similar to: CA_Server woes

Displaying 20 results from an estimated 5000 matches similar to: "CA_Server woes"

2008 Jan 02
4
Puppetmaster doesn''t know itself
I restarted puppetmasterd and it announced that the Cert does not match existing key ! [root@puppet ~]# puppetmasterd --verbose --no-daemonize info: Starting server for Puppet version 0.24.1 info: mount[files]: allowing 10.100.0.0/16 access info: mount[files]: allowing *.gridapp.com access info: mount[files]: allowing *.dev.gridapp.com access info: Retrieving existing certificate for
2008 Dec 31
6
tlsv1 alert decrypt error
I''m using the standard webrick server with puppet, and I just started getting this today (for no apparent reason). info: Loading fact custom_facts info: Retrieving plugins err: /File[/var/puppet/lib]: Failed to generate additional resources during transaction: Certificates were not trusted: tlsv1 alert decrypt error err: /File[/var/puppet/lib]: Failed to retrieve current state of
2008 Jan 11
3
Reports emailed to me
Sorry if this is obvious, but how can I have reports emailed to me- I want to know what each puppetd update is changing Thanks --e Eugene Ventimiglia Director of Systems GridApp Systems e: eventi@gridapp.com o: 646 452 4081 _______________________________________________ Puppet-users mailing list Puppet-users@madstop.com https://mail.madstop.com/mailman/listinfo/puppet-users
2008 Dec 04
4
puppetmaster built via puppetd
hi, i''m trying to set up my puppetmaster infrastructure with multiple puppetservers behind load balancers in each of our datacenters. i''m using 0.24.6. i''ve read the howto on puppet scalability, and i think i''ve got the ssl config working correct, but i''m noticing that when puppetd is used to build a puppetmaster, some of the files in $vardir/ ssl
2006 Oct 18
19
Creating client certificates
I testing Puppet 0.19.3. If we decide to use it, we''d deploy it across several thousand hosts. The method described for creating client certificates described in the documentation - running "puppetd --server <server> --waitforcert 60 --test" and "puppetca --sign <client>" - is not practical for our installation. I''ve tried creating
2009 Jun 30
43
Workstations and Certs
I am trying to come up with a workable solution in managing numerous Mac workstations allowing a high degree of flexibility with regards to certs. My puppet environment is setup to application installation on machines that have been ''imaged'' with a base OS and the puppet and facter apps. So, when a Mac is ''imaged'' and subsequently re-booted, puppet is run at
2007 Dec 26
7
Thank you puppet!!
I''ve been hacking at puppet for the past week or two, and came up with some great stuff, but I''m wondering if there''s a way to tie it all together To create a virtual machine for our company''s QA environment, I''m currently doing 3 things: #create a vm node vmsvr2 inherits default { include vmserver vmserver::vm {
2008 Jun 04
1
SSL delegation difficulties
hey all, trying to get SSL cert deligation working based on http://reductivelabs.com/trac/puppet/wiki/PuppetScalability. All of the commands run without any problems, however I''m still not getting it to work. One perplexing thing is openssl reports the cert is okay. # openssl verify -CAfile /var/lib/puppet/ssl/certs/ca.pem /var/lib/puppet/ssl/certs/test1.localdomain.pem
2007 Dec 21
2
Any magic to the name ''memory'' in templates?
I tried using it in a template: <%= memory %> and it put "0" in my file when i switched the variable name to the_memory, it worked Eugene Ventimiglia Director of Systems GridApp Systems e: eventi@gridapp.com o: 646 452 4081 _______________________________________________ Puppet-users mailing list Puppet-users@madstop.com
2010 Jun 03
8
authenticating new nodes that are created by provisioning
Hey Folks, I''m looking at doing automated provisioning of new servers and am trying to integrate puppet into this process. What I''m wondering though is what the best process for securely registering a new node is. At the moment the first time puppet is run I have to then accept the certificate on the puppetmaster and then run puppet again. What I would like to do is accept the
2011 Feb 08
12
multiple puppetmasters (w/ Passenger) behind load balancer
Hello Gang, I''m working on scaling my puppet solution, and I''m deploying multiple masters w/ passenger that are going sit behind a load balancer. If anyone is using these type of setup, would you share how you deal with the SSL certs? I''ve been following Bode''s Blog (http://bodepd.com/wordpress/?p=7), and it''s not working to good for me.
