similar to: How can I set certname in managed puppet.conf?

Hi, I am using the cloud provisioner to bootstrap some ec2 nodes, and these clients are signed using a randomly generated certname, which is put in /etc/puppet.conf at the bootstrap time (eg certname = d7bcd693-73fd-495f-0876-ff91ea11111e). But my puppet code repo also manages the puppet.conf file, so the file will be overwritten on the client at the first puppet run. Nevertheless, i should not

I recently upgraded my Puppetmaster to 0.24.4 and it looks like my templates are not working properly. All of my clients use the same certificate, built by my original client "xx". I do this using the certname=blah parameter in the puppet.conf on each client. Up until I upgraded each client would use the "xx" certificate (which I had renamed to "blah") and

Hi guys, I have a box that needs to identify itself to the puppetmaster as something different from the FQDN. I added certname to the agent configuration before the first run, but it doesn''t seem to be sufficient. The certificate was generated for the FQDN, and the host appears in the dashboard as the FQDN, and the node name used to evaluate the manifest is also the FQDN. I would

Hi, I have a puppetmaster - agent architecture. I have a module for the vsftpd configuracion in the agents. The configuration of the value ''max_per_ip'' in the agents may vary. This is a line of the manifest: $max_per_ip = hiera(''max_per_ip'',10) I want to specify different values for each agent using hiera. The problem is I am only able to specify the

Is is possible to have a puppetmaster that is a client of a different puppetmaster? We manage our customers'' server via puppet, but one customer has a puppetmaster server which looks after their internal systems. We''ve tried the following in /etc/puppet/puppet.conf ("customer" and "us" replacing the domain names) on their puppetmaster: [puppetmasterd]

If I run below command on puppet master. I am able to get output pasted here. But the same information, I am trying to capture via browser using http://puppetdb:8080/v2/facts/operatingsystem but not working [root@puppetmaster ~]curl -X GET http://puppetdb:8080/v2/facts/operatingsystem curl: (6) Couldn''t resolve host ''puppetdb'' [root@puppetmaster ~]# curl -X

Hi, ppl I dont know what to do. I configure a new client do sync with my server. the server accept de client_cert without errors and then when i run the "puppet agent -t" agaion i got this error output info: Retrieving plugin err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using ''eval_generate: SSL_connect returned=1 errno=0 state=SSLv3 read server

hi, i''m trying to set up my puppetmaster infrastructure with multiple puppetservers behind load balancers in each of our datacenters. i''m using 0.24.6. i''ve read the howto on puppet scalability, and i think i''ve got the ssl config working correct, but i''m noticing that when puppetd is used to build a puppetmaster, some of the files in $vardir/ ssl

Hello everyone, Just getting my first puppet master set up and I am having a problem that I just do not know how to get past. For some reason, my certificate store keeps getting corrupted. Basically what happens is that the server will issue itself a valid certificate (after removing the ''bad'' cert) and will run just fine. When I start puppetDB (I am pretty sure it happens

Hi, I''m having a problem with extlookup not respecting the ''certname'' parameter[1].  When executing a puppet run with either the --certname or --fqdn parameters, it ends up using the specified SSL certificate and gets the correct node definition applied from the puppetmaster.  However, it still retrieves extlookup data using the node''s actual FQDN, not the one

So I''m new to puppet and I''m having a bear of a time just getting a test server going. I installed puppet and the puppet client via yum on CentOS on AWS, so that saved me some time. I followed a few various blog posts about getting everything set up and applying a file, etc. Now I am trying to install a module (puppetlabs/apache) and it''s failing miserably for me. I

Hello all, Recently I was asked to start using Puppet as part of our Eucalyptus powered internal cloud. I have been able to set up Puppet and a puppet master on various instances, but what I am running into, is that several of the instances have the same hostname or no hostname when they are first launched, so of course when they try to get a cert from puppetmaster I get an error saying that I

Hello... I wanted to be able to startup an EC2 instance with one command and have a fully functioning server without having to shell into each new instance and configure the bits to allow puppet to finish the configuration. Here are some notes I came up with for bootstrapping an ec2 instance with puppet using Ubuntu 10.04. I left out a lot of things about creating and running custom AIM

Hello, Let''s consider the scenario when a client node in a puppet environment gets compromised. In case some of the puppet modules make decisions based on agent facts, these modules are potentially exposed to abuse from the malicious puppet agent. For example, if a class has: if $some_fact == ''some value'' { # deploy some configuration } then the compromised node

I am trying to come up with a workable solution in managing numerous Mac workstations allowing a high degree of flexibility with regards to certs. My puppet environment is setup to application installation on machines that have been ''imaged'' with a base OS and the puppet and facter apps. So, when a Mac is ''imaged'' and subsequently re-booted, puppet is run at

I revoked the certificate of one of the clients by issuing the following command on puppetmaster : puppet cert clean <hostname> Then tried to access the catalog from <hostname> via : puppet agent --server=puppet .... and I can still access the catalogs from the master without any error. I checked that the certificate is no longer there in the puppetmaster for this

Started the discussion in puppet users mailing list based on recommendation from luke. This discussion is to a follow up regarding bug#1955 "Could not find server puppet" - installation/configuration error". jamtur01''s last recommendation: Rather than renaming things try the certname option (see http://reductivelabs.com/trac/puppet/wiki/ConfigurationReference). But

I am finding that the puppetlabs-apache module is somehow adding 30-60 seconds onto a host''s catalog compile time when the puppetmaster has no other hosts contacting or generating catalogs. The Puppetmaster is setup to use Puppet-2.7.18 - Apache & Passenger. RIght now only 2 hosts are even configured to use this new PM, the PM itself and a Foreman host. With neither hosts

1. I get the following error when I run “puppet device’ err: Could not request certificate: Could not write /var/opt/lib/pe-puppet/devices/certname/ssl/private_keys/certname.pem to privatekeydir: Permission denied - /var/opt/lib/pe-puppet/devices/certname/ssl/private_keys/certname.pem Any thought? Thanks, -- You received this message because you are subscribed to the Google Groups

Hi everyone, I’ve been working on getting puppet set up for our systems for the past week, and all has gone well in learning about writing manifests, but now that I’m ready to set it into production, I realize that it’s still unclear to me exactly how that’s supposed to go. For instance, during testing it has always been that I manually started and stopped puppetd and puppetmasterd on their