similar to: Puppet Mongrel Load Balancing + CNAME

Hi Guys, Im trying to turn on storeconfigs with a mysql db backend. On my testing server in our lab, i configured this successfully and can see if keeping information on all test hosts. When trying to implent the same idea onto our production puppet server, I get the following errors: Aug 26 16:35:53 opsynxsr0097 puppetmasterd[27003]: (/Settings[/etc/

After upgrading my puppetmaster to 0.24.7 from 0.24.6 i am getting the following errors in the puppetmaster logs. Any help would be appreciated. Thu Dec 18 16:11:39 +1100 2008 Puppet (err): Could not store configs: undefined method `environment='' for #<Puppet::Rails::Host:0xb72c0c38> I do not use environment''s and they are not defined anywhere in the puppet.conf

Hello Gang, I''m working on scaling my puppet solution, and I''m deploying multiple masters w/ passenger that are going sit behind a load balancer. If anyone is using these type of setup, would you share how you deal with the SSL certs? I''ve been following Bode''s Blog (http://bodepd.com/wordpress/?p=7), and it''s not working to good for me.

Hi, We have majority of RHEL5 servers in our environment. I have noticed in the process of trying to deploy puppet, that i am getting errors when yum is trying to install packages. Most of the time it works flawlessly, however sometime the following will be reported: change from absent to present failed: Execution of ''/usr/bin/yum -d 0 - e 0 -y install modcluster'' returned 1:

I''m trying to setup a puppetmaster, and I''ve got a couple of questions. The first, is a design question. Since I expect to eventually have multiple puppetmaster servers, I''d like to name this one to be named puppet1.example.com. But I''d like my clients to connect via a cname as puppet.example.com. Is this pretty standard? Is there some more common way?

We have discovered a security vulnerability (“AltNames Vulnerability”) whereby a malicious attacker can impersonate the Puppet master using credentials from a Puppet agent node. This vulnerability cannot cross Puppet deployments, but it can allow an attacker with elevated privileges on one Puppet-managed node to gain control of any other Puppet-managed node within the same infrastructure. All

Hey Guys, So i have puppetmaster running and well. I have a few questions 1) Even though i followed instructions on http://projects.puppetlabs.com/projects/1/wiki/Using_Mongrel on using Mongrel, puppetmaster is probably still using webrick since the client connection timeout still occurs. How do i make it use mongrel? 2) Now after messing a little with /etc/sysconfig/puppetmaster i increased

Hi everyone, I’ve been working on getting puppet set up for our systems for the past week, and all has gone well in learning about writing manifests, but now that I’m ready to set it into production, I realize that it’s still unclear to me exactly how that’s supposed to go. For instance, during testing it has always been that I manually started and stopped puppetd and puppetmasterd on their

I''m having difficulty getting my head around some CA issues My client has: [puppetd] ca_server=puppetca.mydomain.com and puppet resolves to a different machine. when puppet connects, it requests a signature from puppetca.mydomain.combut then on the next pass fails with the following: err: Could not retrieve catalog: Certificates were not trusted: SSL_connect returned=1 errno=0

Hi, suppose puppet-old.domain is a CNAME pointing to puppet-new.domain, and puppet-new.domain is running Apache (for SSL) with mod_proxy_balancer to balance over some 10 puppetmaster processes. The configured SSLCertificateFile in Apache is that of puppet-new.domain How do I get a node to stop complaining when connecting to puppet-old.domain (ending up at puppet-new.domain through the CNAME)?

Hi, I have a Puppet Enterprise (2.0) puppetmaster running with Foreman, and having trouble getting it working as an External Node Classifier. In short, if I manually add a test client into site.pp, it will retrieve the proper catalog / classes, but I would like to avoid having to do that. I''m also using environments (production/testing/ development) as well, but think I have most of

Hi, I am using the cloud provisioner to bootstrap some ec2 nodes, and these clients are signed using a randomly generated certname, which is put in /etc/puppet.conf at the bootstrap time (eg certname = d7bcd693-73fd-495f-0876-ff91ea11111e). But my puppet code repo also manages the puppet.conf file, so the file will be overwritten on the client at the first puppet run. Nevertheless, i should not

hello,all I write a function. this function will write the client fqdn to a file. But this function only run one time when the puppetmaster recompile the configuration. How can let this function run every time when a client connect to the puppetmaster ? please help me. -- Huang Mingyou

hi, i''m trying to set up my puppetmaster infrastructure with multiple puppetservers behind load balancers in each of our datacenters. i''m using 0.24.6. i''ve read the howto on puppet scalability, and i think i''ve got the ssl config working correct, but i''m noticing that when puppetd is used to build a puppetmaster, some of the files in $vardir/ ssl

Hello, Attempting to setup a CA primary/standby as well as seperate puppetmaster servers (all running Apache/Passenger) behind another Apache/Passenger type load balancer. Clients are not getting certs:- err: Could not request certificate: Could not intern from s: nested asn1 error Clearly an SSL issue but not something I know a great deal about. loadbalancer.conf # Puppet Load Balancing

Hello List, I have a problem with the CA on my Puppetmaster. This Puppetmaster is connected to different Networks with different sub domainnames. The Puppet clients connecting via different Interfaces. There is no routing between subnets. Only one subnet can connect successfully. This is because the subject in the Certificate is the name of this subnet. All other clients get: Could not

I''m running a two headed puppetmaster and have disabled crl''s. Let''s call them the primary and the secondary. The primary and secondary both use the primary as their master. The secondary only is used when the primary isn''t responding (I wrap the puppetd call in cron with a short shell script) I''m managing these ca files on the masters, pushing

Hello All, So I finally got around to start to cut over node definitions from standard flat files to external nodes (foreman), and getting error message: "Error 400 on SERVER: Could not find node ''nodename''; cannot compile" - So basically it can''t pick up the node from the external node config. When I test the fetching of the yaml file it seems to work

I''m having an issue with the default puppet.conf distributed with puppet 2.6.4 (FreeBSD port). I''ve reproduced the problem with a completely fresh install on a completely fresh OS in a VM. Under these conditions, running puppetmaster with no config is fine, but simply moving the puppet.conf-dist file to puppet.conf causes the following errors on console: Performing sanity

Is is possible to have a puppetmaster that is a client of a different puppetmaster? We manage our customers'' server via puppet, but one customer has a puppetmaster server which looks after their internal systems. We''ve tried the following in /etc/puppet/puppet.conf ("customer" and "us" replacing the domain names) on their puppetmaster: [puppetmasterd]