similar to: Moving to new puppetmaster - certificates

Displaying 20 results from an estimated 10000 matches similar to: "Moving to new puppetmaster - certificates"

2010 Jun 20
8
bringing puppet into production
Hi everyone, I’ve been working on getting puppet set up for our systems for the past week, and all has gone well in learning about writing manifests, but now that I’m ready to set it into production, I realize that it’s still unclear to me exactly how that’s supposed to go. For instance, during testing it has always been that I manually started and stopped puppetd and puppetmasterd on their
2008 Dec 04
4
puppetmaster built via puppetd
hi, i''m trying to set up my puppetmaster infrastructure with multiple puppetservers behind load balancers in each of our datacenters. i''m using 0.24.6. i''ve read the howto on puppet scalability, and i think i''ve got the ssl config working correct, but i''m noticing that when puppetd is used to build a puppetmaster, some of the files in $vardir/ ssl
2007 Jul 03
3
pupped on the puppetmaster: cert problems
I''m getting certificate errors when I attempt to run puppetd on the puppetmaster. As near as I can tell, this is because I''m using the same puppet.conf for both puppetd and puppetmasterd; but puppetmaster runs as user "puppet" and puppetd runs as user "root", yet both expect the certificates to be readable and chmod 600. I tried telling puppetd to use
2011 Feb 08
12
multiple puppetmasters (w/ Passenger) behind load balancer
Hello Gang, I''m working on scaling my puppet solution, and I''m deploying multiple masters w/ passenger that are going sit behind a load balancer. If anyone is using these type of setup, would you share how you deal with the SSL certs? I''ve been following Bode''s Blog (http://bodepd.com/wordpress/?p=7), and it''s not working to good for me.
2009 Sep 08
7
Puppetmaster be client of another puppetmaster?
Is is possible to have a puppetmaster that is a client of a different puppetmaster? We manage our customers'' server via puppet, but one customer has a puppetmaster server which looks after their internal systems. We''ve tried the following in /etc/puppet/puppet.conf ("customer" and "us" replacing the domain names) on their puppetmaster: [puppetmasterd]
2008 May 27
12
Puppetting the puppetmaster problems
Hi, installing puppet at my first site was quite easy (not w/o problems, but still). At the second site, I''ve run into something more serious. First things first - I install puppetmaster on existing server, used to keep LDAP db (my puppetmaster DOES NOT use LDAP, it just tries to coexist on the same machine). The thing is, I need to puppet this baby, so I''m running into a
2007 Feb 14
4
cvs export on puppetmaster box
Hello I am thinking that it is better to do a cvs export of a project once, on the puppetmaster box, rather than do the same cvs export on all puppet clients, yes? If so, how does one do this? Do you run puppetd on the same box as puppetmasterd and set up the cvs export as an exec for only the node with the same hostname as the puppetmaster? Thanks Jesse Jesse Reynolds Virtual
2009 Jun 24
1
puppetrun and certs - CA certdnsnames?
Hi, I''m rolling out a new Puppet install and am having some problems with certs. I''ve googled and read the docs but can''t find anything. Almost all boxes on the network are dual-homed, with a primary network (VLAN, /27 subnet) for public data and an admin/management network for backups and other backend stuff. All hosts have a primary interface on the main network (and
2006 Oct 18
19
Creating client certificates
I testing Puppet 0.19.3. If we decide to use it, we''d deploy it across several thousand hosts. The method described for creating client certificates described in the documentation - running "puppetd --server <server> --waitforcert 60 --test" and "puppetca --sign <client>" - is not practical for our installation. I''ve tried creating
2008 Dec 18
3
errors after 0.24.7 upgrade ..
