Displaying 20 results from an estimated 3000 matches similar to: "CA different than hostname?"
2009 Apr 21
1
realizing virtual ssh_authorized_key
I''m trying to use ssh_authorized_key to manage my user''s ssh keys. I
basically have this (across a couple of files):
class user::virtual {
@user { "seph":
ensure => "present",
uid => "2001",
comment => "seph",
home => "/home/seph",
shell =>
2007 Nov 08
7
Best practice for users/groups on solaris
Hi all, I''m a new puppet user and I''m running into some weirdness
around creating users on solaris. (puppet version 0.23.2)
The virt_all_users way of managing users seems pretty reasonable, but
I don''t see how to deal with user specific groups with that.
I have:
class virt_all_users {
@user { "seph":
ensure => "present",
2007 Mar 29
4
wondershaper and dmzs
I have a pretty simple setup. I''ve got a linux nat box, with some
internal hosts. I''ve also got some servers in a dmz. It looks
something like this:
Internet
|
(external network)
| |
| |
linux dmz
nat hosts
|
2006 Jan 05
5
multiple links and nat
Hi, this might be a dumb question, but I''m not finding much
information online.
I''m trying to setup a 2.6 linux box to run nat across multiple
upstream links as a simple way to aggregate bandwidth. I found the
instructions in lartc section 4.2
(http://lartc.org/howto/lartc.rpdb.multiple-links.html) fairly clear
and straightforward. I implemented those, and a couple of trivial
2009 Jul 30
7
arrays, loops, etc
Inspired by the recent thread titled "Array input of dirs, ensuring
their existence" I thought I''d write up the problem I''m running into. I
was chatting on irc about it, I don''t think puppet has a clean solution.
Like the other poster, I''m defining an object that takes an array. In
my case, I''m defining gpg keystore, which can contain a
2010 Apr 19
7
getting a list of rules out of iptables
I''ve been using camptocamp''s iptables module. It works pretty well, lets
me define rules in various modules, etc. Now I find myself needing to
generate a commented list of it''s rules. I notice that the README has a
nice exec suggestion. But, when I try it, I can''t get it to work.
In my iptables/manifests/init.pp I have:
Iptables {
before =>
2006 Nov 06
1
Bug#397359: pae kernel?
Package: xen-hypervisor-3.0-unstable-1-i386-pae
Version: 3.0-unstable+hg11561-1
It's great having a pae hypervisor packaged for debian, but it'd be a
lot more useful with a pae kernel
seph
2007 Nov 19
4
puppet on fedora 8...
i thought i would run up a fedora 8 installation and take a look around,
my default kickstart installation includes puppet which shouldn''t be a
problem however the puppet client fails with
Certificates were not trusted: hostname was not match with the
server certificate
The cause is obvious, the hostname of my puppetmaster is
''puppet1.mydomain.com'' and
2007 Dec 05
9
machine network interfaces, dhcpd.conf, and zone files
I''m still thinking about how my puppet deployment will go. Right now,
I''m thinking each of my machines will have their network interfaces
defined/configured by puppet. But, I''d like to generate my zone files
and dhcpd.conf from this data as well.
How do people generally do this? I expect I''ll end up generating the
nodes.pp files from some database, but
2011 Feb 08
12
multiple puppetmasters (w/ Passenger) behind load balancer
Hello Gang,
I''m working on scaling my puppet solution, and I''m deploying multiple
masters w/ passenger that are going sit behind a load balancer. If anyone
is using these type of setup, would you share how you deal with the SSL
certs? I''ve been following Bode''s Blog (http://bodepd.com/wordpress/?p=7),
and it''s not working to good for me.
