similar to: Puppet with cloud instances

Hello All, I''m using the "Branch Testing" approach documented at https://reductivelabs.com/trac/puppet/wiki/BranchTesting and am seeing an issue with certificates. On all clients, I can run puppetd --masterport=8141 successfully but see the following error when I run against the default (8140) port: err: Could not retrieve configuration: Certificates were not trusted:

I am trying to come up with a workable solution in managing numerous Mac workstations allowing a high degree of flexibility with regards to certs. My puppet environment is setup to application installation on machines that have been ''imaged'' with a base OS and the puppet and facter apps. So, when a Mac is ''imaged'' and subsequently re-booted, puppet is run at

Hi, I am using the cloud provisioner to bootstrap some ec2 nodes, and these clients are signed using a randomly generated certname, which is put in /etc/puppet.conf at the bootstrap time (eg certname = d7bcd693-73fd-495f-0876-ff91ea11111e). But my puppet code repo also manages the puppet.conf file, so the file will be overwritten on the client at the first puppet run. Nevertheless, i should not

Hello there, Since the update with ruby all my puppet function is dead (well known issue with the cert) . There has been some discutions on the dev list on how to patch this for future versions. I have read the list and wondered how we can solve the issue while waiting for the .24. I am in beta test of the .23.x version but on my production system i wanted to find a way to solve this now

Fedora Core 7 has just updated their Ruby package (was 1.8.6.36-3.fc7, is now 1.8.6.110-3.fc7), and the upgrade broke my Puppet installation, and there was a similar report from someone else. Communications between the puppetmasterd and the puppetd running on the same host broke down with the message: Could not retrieve configuration: Certificates were not trusted: hostname not match with

hi, i''m trying to set up my puppetmaster infrastructure with multiple puppetservers behind load balancers in each of our datacenters. i''m using 0.24.6. i''ve read the howto on puppet scalability, and i think i''ve got the ssl config working correct, but i''m noticing that when puppetd is used to build a puppetmaster, some of the files in $vardir/ ssl

Hello Gang, I''m working on scaling my puppet solution, and I''m deploying multiple masters w/ passenger that are going sit behind a load balancer. If anyone is using these type of setup, would you share how you deal with the SSL certs? I''ve been following Bode''s Blog (http://bodepd.com/wordpress/?p=7), and it''s not working to good for me.

I''d like to extend my use of puppet to manage my desktop/notebook macs. As others have noted, the hostname of the mobile machines tends to change frequently, so basing the node name (in my site.pp) and the corresponding cert and private key names seems to be an issue. I seem to recall somewhat talking about this at Puppet Camp last week….. Generally my signing strategy is always to

Hello everyone, Just getting my first puppet master set up and I am having a problem that I just do not know how to get past. For some reason, my certificate store keeps getting corrupted. Basically what happens is that the server will issue itself a valid certificate (after removing the ''bad'' cert) and will run just fine. When I start puppetDB (I am pretty sure it happens

hello, I''ve just added a new client to an existing configuration but cannot get it recognised. Both client and server are running 0.24.5, installed on gentoo linux using portage. This is what I dis: Server: /etc/init.d/puppetmaster start * Starting puppetmaster ... [ ok ] Client: puppetd --test warning: peer certificate won''t be verified in this SSL session notice: Did not

I am banging my head against the wall for recently built hosts that are unable to verify the server''s certs. The usual is not working. on the puppet agent machine: find /var/lib/puppet/ssl -type f -delete on puppet master: puppetca --clean <new_host_cert> on agent: puppetd --server puppet --waitforcert 2 --no-daemonize -d -o on puppet master: puppetca --sign

Is is possible to have a puppetmaster that is a client of a different puppetmaster? We manage our customers'' server via puppet, but one customer has a puppetmaster server which looks after their internal systems. We''ve tried the following in /etc/puppet/puppet.conf ("customer" and "us" replacing the domain names) on their puppetmaster: [puppetmasterd]

I have a single LB running Apache with mod_proxy in front of a Puppet master. These are the LB and Puppet master configs: <Proxy balancer://puppetmaster> BalancerMember http://192.168.1.10:8140 </Proxy> Listen 8140 <VirtualHost *:8140> SSLEngine on SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite

Greetings! As you undoubtedly know, the fixes for CVE 2007-5162 in ruby break installations where puppetca has created certificates with a CommonName different from the server's real hostname. The Puppet clients quite correctly complains about hostname mismatch. A number of better and worse solutions have been suggested for this problem, especially in ticket #896. IMHO, there are two good

Hi everyone, I’ve been working on getting puppet set up for our systems for the past week, and all has gone well in learning about writing manifests, but now that I’m ready to set it into production, I realize that it’s still unclear to me exactly how that’s supposed to go. For instance, during testing it has always been that I manually started and stopped puppetd and puppetmasterd on their

Hi, I have a puppetmaster - agent architecture. I have a module for the vsftpd configuracion in the agents. The configuration of the value ''max_per_ip'' in the agents may vary. This is a line of the manifest: $max_per_ip = hiera(''max_per_ip'',10) I want to specify different values for each agent using hiera. The problem is I am only able to specify the

I have been looking at Puppet as a possible replacement for cfengine at our site. One difficulty I''ve had with cfengine that I''m wondering if Puppet can solve is that of dealing with laptop/mobile users. Since these laptops move around quite a bit, their IP/hostname is constantly changing. From playing with puppet a bit, I''ve found that it seems to generate the

If I run below command on puppet master. I am able to get output pasted here. But the same information, I am trying to capture via browser using http://puppetdb:8080/v2/facts/operatingsystem but not working [root@puppetmaster ~]curl -X GET http://puppetdb:8080/v2/facts/operatingsystem curl: (6) Couldn''t resolve host ''puppetdb'' [root@puppetmaster ~]# curl -X

Hello, Let''s consider the scenario when a client node in a puppet environment gets compromised. In case some of the puppet modules make decisions based on agent facts, these modules are potentially exposed to abuse from the malicious puppet agent. For example, if a class has: if $some_fact == ''some value'' { # deploy some configuration } then the compromised node

Hi, ppl I dont know what to do. I configure a new client do sync with my server. the server accept de client_cert without errors and then when i run the "puppet agent -t" agaion i got this error output info: Retrieving plugin err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using ''eval_generate: SSL_connect returned=1 errno=0 state=SSLv3 read server