After upgrading my puppetmaster to 0.24.7 from 0.24.6 i am getting the following errors in the puppetmaster logs. Any help would be appreciated. Thu Dec 18 16:11:39 +1100 2008 Puppet (err): Could not store configs: undefined method `environment='' for #<Puppet::Rails::Host:0xb72c0c38> I do not use environment''s and they are not defined anywhere in the puppet.conf
2007 May 18
3
Puppetmaster wierdness
Anybody else experience the need to restart puppetmasterd before a node can register itself. I''ve been cleaning up my installation here on client nodes and every once and a while I find myself needing to restart the puppetmaster daemon. A client node attempts to connect and never does. A restart fixes things. There doesn''t seem to be anything useful in the error messages
2008 Jan 02
4
Puppetmaster doesn''t know itself
I restarted puppetmasterd and it announced that the Cert does not match existing key ! [root@puppet ~]# puppetmasterd --verbose --no-daemonize info: Starting server for Puppet version 0.24.1 info: mount[files]: allowing 10.100.0.0/16 access info: mount[files]: allowing *.gridapp.com access info: mount[files]: allowing *.dev.gridapp.com access info: Retrieving existing certificate for
2009 Apr 28
2
Puppet Mongrel Load Balancing + CNAME
Hi I am reading and configuring puppet in relation to http://reductivelabs.com/trac/puppet/wiki/UsingMongrelOnEnterpriseLinux The question I have is in relation to the ssl certificates generated the first time the puppetmaster service is run and the ability to use a CNAME. If the host that i am running the puppetmaster on is server.example.com and i want to use puppet.example.com as a CNAME that
2011 Apr 14
10
allow_duplicate_certs = true not working?
I saw this feature became available in 2.7.0rc1 and wanted to try it out. I entered ''allow_duplicate_certs = true'' on both my master and agent systems in the puppet.conf (not sure if its need in both, saw it in genconf for puppetd and puppetmasterd though ...). I also have autosign.conf configured to allow autosigning for our domain (*.domain.com). I had my agent register with
2009 Nov 13
2
Multihomed puppet-server Multidomain SSL Problem
Hello List, I have a problem with the CA on my Puppetmaster. This Puppetmaster is connected to different Networks with different sub domainnames. The Puppet clients connecting via different Interfaces. There is no routing between subnets. Only one subnet can connect successfully. This is because the subject in the Certificate is the name of this subnet. All other clients get: Could not
2009 Apr 20
2
CA different than hostname?
I''m trying to setup a puppetmaster, and I''ve got a couple of questions. The first, is a design question. Since I expect to eventually have multiple puppetmaster servers, I''d like to name this one to be named puppet1.example.com. But I''d like my clients to connect via a cname as puppet.example.com. Is this pretty standard? Is there some more common way?
2007 Oct 10
17
Warning for Fedora Core users
Fedora Core 7 has just updated their Ruby package (was 1.8.6.36-3.fc7, is now 1.8.6.110-3.fc7), and the upgrade broke my Puppet installation, and there was a similar report from someone else. Communications between the puppetmasterd and the puppetd running on the same host broke down with the message: Could not retrieve configuration: Certificates were not trusted: hostname not match with
2009 Aug 26
7
storeconfigs + environments issue
Hi Guys, Im trying to turn on storeconfigs with a mysql db backend. On my testing server in our lab, i configured this successfully and can see if keeping information on all test hosts. When trying to implent the same idea onto our production puppet server, I get the following errors: Aug 26 16:35:53 opsynxsr0097 puppetmasterd[27003]: (/Settings[/etc/
2009 Feb 10
7
Lock file /var/lib/puppet/state/puppetdlock
I''m just starting a roll out of Puppet and I''m seeing a problem on maybe 25% of client nodes. The symptoms are that the clients stop updating. In the Puppetmaster log, I''m seeing things like: Feb 9 20:10:23 vs4 puppetmasterd[17942]: Compiled catalog for xxxx in 0.05 seconds Feb 9 20:40:41 vs4 puppetmasterd[17942]: Compiled catalog for xxxx in 0.05 seconds Feb 9
2007 Jun 14
19
Please test export/collect from svn
For those of you out there using export/collect (which we really need to come up with a better name for...), can you test the current SVN code? I''m mostly wondering if the performance is any better. To use it, you''ll have to remove your current database, since the database schema is significantly changed. I''m getting what looks like an additional 25% reduction