similar to: Using Puppet via a proxy.

Hello folks, I am getting this error on one of the clients, here''s all of the output. It was working on this client and today it stopped working. I cleaned the cert for this client puppetmaster by "puppetca --clean host.domain.com" and I removed the "/var/lib/puppet/ssl" directory so it would get new certs. But I still keep getting the same error as below. I have other

Hi all puppet-Users, i try to get my first puppet installation up and running. (puppet-0.24.5, ruby-1.8.5) everything works as expected witch puppetmasterd + puppetd on the same machine. but i''ve problems connecting to the puppet-server from any client host. all i get is the error ------------ debug: Calling puppetca.getcert err: Could not call puppetca.getcert:

Started the discussion in puppet users mailing list based on recommendation from luke. This discussion is to a follow up regarding bug#1955 "Could not find server puppet" - installation/configuration error". jamtur01''s last recommendation: Rather than renaming things try the certname option (see http://reductivelabs.com/trac/puppet/wiki/ConfigurationReference). But

I recently had a working puppet server serving around 4-5 clients. One of the clients needed to be re-built and now only that client cannot connect. puppetca --clean hostname did not work So here is what I did on both the server/client I removed /var/lib/puppet/* Then I restarted the server via puppetmasterd --mkusers --verbose I then connect in via the client with /usr/bin/ruby

Hi. When registering a new client with the puppetmaster I get the following error: [root@host ~]# puppetd --server puppetmaster --waitforcert 50 --test info: Creating a new certificate request for host info: Creating a new SSL key at /var/lib/puppet/ssl/private_keys/ host.pem warning: peer certificate won''t be verified in this SSL session err: Could not call puppetca.getcert:

Hi, installing puppet at my first site was quite easy (not w/o problems, but still). At the second site, I''ve run into something more serious. First things first - I install puppetmaster on existing server, used to keep LDAP db (my puppetmaster DOES NOT use LDAP, it just tries to coexist on the same machine). The thing is, I need to puppet this baby, so I''m running into a

I testing Puppet 0.19.3. If we decide to use it, we''d deploy it across several thousand hosts. The method described for creating client certificates described in the documentation - running "puppetd --server <server> --waitforcert 60 --test" and "puppetca --sign <client>" - is not practical for our installation. I''ve tried creating

Hello, Puppet client is receiving the 500 error when trying to talk to the puppetmaster server. Apache error log on the server shows -> Could not prepare for execution: Got 1 failure(s) while initializing: change from absent to file failed: Could not set ''file on ensure: Permission denied - /var/lib/puppet/log/masterhttp.log Permissions on this file are open and the file is owned

So set up new node, ran on the client puppetd --server puppetmaster --waitforcert 60 --test on the puppetmaster itself I ran puppetca --list saw the hostname and then ran: puppetca --sign hostname.domain.com and on the puppet node itself I went back and ran puppetd -tv and get the following error: err: Could not retrieve catalog from remote server: certificate verify failed warning: Not

hello, I''ve just added a new client to an existing configuration but cannot get it recognised. Both client and server are running 0.24.5, installed on gentoo linux using portage. This is what I dis: Server: /etc/init.d/puppetmaster start * Starting puppetmaster ... [ ok ] Client: puppetd --test warning: peer certificate won''t be verified in this SSL session notice: Did not

check out sslbump documentation: http://wiki.squid-cache.org/Features/SslBump -- Eero 2016-02-04 15:24 GMT+02:00 C. L. Martinez <carlopmart at gmail.com>: > Hi all, > > I am trying to configure squid as a interception HTTPS proxy under CentOS > 7. At every https request, I am receiving a certificate error. > > My current config for squid is: > > # My localnet

Hi All, I am setting up puppetmaster with nginx and passenger and separating the Puppetmaster primary CA server. I have 3 host loadbalancer01 - Nginx doing LB on IP address and also running puppetmaster with passenger under 127.0.0.1 (port 8140). primaryca - Puppetmaster Primary CA pclient - Puppet Client The did the following steps: On Primary CA server: ---------------------------- cd

On 04/02/2016 13:24, C. L. Martinez wrote: > Hi all, > > I am trying to configure squid as a interception HTTPS proxy under CentOS 7. At every https request, I am receiving a certificate error. > > My current config for squid is: > > # My localnet > acl localnet src 172.22.55.0/28 > acl localnet src 172.22.58.0/29 > > acl SSL_ports port 443 > acl Safe_ports

Hi, I''m trying to do ssl offload on amazon ELB for my puppetmaster servers, it seems amazon ELB is not sending ssl_client_header & client_verify_header puppetmaster Listen 8141 <VirtualHost *:8141> SSLEngine off DocumentRoot /etc/puppet/rack/puppetmaster_8141/public/ RackBaseURI / <Directory /etc/puppet/rack/puppetmaster_8141/> PassengerEnabled on

Hello everyone, I''m a new user regarding puppet but I''m skilled with linux. I have setup a puppetmaster server and also have a puppet client for testing on a different box. /etc/sysconfig/puppet has been edited to reach puppetmaster with option PUPPET_SERVER=puppet.mydomain.cr (I''m in Costa Rica) On the puppetmaster I was able to see the client with puppetca

I noticed a behaviour which is kind of confusing. I have the puppetmasterd running. Now I want a new client to connect. I edit the site.pp and add the client. When the client is started I can see it with puppetca --list. So I sign the client. When it next tries to connect it shows: notice: Allowing ::ffff:192.168.x.y(::ffff:192.168.x.y) untrusted access to CA methods notice: Host

Greetings, I installed a squid 3.1.10.i686 squid to a centos 6.2i686. The proxy is working fine with the default config. After I decided to use it as a transparent proxy, I added two lines to config: http_proxy 10.0.5.1:3128 transparent, always_direct allow all http_port 10.0.5.1:3128 transparent # # Recommended minimum configuration: # acl manager proto cache_object #acl localhost src

I have a test area network that is not routed to the production network because of IP address space re-use between the two networks. I would like the puppetmaster to serve both the production and test area networks. The puppetmaster is on the production network. I understand the puppet to puppetmaster connect to be HTTP using SSL. Can I somehow setup the puppet clients to use an HTTP

Hello List, I have a problem with the CA on my Puppetmaster. This Puppetmaster is connected to different Networks with different sub domainnames. The Puppet clients connecting via different Interfaces. There is no routing between subnets. Only one subnet can connect successfully. This is because the subject in the Certificate is the name of this subnet. All other clients get: Could not

Is there a Best Practices method for doing this? :) I''m trying to configure clients by ssh''ing to them from the puppetmaster. My steps are: ssh $host ''svccfg import ...'' sleep puppetca --sign $host scp namespaceauth.conf $host ssh $host ''svcadm restart puppet'' The problem is that I''d like to stop and log an error if the cert signing