similar to: Moving to new puppetmaster - certificates

Hi everyone, I’ve been working on getting puppet set up for our systems for the past week, and all has gone well in learning about writing manifests, but now that I’m ready to set it into production, I realize that it’s still unclear to me exactly how that’s supposed to go. For instance, during testing it has always been that I manually started and stopped puppetd and puppetmasterd on their

hi, i''m trying to set up my puppetmaster infrastructure with multiple puppetservers behind load balancers in each of our datacenters. i''m using 0.24.6. i''ve read the howto on puppet scalability, and i think i''ve got the ssl config working correct, but i''m noticing that when puppetd is used to build a puppetmaster, some of the files in $vardir/ ssl

I''m getting certificate errors when I attempt to run puppetd on the puppetmaster. As near as I can tell, this is because I''m using the same puppet.conf for both puppetd and puppetmasterd; but puppetmaster runs as user "puppet" and puppetd runs as user "root", yet both expect the certificates to be readable and chmod 600. I tried telling puppetd to use

Hello Gang, I''m working on scaling my puppet solution, and I''m deploying multiple masters w/ passenger that are going sit behind a load balancer. If anyone is using these type of setup, would you share how you deal with the SSL certs? I''ve been following Bode''s Blog (http://bodepd.com/wordpress/?p=7), and it''s not working to good for me.

Is is possible to have a puppetmaster that is a client of a different puppetmaster? We manage our customers'' server via puppet, but one customer has a puppetmaster server which looks after their internal systems. We''ve tried the following in /etc/puppet/puppet.conf ("customer" and "us" replacing the domain names) on their puppetmaster: [puppetmasterd]

Hello I am thinking that it is better to do a cvs export of a project once, on the puppetmaster box, rather than do the same cvs export on all puppet clients, yes? If so, how does one do this? Do you run puppetd on the same box as puppetmasterd and set up the cvs export as an exec for only the node with the same hostname as the puppetmaster? Thanks Jesse Jesse Reynolds Virtual

Hi, installing puppet at my first site was quite easy (not w/o problems, but still). At the second site, I''ve run into something more serious. First things first - I install puppetmaster on existing server, used to keep LDAP db (my puppetmaster DOES NOT use LDAP, it just tries to coexist on the same machine). The thing is, I need to puppet this baby, so I''m running into a

Hi, I''m rolling out a new Puppet install and am having some problems with certs. I''ve googled and read the docs but can''t find anything. Almost all boxes on the network are dual-homed, with a primary network (VLAN, /27 subnet) for public data and an admin/management network for backups and other backend stuff. All hosts have a primary interface on the main network (and

I testing Puppet 0.19.3. If we decide to use it, we''d deploy it across several thousand hosts. The method described for creating client certificates described in the documentation - running "puppetd --server <server> --waitforcert 60 --test" and "puppetca --sign <client>" - is not practical for our installation. I''ve tried creating

After upgrading my puppetmaster to 0.24.7 from 0.24.6 i am getting the following errors in the puppetmaster logs. Any help would be appreciated. Thu Dec 18 16:11:39 +1100 2008 Puppet (err): Could not store configs: undefined method `environment='' for #<Puppet::Rails::Host:0xb72c0c38> I do not use environment''s and they are not defined anywhere in the puppet.conf

Anybody else experience the need to restart puppetmasterd before a node can register itself. I''ve been cleaning up my installation here on client nodes and every once and a while I find myself needing to restart the puppetmaster daemon. A client node attempts to connect and never does. A restart fixes things. There doesn''t seem to be anything useful in the error messages

I restarted puppetmasterd and it announced that the Cert does not match existing key ! [root@puppet ~]# puppetmasterd --verbose --no-daemonize info: Starting server for Puppet version 0.24.1 info: mount[files]: allowing 10.100.0.0/16 access info: mount[files]: allowing *.gridapp.com access info: mount[files]: allowing *.dev.gridapp.com access info: Retrieving existing certificate for

Hi I am reading and configuring puppet in relation to http://reductivelabs.com/trac/puppet/wiki/UsingMongrelOnEnterpriseLinux The question I have is in relation to the ssl certificates generated the first time the puppetmaster service is run and the ability to use a CNAME. If the host that i am running the puppetmaster on is server.example.com and i want to use puppet.example.com as a CNAME that

I''m trying to setup a puppetmaster, and I''ve got a couple of questions. The first, is a design question. Since I expect to eventually have multiple puppetmaster servers, I''d like to name this one to be named puppet1.example.com. But I''d like my clients to connect via a cname as puppet.example.com. Is this pretty standard? Is there some more common way?

Hello List, I have a problem with the CA on my Puppetmaster. This Puppetmaster is connected to different Networks with different sub domainnames. The Puppet clients connecting via different Interfaces. There is no routing between subnets. Only one subnet can connect successfully. This is because the subject in the Certificate is the name of this subnet. All other clients get: Could not

I saw this feature became available in 2.7.0rc1 and wanted to try it out. I entered ''allow_duplicate_certs = true'' on both my master and agent systems in the puppet.conf (not sure if its need in both, saw it in genconf for puppetd and puppetmasterd though ...). I also have autosign.conf configured to allow autosigning for our domain (*.domain.com). I had my agent register with

Fedora Core 7 has just updated their Ruby package (was 1.8.6.36-3.fc7, is now 1.8.6.110-3.fc7), and the upgrade broke my Puppet installation, and there was a similar report from someone else. Communications between the puppetmasterd and the puppetd running on the same host broke down with the message: Could not retrieve configuration: Certificates were not trusted: hostname not match with

Hi Guys, Im trying to turn on storeconfigs with a mysql db backend. On my testing server in our lab, i configured this successfully and can see if keeping information on all test hosts. When trying to implent the same idea onto our production puppet server, I get the following errors: Aug 26 16:35:53 opsynxsr0097 puppetmasterd[27003]: (/Settings[/etc/

I''m just starting a roll out of Puppet and I''m seeing a problem on maybe 25% of client nodes. The symptoms are that the clients stop updating. In the Puppetmaster log, I''m seeing things like: Feb 9 20:10:23 vs4 puppetmasterd[17942]: Compiled catalog for xxxx in 0.05 seconds Feb 9 20:40:41 vs4 puppetmasterd[17942]: Compiled catalog for xxxx in 0.05 seconds Feb 9

For those of you out there using export/collect (which we really need to come up with a better name for...), can you test the current SVN code? I''m mostly wondering if the performance is any better. To use it, you''ll have to remove your current database, since the database schema is significantly changed. I''m getting what looks like an additional 25% reduction