similar to: CA_Server woes

I restarted puppetmasterd and it announced that the Cert does not match existing key ! [root@puppet ~]# puppetmasterd --verbose --no-daemonize info: Starting server for Puppet version 0.24.1 info: mount[files]: allowing 10.100.0.0/16 access info: mount[files]: allowing *.gridapp.com access info: mount[files]: allowing *.dev.gridapp.com access info: Retrieving existing certificate for

I''m using the standard webrick server with puppet, and I just started getting this today (for no apparent reason). info: Loading fact custom_facts info: Retrieving plugins err: /File[/var/puppet/lib]: Failed to generate additional resources during transaction: Certificates were not trusted: tlsv1 alert decrypt error err: /File[/var/puppet/lib]: Failed to retrieve current state of

Sorry if this is obvious, but how can I have reports emailed to me- I want to know what each puppetd update is changing Thanks --e Eugene Ventimiglia Director of Systems GridApp Systems e: eventi@gridapp.com o: 646 452 4081 _______________________________________________ Puppet-users mailing list Puppet-users@madstop.com https://mail.madstop.com/mailman/listinfo/puppet-users

hi, i''m trying to set up my puppetmaster infrastructure with multiple puppetservers behind load balancers in each of our datacenters. i''m using 0.24.6. i''ve read the howto on puppet scalability, and i think i''ve got the ssl config working correct, but i''m noticing that when puppetd is used to build a puppetmaster, some of the files in $vardir/ ssl

I testing Puppet 0.19.3. If we decide to use it, we''d deploy it across several thousand hosts. The method described for creating client certificates described in the documentation - running "puppetd --server <server> --waitforcert 60 --test" and "puppetca --sign <client>" - is not practical for our installation. I''ve tried creating

I am trying to come up with a workable solution in managing numerous Mac workstations allowing a high degree of flexibility with regards to certs. My puppet environment is setup to application installation on machines that have been ''imaged'' with a base OS and the puppet and facter apps. So, when a Mac is ''imaged'' and subsequently re-booted, puppet is run at

I''ve been hacking at puppet for the past week or two, and came up with some great stuff, but I''m wondering if there''s a way to tie it all together To create a virtual machine for our company''s QA environment, I''m currently doing 3 things: #create a vm node vmsvr2 inherits default { include vmserver vmserver::vm {

hey all, trying to get SSL cert deligation working based on http://reductivelabs.com/trac/puppet/wiki/PuppetScalability. All of the commands run without any problems, however I''m still not getting it to work. One perplexing thing is openssl reports the cert is okay. # openssl verify -CAfile /var/lib/puppet/ssl/certs/ca.pem /var/lib/puppet/ssl/certs/test1.localdomain.pem

I tried using it in a template: <%= memory %> and it put "0" in my file when i switched the variable name to the_memory, it worked Eugene Ventimiglia Director of Systems GridApp Systems e: eventi@gridapp.com o: 646 452 4081 _______________________________________________ Puppet-users mailing list Puppet-users@madstop.com

Hey Folks, I''m looking at doing automated provisioning of new servers and am trying to integrate puppet into this process. What I''m wondering though is what the best process for securely registering a new node is. At the moment the first time puppet is run I have to then accept the certificate on the puppetmaster and then run puppet again. What I would like to do is accept the

Hello Gang, I''m working on scaling my puppet solution, and I''m deploying multiple masters w/ passenger that are going sit behind a load balancer. If anyone is using these type of setup, would you share how you deal with the SSL certs? I''ve been following Bode''s Blog (http://bodepd.com/wordpress/?p=7), and it''s not working to good for me.

I am banging my head against the wall for recently built hosts that are unable to verify the server''s certs. The usual is not working. on the puppet agent machine: find /var/lib/puppet/ssl -type f -delete on puppet master: puppetca --clean <new_host_cert> on agent: puppetd --server puppet --waitforcert 2 --no-daemonize -d -o on puppet master: puppetca --sign

Hi All, I am setting up puppetmaster with nginx and passenger and separating the Puppetmaster primary CA server. I have 3 host loadbalancer01 - Nginx doing LB on IP address and also running puppetmaster with passenger under 127.0.0.1 (port 8140). primaryca - Puppetmaster Primary CA pclient - Puppet Client The did the following steps: On Primary CA server: ---------------------------- cd

Is there a way to force the puppetmaster to resign certificates for existing certificates when a new CSR for the same hostname arrives? When we reinstall freshly formatted clients with puppet (with the same hostname) the puppet client complains: err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it

Hi - I read up on this subject quite a bit, and was able to find a few posts on the mailing list, even found a wiki article. Unfortunately it doesn''t quite address what I''m looking to do. From what I understand, Puppet''s client/server authentication system - using SSL - is portable. I believe that I should be able to use the same SSL certificates and keys (and even

Hello, I ran into this problem today, I am trying to implement "One click installation", I followed foreman howtos and set up the pre-requisites accordingly. However, when I click on "Build" button, I get the following errors in the foreman''s console and another error in the web interface indicating that the installation failed. Any ideas? *"PuppetCA: SSL/CA or

Is is possible to have a puppetmaster that is a client of a different puppetmaster? We manage our customers'' server via puppet, but one customer has a puppetmaster server which looks after their internal systems. We''ve tried the following in /etc/puppet/puppet.conf ("customer" and "us" replacing the domain names) on their puppetmaster: [puppetmasterd]

Is there any way to do a simple search and replace on the puppetmaster server? I''m passing one IP address for one interface on a box, and attempting to set the second according to a convention we use, so I need something like $eth1_ip = `echo "10.100.6.99" | sed -r -e ''s/\.[0-9]+\.([0-9]+)$/.94.\1/''` # eth1_ip = 10.100.94.99 interface {

Hello, I just installed the latest version of puppet and puppetmaster on an up to date RHEL4 system. If I turn on ''storeconfigs'' on the puppetmaster server I get the following error: debug: Calling puppetmaster.getconfigerr: Could not retrieve configuration: Uncaught exception No such file to load -- sqlite3 in method puppetmaster.getconfig I have gems and rails installed

So set up new node, ran on the client puppetd --server puppetmaster --waitforcert 60 --test on the puppetmaster itself I ran puppetca --list saw the hostname and then ran: puppetca --sign hostname.domain.com and on the puppet node itself I went back and ran puppetd -tv and get the following error: err: Could not retrieve catalog from remote server: certificate verify failed warning: Not