but we couldn''t find anything regarding this issue within puppet''s documentation. Is

Hi, I''m trying to use Puppet ability to export and collect resources using PuppetDB. My PuppetDB and Puppet Master are running on the same host and I used the PuppetDB puppet module to install PuppetDB and configure the Puppet master. Each time the puppet agent runs on a client, the facts and the catalog are being pushed in PuppetDB and I can query the PuppetDB server to get

hi,guys I''m test the resources export and collect , OS is Debian etch and sarge, puppet server and client version all of the 0.23.2 ; the db is MySQL-4.1 My test code is like this. node ''b'' { @@file {"/tmp/a": ensure => present ,content => "test"; } } node ''a'' { File <<||>> } I run puppetd on

Hi all, I''m doing a new install of my puppet server and I''m doing it like: 1.-) adding epel repo: http://fedoraproject.org/wiki/EPEL/FAQ#howtouse 2.-) yum -y install puppet-server 3.-) rm -rf /etc/puppet 4.-) copy my old puppet conf (from puppet-0.24.5 to 0.24.6) mv /etc/puppet.old /etc/puppet 5.-) start puppetmaster: [gridinstall etc]# /etc/init.d/puppetmaster start

I''m assuming this is possible, but I can''t find a good starting point anywhere, so I''m hoping someone here can help. What I want to do is, somewhere in the cert approval process, run an extra check before saying yes. I have a puppet master running with auto sign turned on, I bring up a puppet agent, it connects, authenticates and all is good. What I''d like

Hi! I''ve installed puppetmaster 2.7.13 on a server with CentOS 6.2 with a rpm supplied by yum.puppetlabs.com. I''ve setup a apache2 vhost with mod_ssl and passenger. The server is configured to autosign the cert requests. The agent installed on the puppetmaster''s server works fine. I''ve a second agent on a server which can sync with the server too. This

Hi, I''m using puppet on EC2 to setup my VMs with the following configuration: # puppetd --version 0.25.5 # uname -a Linux hostname.domain 2.6.16-xenU #1 SMP Mon May 28 03:41:49 SAST 2007 i686 i686 i386 GNU/Linux But I keep facing some timeout from puppetd: warning: peer certificate won''t be verified in this SSL session Exiting; failed to retrieve certificate and waitforcert

Hi, Just wondering if anyone had any similar issues OR idea''s on troubleshooting the following problem. I have a client/node registered to the puppet master and it is working without any issues. On the server I can see it compile the catalog in the logs. However when I run ''puppet cert --list --all'' it is not in the list. Note we use auto signing

I''m a little confused by the configuration reference. Is the following configuration supposed to work in 0.23.2? # $Id$ 2 3 [main] 4 confdir = <%= confdir %> 5 vardir = <%= vardir %> 6 7 rundir = /var/run 8 logdir = /var/log 9 10 ssldir = $vardir/ssl 11 12 [puppetmasterd] 13 manifestdir = $vardir/manifests 14

Hi, I'm trying to create an autosign policy which checks for a custom attribute in the CSR but I'm having some issue with the master not signing the request. My client has the following in /etc/puppet/csr_attributes.yaml custom_attributes: 1.2.840.113549.1.9.7: foo My policy is a simple bash script, in this case checking for foo #!/bin/bash CUSTOM_ATTR=$(echo "$(cat)"

Hi, I''ve setup the puppetmaster to start 5 processes each listening on a different port, with an Apache server in front. This works fine for existing clients, however when I try to add a new client (ie. a newly installed machine with no previous puppet configuration) I get this error: err: Could not request certificate: sslv3 alert handshake failure error Any ideas what''s

Hello, Running into a problem when wanting to daemon-ize the agent. It doesnt seems to do anything: - cannot find any daemon process with (ps aux | grep puppet) - the config is not updated after editing some params on the master - /var/log/puppet stay empty... while, when logged as root, it is working without issue with $puppet agent --test. ##Conf Ubuntu 12.04 Puppet 2.7.11 ## Daemon is