similar to: Puppetmaster be client of another puppetmaster?

Hi, ppl I dont know what to do. I configure a new client do sync with my server. the server accept de client_cert without errors and then when i run the "puppet agent -t" agaion i got this error output info: Retrieving plugin err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using ''eval_generate: SSL_connect returned=1 errno=0 state=SSLv3 read server

Hello Gang, I''m working on scaling my puppet solution, and I''m deploying multiple masters w/ passenger that are going sit behind a load balancer. If anyone is using these type of setup, would you share how you deal with the SSL certs? I''ve been following Bode''s Blog (http://bodepd.com/wordpress/?p=7), and it''s not working to good for me.

hi, i''m trying to set up my puppetmaster infrastructure with multiple puppetservers behind load balancers in each of our datacenters. i''m using 0.24.6. i''ve read the howto on puppet scalability, and i think i''ve got the ssl config working correct, but i''m noticing that when puppetd is used to build a puppetmaster, some of the files in $vardir/ ssl

I''m just starting a roll out of Puppet and I''m seeing a problem on maybe 25% of client nodes. The symptoms are that the clients stop updating. In the Puppetmaster log, I''m seeing things like: Feb 9 20:10:23 vs4 puppetmasterd[17942]: Compiled catalog for xxxx in 0.05 seconds Feb 9 20:40:41 vs4 puppetmasterd[17942]: Compiled catalog for xxxx in 0.05 seconds Feb 9

I am trying to get a custom fact to sync. The fact is in a module. It will sync if I run puppet with "--pluginsync" but not otherwise. I have "pluginsync=true" in my puppet.conf. Shouldn''t the command line option and puppet.conf option have the same results? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group.

Hello All, I''m using the "Branch Testing" approach documented at https://reductivelabs.com/trac/puppet/wiki/BranchTesting and am seeing an issue with certificates. On all clients, I can run puppetd --masterport=8141 successfully but see the following error when I run against the default (8140) port: err: Could not retrieve configuration: Certificates were not trusted:

I''m getting certificate errors when I attempt to run puppetd on the puppetmaster. As near as I can tell, this is because I''m using the same puppet.conf for both puppetd and puppetmasterd; but puppetmaster runs as user "puppet" and puppetd runs as user "root", yet both expect the certificates to be readable and chmod 600. I tried telling puppetd to use

I have a single LB running Apache with mod_proxy in front of a Puppet master. These are the LB and Puppet master configs: <Proxy balancer://puppetmaster> BalancerMember http://192.168.1.10:8140 </Proxy> Listen 8140 <VirtualHost *:8140> SSLEngine on SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite

Hello I am thinking that it is better to do a cvs export of a project once, on the puppetmaster box, rather than do the same cvs export on all puppet clients, yes? If so, how does one do this? Do you run puppetd on the same box as puppetmasterd and set up the cvs export as an exec for only the node with the same hostname as the puppetmaster? Thanks Jesse Jesse Reynolds Virtual

I am banging my head against the wall for recently built hosts that are unable to verify the server''s certs. The usual is not working. on the puppet agent machine: find /var/lib/puppet/ssl -type f -delete on puppet master: puppetca --clean <new_host_cert> on agent: puppetd --server puppet --waitforcert 2 --no-daemonize -d -o on puppet master: puppetca --sign

When I try to connect to my new puppet master, I get an error because of a self-signed certificate: ---snip--- # puppet agent --test --noop Warning: Unable to fetch my node definition, but the agent run will continue: Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA:

Hi Folks, I''m trying to setup a test envoriment which is composed by a puppetmaster running in my laptop (Macos Snow Leopard) and a puppet client running on a EC2 instance at Amazon. In order to allow the client to talk with the master I''m using an SSH Remote port forward, ie I login into from the laptop into the EC2 instance witha "-R 8140:localhost:8140" flag. This

Hello, I randomly errors like this: Fri Jul 22 09:01:41 +0000 2011 //SERVER.fqdn/Puppet (err): Could not retrieve catalog from remote server: end of file reached Fri Jul 22 09:01:41 +0000 2011 //SERVER.fqdn/Puppet (notice): Using cached catalog Fri Jul 22 09:01:41 +0000 2011 //SERVER.fqdn/Puppet (err): Could not retrieve catalog; skipping run Here are the versions: puppetmaster

Hello... I wanted to be able to startup an EC2 instance with one command and have a fully functioning server without having to shell into each new instance and configure the bits to allow puppet to finish the configuration. Here are some notes I came up with for bootstrapping an ec2 instance with puppet using Ubuntu 10.04. I left out a lot of things about creating and running custom AIM

Hello readers, I have this little issue that my puppet client refuses to do anything because of SSL validation errors. Maybe I''ll just post dump of what happens, that makes it clear I hope. Does anyone have a suggestion why that might happen? what I already checked: On the master: - Puppet and puppetmaster is running - Something is listening on Port 8140 (although I cannot

I''m having difficulty getting my head around some CA issues My client has: [puppetd] ca_server=puppetca.mydomain.com and puppet resolves to a different machine. when puppet connects, it requests a signature from puppetca.mydomain.combut then on the next pass fails with the following: err: Could not retrieve catalog: Certificates were not trusted: SSL_connect returned=1 errno=0

I am trying to come up with a workable solution in managing numerous Mac workstations allowing a high degree of flexibility with regards to certs. My puppet environment is setup to application installation on machines that have been ''imaged'' with a base OS and the puppet and facter apps. So, when a Mac is ''imaged'' and subsequently re-booted, puppet is run at

hello, I''ve just added a new client to an existing configuration but cannot get it recognised. Both client and server are running 0.24.5, installed on gentoo linux using portage. This is what I dis: Server: /etc/init.d/puppetmaster start * Starting puppetmaster ... [ ok ] Client: puppetd --test warning: peer certificate won''t be verified in this SSL session notice: Did not

I am finding that the puppetlabs-apache module is somehow adding 30-60 seconds onto a host''s catalog compile time when the puppetmaster has no other hosts contacting or generating catalogs. The Puppetmaster is setup to use Puppet-2.7.18 - Apache & Passenger. RIght now only 2 hosts are even configured to use this new PM, the PM itself and a Foreman host. With neither hosts

I''d like to extend my use of puppet to manage my desktop/notebook macs. As others have noted, the hostname of the mobile machines tends to change frequently, so basing the node name (in my site.pp) and the corresponding cert and private key names seems to be an issue. I seem to recall somewhat talking about this at Puppet Camp last week….. Generally my signing strategy is always to