similar to: puppetca and openvpn ...

I am using Puppet 0.23.2 I am trying to add a new client -- v26.domain.com This is what I am doing from client side - v26.doamin.com #puppetd --test info: Creating a new certificate request for v26.domain.com info: Creating a new SSL key at /var/lib/puppet/ssl/private_keys/v26.domain.com.pem warning: peer certificate won''t be verified in this SSL session. notice: No

Hello I have a puppetmasterd installation running on a Mac OS X 10.6.3 Server with puppet installed via macports. Earlier today it was happily signing requests, before I upgraded puppet from 0.24.8 to 0.25.4. Now I get "Invalid argument": bash-3.2# puppetca --sign bouti.carbonplanet.com bouti.carbonplanet.com err: Could not call sign: Invalid argument The only mention I can find on

Currently the puppetca CA password is set to ''secret'' How would one go about changing it? I agree with puppetlabs documentation that you should be an SSL expert to implement your own CA. I am not. However I would like to use puppet''s CA PKI infrastructure with ActiveMQ over TLS and it is seems logical to use puppet''s KPI with this for mcollective and

Hi all puppet-Users, i try to get my first puppet installation up and running. (puppet-0.24.5, ruby-1.8.5) everything works as expected witch puppetmasterd + puppetd on the same machine. but i''ve problems connecting to the puppet-server from any client host. all i get is the error ------------ debug: Calling puppetca.getcert err: Could not call puppetca.getcert:

Hi @all, i have a foreman-proxy server, build from scratch, works fine and i can build unattended hosts. I don''t want to configure all my foreman-proxys manually, so i build them in puppet, and only setup the OS (SL) and basic puppet config manually. I can run the puppet configuration sucsessfully, my config is exactly what i want, but i am unable to build unattended hosts anymore,

Greetings! As you undoubtedly know, the fixes for CVE 2007-5162 in ruby break installations where puppetca has created certificates with a CommonName different from the server's real hostname. The Puppet clients quite correctly complains about hostname mismatch. A number of better and worse solutions have been suggested for this problem, especially in ticket #896. IMHO, there are two good

Hello, Puppet client is receiving the 500 error when trying to talk to the puppetmaster server. Apache error log on the server shows -> Could not prepare for execution: Got 1 failure(s) while initializing: change from absent to file failed: Could not set ''file on ensure: Permission denied - /var/lib/puppet/log/masterhttp.log Permissions on this file are open and the file is owned

All, I have --confdir=/etc/puppet/common in my /etc/init.d/puppetmaster and /etc/init.d/puppet files, vardir set to /var/lib/puppet in /etc/puppet/common/puppet.conf, and yet, every time I run puppetca it creates /etc/puppet/ssl. Anyone know why? Doug. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email

Hi - I a ran puppetd -vt against a brand newly build host (which is what I normally do for a new host) and got the usual message: err: No certificate; running with reduced functionality. info: Creating a new certificate request for sega-dev-1. info: Requesting certificate On the puppetmaster, I then list the waiting host with: puppetca --list then sign the key. In this case, I decided that the

Hello folks, I am getting this error on one of the clients, here''s all of the output. It was working on this client and today it stopped working. I cleaned the cert for this client puppetmaster by "puppetca --clean host.domain.com" and I removed the "/var/lib/puppet/ssl" directory so it would get new certs. But I still keep getting the same error as below. I have other

Started the discussion in puppet users mailing list based on recommendation from luke. This discussion is to a follow up regarding bug#1955 "Could not find server puppet" - installation/configuration error". jamtur01''s last recommendation: Rather than renaming things try the certname option (see http://reductivelabs.com/trac/puppet/wiki/ConfigurationReference). But

Hi All, I am setting up puppetmaster with nginx and passenger and separating the Puppetmaster primary CA server. I have 3 host loadbalancer01 - Nginx doing LB on IP address and also running puppetmaster with passenger under 127.0.0.1 (port 8140). primaryca - Puppetmaster Primary CA pclient - Puppet Client The did the following steps: On Primary CA server: ---------------------------- cd

I restarted puppetmasterd and it announced that the Cert does not match existing key ! [root@puppet ~]# puppetmasterd --verbose --no-daemonize info: Starting server for Puppet version 0.24.1 info: mount[files]: allowing 10.100.0.0/16 access info: mount[files]: allowing *.gridapp.com access info: mount[files]: allowing *.dev.gridapp.com access info: Retrieving existing certificate for

This is causing me to --clean the first key, and --sign again after the second run of puppetd --test First Run: [root@asmc1n2 ~]# puppetd --test warning: peer certificate won''t be verified in this SSL session. info: Creating a new certificate request for asmc1n2.dev.gridapp.com info: Creating a new SSL key at /var/lib/puppet/ssl/private_keys/asmc1n2.dev.gridapp.com.pem ... Second

I am at the end of my rope here so I pray to the gods that puppet-users can help. Using Debian apt-get install puppetmaster-passenger you get a fairly complete puppetmaster setup. I have the Pro Puppet book next to me and following Chapter 4 on setting up Puppet with Passenger I can see that apt has already done most of the ground work. For example the config.ru script is owned by puppet,

Can someone, anyone, help me understand what it takes -- if indeed it''s even possible -- to use a custom CA with puppetmasterd. Such that, for every client it signs, the cert for that client actually says something meaningful about my organization, and was ultimately signed by our own root CA. I made a valid sub-CA for my puppet server, signed by my organization''s root CA. I

Bunch of weird stuff after a power failure here this morning. One of my virtual servers, managed through puppet, seems to not be talking to the master any more. And I can''t get it to reconnect. I did puppetca --clean on the master, cleaned off certs on the client, started puppetd manually on the client, and got this: sh-3.2# rm -rf /var/lib/puppet/ssl/ sh-3.2# puppetd --server

Hello Puppet Users, I have encountered an interaction problem between the Puppet CA and Apache mod_ssl, when the Puppet CA configuration files are moved. By default Puppet CA and the Puppet client share the same location for their configuration files, $vardir/ssl. If this is changed so that they use different directories, and Apache mod_ssl is being used like in the Mongrel configuration, then

Hello, I try to install puppet on freebsd 6.X. All is well but i cannot get the certificte to install and be recognized. I run .19.3. I run the puppetd --test --waitforcert 60 then sign and then i got: err: No certificate; running with reduced functionality. info: Creating a new SSL key at /usr/local/.aqadmin/puppet/conf/ssl/private_keys/xxxxxxxxxxxxxx.pem info: Creating a new certificate

When I use the latest puppet 0.25.1 I got the same problem. This is what I do: 0. Install the Ubuntu 8.04 server with ssh, ruby, rdoc, libopenssl- ruby and git-core (which gets removed after clone). 1. Install the latest puppet from git repositories on both machines using git clone «git clone git://github.com/reductivelabs/puppet» and «git clone git://github.com/reductivelabs/facter» 2. Install it