2009 Nov 17
3
SSH Keys
Hi all,
I want to use puppet to distribute keys to multiple users. I wanted
to do something like we have already:
- define a key per real person
- define groups containing several keys, people can be in multiple
groups
- deploy these groups of keys to specific users
however it looks like the ssh_authorized_key resource ties a key and a
user together so it looks like I fall at the first
2011 Jul 08
2
Puppetmaster setup with separate CA server configuration help
Hi All,
I am setting up puppetmaster with nginx and passenger and separating
the Puppetmaster primary CA server. I have 3 host
loadbalancer01 - Nginx doing LB on IP address and also running
puppetmaster with passenger under 127.0.0.1 (port 8140).
primaryca - Puppetmaster Primary CA
pclient - Puppet Client
The did the following steps:
On Primary CA server:
----------------------------
cd
2009 Jun 24
1
puppetrun and certs - CA certdnsnames?
Hi,
I''m rolling out a new Puppet install and am having some problems with
certs. I''ve googled and read the docs but can''t find anything.
Almost all boxes on the network are dual-homed, with a primary network
(VLAN, /27 subnet) for public data and an admin/management network for
backups and other backend stuff. All hosts have a primary interface on
the main network (and
2012 Feb 27
1
Using puppet cert generate on a client -- why doesn't this work?
I''m running a two headed puppetmaster and have disabled crl''s. Let''s
call them the primary and the secondary. The primary and secondary
both use the primary as their master. The secondary only is used when
the primary isn''t responding (I wrap the puppetd call in cron with a
short shell script)
I''m managing these ca files on the masters, pushing
2011 Jan 18
3
Failed SSL with CNAME'd puppetserver
Hi, suppose puppet-old.domain is a CNAME pointing to puppet-new.domain,
and puppet-new.domain is running Apache (for SSL) with mod_proxy_balancer
to balance over some 10 puppetmaster processes. The configured
SSLCertificateFile in Apache is that of puppet-new.domain
How do I get a node to stop complaining when connecting to
puppet-old.domain (ending up at puppet-new.domain through the CNAME)?
2011 Apr 06
4
SSL issues: Separate CA, multiple load balanced masters
Hi,
I''ve been at it for about 4 days now and I just can''t figure it out.
I''m getting the following error when running puppet agent on my
masters: SSL_connect returned=1 errno=0 state=SSLv3 read server
certificate B: certificate verify failed
At startup, I''m running ntpdate (I''ve read in a lot of places that
this error occurs when date between servers
2007 Nov 11
4
puppetrun fails: "Certificates were not trusted"
Hello all,
I''ve tried to run ''puppetrun'', but there seems something unconfigured regarding the certificates. The reverse way (puppetd pulls the config from puppetmasterd) works fine.
The namespaceauth.conf on the client (where puppetd runs) is configured as follows:
[puppetrunner]
allow *.abc.net
(also tried the calling host: puppet1.abc.net)
But when I call
2012 Aug 21
3
mcollective getaddrinfo: Name or service not known
I''m getting these errors when running ''puppet agent --test'' after doing a
new installation of an agent:
err:
/Stage[main]/Pe_mcollective::Plugins/File[/opt/puppet/libexec/mcollective/mcollective/security/sshkey.rb]/content:
change from {md5}512f42272699eaa085c83d2cc67c27ea to
{md5}8fa3e9125fd917948445e3d2621d40e5 failed: Could not back up
2012 Mar 21
4
PE - installation error
Hi,
I am trying to install puppet enterprise on a fresh Debian Squeeze
machine, but I am getting an error midway with no information on what
went wrong. How do I troubleshoot or look for more debugging
information?
This is what the screen output for installation is:
thanks for your help in advance!
Setting up pe-rubygem-fog (1.0.0e-1puppet2) ...
Setting up pe-cloud-provisioner (1.0.1-puppet1)
2011 Oct 24
3
Important Security Announcement: AltNames Vulnerability [new version of puppet]
We have discovered a security vulnerability (“AltNames Vulnerability”)
whereby a malicious attacker can impersonate the Puppet master using
credentials from a Puppet agent node. This vulnerability cannot cross
Puppet deployments, but it can allow an attacker with elevated
privileges on one Puppet-managed node to gain control of any other
Puppet-managed node within the same infrastructure.
All