similar to: authenticating new nodes that are created by provisioning

Hey list, I'm wondering if there is any advantage to be gained by using kerberos with pam_winbind. I've configured pam_winbind and enabled krb5_auth though apart from being granted a ticket, I'm unsure as to any advantage that would be gained by enabling Kerberos. Thanks, Matt Delves -- --------------------------------------------- Matthew Delves System Administrator Information

Hey All, I''m running into a problem whereby some nodes are struggling to retrieve the metadata for files. I''ve moved all the nodes across to 0.25.1 to try and eliminate version inconsistencies though they still appear. I''ve also started using asynchronous stored configs as well. I''m wondering if this has anything to do with performance on the box and if there

Hi guys, I''m installing Puppet on RHEL5 systems using KickStart but struggle with the first boot. Here''s my situation: 1) kickstart installs the system, including puppet from our local repo 2) after reboot I have to login and set the hostname and IP 3) then run puppet, register it with the server and bring in the config 4) configure puppet for automatic start I have to

I testing Puppet 0.19.3. If we decide to use it, we''d deploy it across several thousand hosts. The method described for creating client certificates described in the documentation - running "puppetd --server <server> --waitforcert 60 --test" and "puppetca --sign <client>" - is not practical for our installation. I''ve tried creating

Hi, I was at the Puppet talk at Oscon and I would like to try using Puppet for PXE on RHEL machines and I was wondering if there are standard minimal Kickstart recipes from which Puppet can then take over. Thanks, Jason van Zyl jason at maven.org

Ok, I''m new to puppet, but I''ve got everything working for my setup. Almost. I''m trying to set up a new server, using cobbler, and then puppet. CentOS 6.2 Puppet 2.7.11 Cobbler 2.0.11 I have things set up so I can use kickstart to install the server on boot. It installs puppet and facter from the puppetlabs repos and the snippet

I am looking into alternatives for the initial cert sign for new puppet clients. We will have non-sysadmins kickstarting new hosts, and I am trying to minimize the time they have to wait for a cert sign while maintaining at least a marginally sane level of security. My question is this: does the puppetmaster check that a new cert request for host A (csr with subject "cn=A.mydomain") is

This is the first time is happening... and It happens consecutively with all the hosts. Fresh kickstarted host (never set up before the name so its not on the revocation list), I just run puppetd -tv (we have autosign on), I just get the output below: [root@server182 puppet]# puppetd -tv info: Creating a new SSL key for server182.domain.com warning: peer certificate won''t be verified in

Hello! The FAQ contains an entry about autosigning: http://reductivelabs.com/trac/puppet/wiki/FrequentlyAskedQuestions#why-shouldn-t-i-use-autosign-for-all-my-clients It says: > The certificate itself is stored, so two nodes could not connect with the same CN I tried this (using 0.25.4), and actually, that doesn''t seem to be correct. I was able to run puppetd on two different

Hi, I''m using puppet on EC2 to setup my VMs with the following configuration: # puppetd --version 0.25.5 # uname -a Linux hostname.domain 2.6.16-xenU #1 SMP Mon May 28 03:41:49 SAST 2007 i686 i686 i386 GNU/Linux But I keep facing some timeout from puppetd: warning: peer certificate won''t be verified in this SSL session Exiting; failed to retrieve certificate and waitforcert

Hey All, This is probably a gotcha of some kind. That is to say I''ve missed a configuration somewhere. I''ve recently moved over to using mongrel as the puppet server type and having nginx proxy to one of four mongrel instances. What I''m seeing though is that when I try to run a new node (one that has been created post moving to mongrel/nginx) is that it returns with the

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Puppet 0.25.1 - code name "zoot" - is now available. The 0.25.1 release is a maintenance release in the 0.25.x branch. The release is available at: http://reductivelabs.com/downloads/puppet/puppet-0.25.1.tar.gz http://reductivelabs.com/downloads/gems/puppet-0.25.1.gem Please report issues and feedback via the Reductive Labs Redmine site:

Hi, I would like to use Puppet in the cloud (think gogrid) to configure stem images. Virtual machines are created/destroyed on the fly under control of a load monitor. For this reason we cannot sign manually new Puppet clients, instead, we must use Puppet''s autosign feature. At the moment, Puppet just permits to filter client manifest requests with some regex over the hostname of the

Hi, I am trying to do my first puppet configuration, already installed the puppetserver and client, in this link show my configuration and my puppet structure: http://paste.pocoo.org/show/212227/ But when i run the client side daemon i get this message: info: /Class[main]/Node[basenode]/Class[inittab]/File[inittab]/source: No specified sources exist err:

Hello, I want to use exported resources (namely sshkey) and with the following code, each node gets his own ssh key written into /etc/ssh/ssh_known_hosts, but not the others ones. This is with puppet 0.24.7 on redhat. node ''node1'' { @@sshkey { "node1": type => rsa, key => $sshrsakey } Sshkey <<| |>> } node ''node2'' {

Hi! I''ve installed puppetmaster 2.7.13 on a server with CentOS 6.2 with a rpm supplied by yum.puppetlabs.com. I''ve setup a apache2 vhost with mod_ssl and passenger. The server is configured to autosign the cert requests. The agent installed on the puppetmaster''s server works fine. I''ve a second agent on a server which can sync with the server too. This

I am trying to come up with a workable solution in managing numerous Mac workstations allowing a high degree of flexibility with regards to certs. My puppet environment is setup to application installation on machines that have been ''imaged'' with a base OS and the puppet and facter apps. So, when a Mac is ''imaged'' and subsequently re-booted, puppet is run at

Hi, I am writing scripts for deployment of our software and I am also using MCollective on linux. I hope to use MCollective in order to reduce the requirement of opening a putty session to each VM and running the puppet agent manually the first time (when its registers/ creates keys etc). The problem I see with this is that I need to log in to each machine and install/configure mcollective

Hi, I''ve setup the puppetmaster to start 5 processes each listening on a different port, with an Apache server in front. This works fine for existing clients, however when I try to add a new client (ie. a newly installed machine with no previous puppet configuration) I get this error: err: Could not request certificate: sslv3 alert handshake failure error Any ideas what''s

Hi all, I''m trying to set up puppet 0.24.5 using the packages provided for Mandriva 2009.0. After installing the packages and starting the puppetmaster service for the first time, the relevant CA certificates and keys are generated automatically and placed in subdirectories of $ssldir. However, when I then run puppetd on the same machine thus: $ puppetd --server myhost.mydomain