similar to: How to execute an arbitrary script when a puppetclient ask for a manifest?

Hey Folks, I''m looking at doing automated provisioning of new servers and am trying to integrate puppet into this process. What I''m wondering though is what the best process for securely registering a new node is. At the moment the first time puppet is run I have to then accept the certificate on the puppetmaster and then run puppet again. What I would like to do is accept the

I testing Puppet 0.19.3. If we decide to use it, we''d deploy it across several thousand hosts. The method described for creating client certificates described in the documentation - running "puppetd --server <server> --waitforcert 60 --test" and "puppetca --sign <client>" - is not practical for our installation. I''ve tried creating

I am looking into alternatives for the initial cert sign for new puppet clients. We will have non-sysadmins kickstarting new hosts, and I am trying to minimize the time they have to wait for a cert sign while maintaining at least a marginally sane level of security. My question is this: does the puppetmaster check that a new cert request for host A (csr with subject "cn=A.mydomain") is

Hi, I''m using puppet on EC2 to setup my VMs with the following configuration: # puppetd --version 0.25.5 # uname -a Linux hostname.domain 2.6.16-xenU #1 SMP Mon May 28 03:41:49 SAST 2007 i686 i686 i386 GNU/Linux But I keep facing some timeout from puppetd: warning: peer certificate won''t be verified in this SSL session Exiting; failed to retrieve certificate and waitforcert

I am trying to come up with a workable solution in managing numerous Mac workstations allowing a high degree of flexibility with regards to certs. My puppet environment is setup to application installation on machines that have been ''imaged'' with a base OS and the puppet and facter apps. So, when a Mac is ''imaged'' and subsequently re-booted, puppet is run at

Hi: I''m trying to configure Puppet on Ubuntu, and strangely I am never able to generate a certificate because my server never shows any pending certificate requests. Put differently, on the server I am running puppetmasterd and on the client I am able to connect to the server, but the client continues printing notice: Did not receive certificate warning: peer certificate

All, I have --confdir=/etc/puppet/common in my /etc/init.d/puppetmaster and /etc/init.d/puppet files, vardir set to /var/lib/puppet in /etc/puppet/common/puppet.conf, and yet, every time I run puppetca it creates /etc/puppet/ssl. Anyone know why? Doug. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email

Hi - I a ran puppetd -vt against a brand newly build host (which is what I normally do for a new host) and got the usual message: err: No certificate; running with reduced functionality. info: Creating a new certificate request for sega-dev-1. info: Requesting certificate On the puppetmaster, I then list the waiting host with: puppetca --list then sign the key. In this case, I decided that the

Hello, I ran into this problem today, I am trying to implement "One click installation", I followed foreman howtos and set up the pre-requisites accordingly. However, when I click on "Build" button, I get the following errors in the foreman''s console and another error in the web interface indicating that the installation failed. Any ideas? *"PuppetCA: SSL/CA or

Hi, Just wondering if anyone had any similar issues OR idea''s on troubleshooting the following problem. I have a client/node registered to the puppet master and it is working without any issues. On the server I can see it compile the catalog in the logs. However when I run ''puppet cert --list --all'' it is not in the list. Note we use auto signing

Hi, I''ve setup the puppetmaster to start 5 processes each listening on a different port, with an Apache server in front. This works fine for existing clients, however when I try to add a new client (ie. a newly installed machine with no previous puppet configuration) I get this error: err: Could not request certificate: sslv3 alert handshake failure error Any ideas what''s

Hello a newbie here. The situation is that: 2 machine one master one client Puppet 0.24.5 This my configuration: Client: /etc/puppet/puppetd.conf [puppetd] server = Asus-Vista-Box logdir = /var/log/puppet vardir = /var/lib/puppet rundir = /var/run master /etc/puppet/manifests/classes/sudo.pp class sudo { file { "/etc/sudoers": owner => "root",

Hi! I''ve installed puppetmaster 2.7.13 on a server with CentOS 6.2 with a rpm supplied by yum.puppetlabs.com. I''ve setup a apache2 vhost with mod_ssl and passenger. The server is configured to autosign the cert requests. The agent installed on the puppetmaster''s server works fine. I''ve a second agent on a server which can sync with the server too. This

Hi I have installed passenger on many machine and this is my 3rd puppet master on CentOS 6. This one is giving me problems and I have been trying with different gem versions and still no go. When I run passenger-install-apache2-module I get this error: Sorry its really long so I copied to a text doc attached to this post. Any Idea on whats going wrong. I have not had a problem with this before

Hello All, I''m happy to announce a new release candidate of Foreman, top highlights for this release includes: * New look and feel * Extended restful API * Support for New Puppet Reports format * Full VM/physical host Provisioning * Powerful template generator ( pxelinux, gpxe, kickstart, preseed, grub etc..) * introduce a new service called smart proxy (which can run on remote

I am banging my head against the wall for recently built hosts that are unable to verify the server''s certs. The usual is not working. on the puppet agent machine: find /var/lib/puppet/ssl -type f -delete on puppet master: puppetca --clean <new_host_cert> on agent: puppetd --server puppet --waitforcert 2 --no-daemonize -d -o on puppet master: puppetca --sign

Hi All, I am setting up puppetmaster with nginx and passenger and separating the Puppetmaster primary CA server. I have 3 host loadbalancer01 - Nginx doing LB on IP address and also running puppetmaster with passenger under 127.0.0.1 (port 8140). primaryca - Puppetmaster Primary CA pclient - Puppet Client The did the following steps: On Primary CA server: ---------------------------- cd

I upgraded from syslinux 4.x to syslinux 6.01 and am now having issues with pxe chaining. I've tried moving up as far as 6.02-pre16, but I'm still experiencing the same problem. The original config called the next server as follows: LABEL Cobbler KERNEL pxechain.com APPEND 10.x.x.x::pxelinux.0 Which worked for the previous version, but I started getting an error after

Dear all I have a dummy question. The model code as follow: class User < ActiveRecord::Base set_primary_key "username" end In script/console user = {:username => "123", :display_name => "345"} => {:username=>"123", :display_name=>"345"} a = User.new(user) => #<User username: nil, display_name: "345">

Hi, installing puppet at my first site was quite easy (not w/o problems, but still). At the second site, I''ve run into something more serious. First things first - I install puppetmaster on existing server, used to keep LDAP db (my puppetmaster DOES NOT use LDAP, it just tries to coexist on the same machine). The thing is, I need to puppet this baby, so I''m running into a