2010 Nov 13
12
certificate verify failed
I am banging my head against the wall for recently built hosts that are unable to verify the server''s certs. The usual is not working. on the puppet agent machine: find /var/lib/puppet/ssl -type f -delete on puppet master: puppetca --clean <new_host_cert> on agent: puppetd --server puppet --waitforcert 2 --no-daemonize -d -o on puppet master: puppetca --sign
2011 Jul 08
2
Puppetmaster setup with separate CA server configuration help
Hi All, I am setting up puppetmaster with nginx and passenger and separating the Puppetmaster primary CA server. I have 3 host loadbalancer01 - Nginx doing LB on IP address and also running puppetmaster with passenger under 127.0.0.1 (port 8140). primaryca - Puppetmaster Primary CA pclient - Puppet Client The did the following steps: On Primary CA server: ---------------------------- cd
2011 Mar 08
22
Force resigning of existing certificates
Is there a way to force the puppetmaster to resign certificates for existing certificates when a new CSR for the same hostname arrives? When we reinstall freshly formatted clients with puppet (with the same hostname) the puppet client complains: err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it
2010 Dec 22
3
Using Puppet's client certificates for Apache, SSLVerifyClient
Hi - I read up on this subject quite a bit, and was able to find a few posts on the mailing list, even found a wiki article. Unfortunately it doesn''t quite address what I''m looking to do. From what I understand, Puppet''s client/server authentication system - using SSL - is portable. I believe that I should be able to use the same SSL certificates and keys (and even
2010 Feb 18
14
Rebuilding machines from foreman
Hello, I ran into this problem today, I am trying to implement "One click installation", I followed foreman howtos and set up the pre-requisites accordingly. However, when I click on "Build" button, I get the following errors in the foreman''s console and another error in the web interface indicating that the installation failed. Any ideas? *"PuppetCA: SSL/CA or
2009 Sep 08
7
Puppetmaster be client of another puppetmaster?
Is is possible to have a puppetmaster that is a client of a different puppetmaster? We manage our customers'' server via puppet, but one customer has a puppetmaster server which looks after their internal systems. We''ve tried the following in /etc/puppet/puppet.conf ("customer" and "us" replacing the domain names) on their puppetmaster: [puppetmasterd]
2008 Jan 08
1
Simple Search and replace on puppetmaster?
Is there any way to do a simple search and replace on the puppetmaster server? I''m passing one IP address for one interface on a box, and attempting to set the second according to a convention we use, so I need something like $eth1_ip = `echo "10.100.6.99" | sed -r -e ''s/\.[0-9]+\.([0-9]+)$/.94.\1/''` # eth1_ip = 10.100.94.99 interface {
2006 Nov 13
7
0.20.1 and sqlite3 error
Hello, I just installed the latest version of puppet and puppetmaster on an up to date RHEL4 system. If I turn on ''storeconfigs'' on the puppetmaster server I get the following error: debug: Calling puppetmaster.getconfigerr: Could not retrieve configuration: Uncaught exception No such file to load -- sqlite3 in method puppetmaster.getconfig I have gems and rails installed
2011 Mar 24
3
err: Could not retrieve catalog from remote server: certificate verify failed
So set up new node, ran on the client puppetd --server puppetmaster --waitforcert 60 --test on the puppetmaster itself I ran puppetca --list saw the hostname and then ran: puppetca --sign hostname.domain.com and on the puppet node itself I went back and ran puppetd -tv and get the following error: err: Could not retrieve catalog from remote server: certificate verify failed warning: Not