similar to: CA different than hostname?

Displaying 20 results from an estimated 3000 matches similar to: "CA different than hostname?"

2009 Apr 21
1
realizing virtual ssh_authorized_key
I''m trying to use ssh_authorized_key to manage my user''s ssh keys. I basically have this (across a couple of files): class user::virtual { @user { "seph": ensure => "present", uid => "2001", comment => "seph", home => "/home/seph", shell =>
2007 Nov 08
7
Best practice for users/groups on solaris
Hi all, I''m a new puppet user and I''m running into some weirdness around creating users on solaris. (puppet version 0.23.2) The virt_all_users way of managing users seems pretty reasonable, but I don''t see how to deal with user specific groups with that. I have: class virt_all_users { @user { "seph": ensure => "present",
2007 Mar 29
4
wondershaper and dmzs
I have a pretty simple setup. I''ve got a linux nat box, with some internal hosts. I''ve also got some servers in a dmz. It looks something like this: Internet | (external network) | | | | linux dmz nat hosts |
2006 Jan 05
5
multiple links and nat
Hi, this might be a dumb question, but I''m not finding much information online. I''m trying to setup a 2.6 linux box to run nat across multiple upstream links as a simple way to aggregate bandwidth. I found the instructions in lartc section 4.2 (http://lartc.org/howto/lartc.rpdb.multiple-links.html) fairly clear and straightforward. I implemented those, and a couple of trivial
2009 Jul 30
7
arrays, loops, etc
Inspired by the recent thread titled "Array input of dirs, ensuring their existence" I thought I''d write up the problem I''m running into. I was chatting on irc about it, I don''t think puppet has a clean solution. Like the other poster, I''m defining an object that takes an array. In my case, I''m defining gpg keystore, which can contain a
2010 Apr 19
7
getting a list of rules out of iptables
I''ve been using camptocamp''s iptables module. It works pretty well, lets me define rules in various modules, etc. Now I find myself needing to generate a commented list of it''s rules. I notice that the README has a nice exec suggestion. But, when I try it, I can''t get it to work. In my iptables/manifests/init.pp I have: Iptables { before =>
2006 Nov 06
1
Bug#397359: pae kernel?
Package: xen-hypervisor-3.0-unstable-1-i386-pae Version: 3.0-unstable+hg11561-1 It's great having a pae hypervisor packaged for debian, but it'd be a lot more useful with a pae kernel seph
2007 Nov 19
4
puppet on fedora 8...
i thought i would run up a fedora 8 installation and take a look around, my default kickstart installation includes puppet which shouldn''t be a problem however the puppet client fails with Certificates were not trusted: hostname was not match with the server certificate The cause is obvious, the hostname of my puppetmaster is ''puppet1.mydomain.com'' and
2007 Dec 05
9
machine network interfaces, dhcpd.conf, and zone files
I''m still thinking about how my puppet deployment will go. Right now, I''m thinking each of my machines will have their network interfaces defined/configured by puppet. But, I''d like to generate my zone files and dhcpd.conf from this data as well. How do people generally do this? I expect I''ll end up generating the nodes.pp files from some database, but
2011 Feb 08
12
multiple puppetmasters (w/ Passenger) behind load balancer
Hello Gang, I''m working on scaling my puppet solution, and I''m deploying multiple masters w/ passenger that are going sit behind a load balancer. If anyone is using these type of setup, would you share how you deal with the SSL certs? I''ve been following Bode''s Blog (http://bodepd.com/wordpress/?p=7), and it''s not working to good for me.
2009 Nov 17
3
SSH Keys
Hi all, I want to use puppet to distribute keys to multiple users. I wanted to do something like we have already: - define a key per real person - define groups containing several keys, people can be in multiple groups - deploy these groups of keys to specific users however it looks like the ssh_authorized_key resource ties a key and a user together so it looks like I fall at the first
2011 Jul 08
2
Puppetmaster setup with separate CA server configuration help
Hi All, I am setting up puppetmaster with nginx and passenger and separating the Puppetmaster primary CA server. I have 3 host loadbalancer01 - Nginx doing LB on IP address and also running puppetmaster with passenger under 127.0.0.1 (port 8140). primaryca - Puppetmaster Primary CA pclient - Puppet Client The did the following steps: On Primary CA server: ---------------------------- cd
2009 Jun 24
1
puppetrun and certs - CA certdnsnames?
Hi, I''m rolling out a new Puppet install and am having some problems with certs. I''ve googled and read the docs but can''t find anything. Almost all boxes on the network are dual-homed, with a primary network (VLAN, /27 subnet) for public data and an admin/management network for backups and other backend stuff. All hosts have a primary interface on the main network (and
2012 Feb 27
1
Using puppet cert generate on a client -- why doesn't this work?
I''m running a two headed puppetmaster and have disabled crl''s. Let''s call them the primary and the secondary. The primary and secondary both use the primary as their master. The secondary only is used when the primary isn''t responding (I wrap the puppetd call in cron with a short shell script) I''m managing these ca files on the masters, pushing
2011 Jan 18
3
Failed SSL with CNAME'd puppetserver
Hi, suppose puppet-old.domain is a CNAME pointing to puppet-new.domain, and puppet-new.domain is running Apache (for SSL) with mod_proxy_balancer to balance over some 10 puppetmaster processes. The configured SSLCertificateFile in Apache is that of puppet-new.domain How do I get a node to stop complaining when connecting to puppet-old.domain (ending up at puppet-new.domain through the CNAME)?
2011 Apr 06
4
SSL issues: Separate CA, multiple load balanced masters
Hi, I''ve been at it for about 4 days now and I just can''t figure it out. I''m getting the following error when running puppet agent on my masters: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed At startup, I''m running ntpdate (I''ve read in a lot of places that this error occurs when date between servers
2007 Nov 11
4
puppetrun fails: "Certificates were not trusted"
Hello all, I''ve tried to run ''puppetrun'', but there seems something unconfigured regarding the certificates. The reverse way (puppetd pulls the config from puppetmasterd) works fine. The namespaceauth.conf on the client (where puppetd runs) is configured as follows: [puppetrunner] allow *.abc.net (also tried the calling host: puppet1.abc.net) But when I call
2012 Aug 21
3
mcollective getaddrinfo: Name or service not known
I''m getting these errors when running ''puppet agent --test'' after doing a new installation of an agent: err: /Stage[main]/Pe_mcollective::Plugins/File[/opt/puppet/libexec/mcollective/mcollective/security/sshkey.rb]/content: change from {md5}512f42272699eaa085c83d2cc67c27ea to {md5}8fa3e9125fd917948445e3d2621d40e5 failed: Could not back up
2012 Mar 21
4
PE - installation error
Hi, I am trying to install puppet enterprise on a fresh Debian Squeeze machine, but I am getting an error midway with no information on what went wrong. How do I troubleshoot or look for more debugging information? This is what the screen output for installation is: thanks for your help in advance! Setting up pe-rubygem-fog (1.0.0e-1puppet2) ... Setting up pe-cloud-provisioner (1.0.1-puppet1)
2011 Oct 24
3
Important Security Announcement: AltNames Vulnerability [new version of puppet]
We have discovered a security vulnerability (“AltNames Vulnerability”) whereby a malicious attacker can impersonate the Puppet master using credentials from a Puppet agent node. This vulnerability cannot cross Puppet deployments, but it can allow an attacker with elevated privileges on one Puppet-managed node to gain control of any other Puppet-managed node within the same infrastructure. All