similar to: problems with puppetmaster using intermediate CA cert

Hi, ppl I dont know what to do. I configure a new client do sync with my server. the server accept de client_cert without errors and then when i run the "puppet agent -t" agaion i got this error output info: Retrieving plugin err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using ''eval_generate: SSL_connect returned=1 errno=0 state=SSLv3 read server

Is is possible to have a puppetmaster that is a client of a different puppetmaster? We manage our customers'' server via puppet, but one customer has a puppetmaster server which looks after their internal systems. We''ve tried the following in /etc/puppet/puppet.conf ("customer" and "us" replacing the domain names) on their puppetmaster: [puppetmasterd]

Hi, I''ve been at it for about 4 days now and I just can''t figure it out. I''m getting the following error when running puppet agent on my masters: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed At startup, I''m running ntpdate (I''ve read in a lot of places that this error occurs when date between servers

This might be a crazy idea, but it just popped into my head, and I wanted to know if it''s possible. Perhaps not possible right now, but possible in a theoretical sense. Is it possible that puppet could be modified to be used to manage switches that have a command line based interface? When I manage our Allied Telesis switches (which have a CLI similar to cisco IOS) I wonder if I could

Samba 4.0.5, Debian 6.0 I can successfully perform an ldbsearch on the Samba ldb by specifying the -U parameter: geoffc at test-dc03: ~ $ /usr/local/samba/bin/ldbsearch -H ldap://localhost -U geoffc 'CN=IT' objectClass Password for [STAFF\geoffc]: # record 1 dn: CN=IT,CN=Users,DC=testad2,DC=trinity,DC=unimelb,DC=edu,DC=au objectClass: top objectClass:

Hello readers, I have this little issue that my puppet client refuses to do anything because of SSL validation errors. Maybe I''ll just post dump of what happens, that makes it clear I hope. Does anyone have a suggestion why that might happen? what I already checked: On the master: - Puppet and puppetmaster is running - Something is listening on Port 8140 (although I cannot

Hi all, I ran into the following problem: Until now, i used fqdn as certname (i.e. had no certname defined in puppet.conf, so defaults applied) and everything worked fine. However, I wanted to use tthe short hostname as certname, so I redeployed the puppet.conf file, re-generated the certificates and signed them, and removed the old certificates from the master. Now I have the following status:

Hi Dears, I am installing the puppetmaster server and puppet client is running in the same machine. When i running : puppet agent --test --waitforcert 30 I received the error : Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using ''eval_generate'': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed:

Hello, I''m new to puppet and am getting a puppet server setup with puppet dashboard. I have the puppet server and puppet dashboard (Apache/Passenger) setup and working well with 60+ test nodes working as expected. Only problem is that I have this one error in the logs which I can''t figure out. Jan 26 17:09:41 ppt01 puppet-agent[27357]: Could not retrieve catalog from remote

Hi, I have setup puppet (2.7.5) on 2 different machines on ec2. Puppet master config 1. Ruby - 1.9.3 2. OS - Amazon linux image 3. runs from root user Puppet agent config 1. Ruby - 1.9.3 2. OS - centos 3. runs from root user When i run the agent, it throws an error "unknown ca" (can been seen in tcpdump/server logs) and closes the SSL connection immediately. I tried following things

I am trying to setup a different CA_server and master server. I am following these links : http://bodepd.com/wordpress/?p=7 http://docs.puppetlabs.com/guides/scaling_multiple_masters.html Kindly help as am getting this error info: Retrieving plugin err: /File[/var/opt/lib/pe-puppet/lib]: Failed to generate additional resources using ''eval_generate: SSL_connect returned=1

When I try to connect to my new puppet master, I get an error because of a self-signed certificate: ---snip--- # puppet agent --test --noop Warning: Unable to fetch my node definition, but the agent run will continue: Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA:

Hi, I''m rolling out a new Puppet install and am having some problems with certs. I''ve googled and read the docs but can''t find anything. Almost all boxes on the network are dual-homed, with a primary network (VLAN, /27 subnet) for public data and an admin/management network for backups and other backend stuff. All hosts have a primary interface on the main network (and

Can someone point me to some documentation on scripting samba user and group management from python? I'd much rather not do this via calls out to samba-tool, and if I could do this remotely (via LDAP like calls) I'd be even happier. Cheers, Geoff

Hi Folks, I''m trying to setup a test envoriment which is composed by a puppetmaster running in my laptop (Macos Snow Leopard) and a puppet client running on a EC2 instance at Amazon. In order to allow the client to talk with the master I''m using an SSH Remote port forward, ie I login into from the laptop into the EC2 instance witha "-R 8140:localhost:8140" flag. This

Hi there, We have a fake environment in which we test software and config before rolling it out to prod. Here, we have a fake puppetmasterd running, serving the new config under test. But we''re having trouble with certificates. It is possible to specify via config what fqdn the puppet ca should use for itself? We need this to be a different (faked) fqdn than the real name of the

Bunch of weird stuff after a power failure here this morning. One of my virtual servers, managed through puppet, seems to not be talking to the master any more. And I can''t get it to reconnect. I did puppetca --clean on the master, cleaned off certs on the client, started puppetd manually on the client, and got this: sh-3.2# rm -rf /var/lib/puppet/ssl/ sh-3.2# puppetd --server

I''m getting certificate errors when I attempt to run puppetd on the puppetmaster. As near as I can tell, this is because I''m using the same puppet.conf for both puppetd and puppetmasterd; but puppetmaster runs as user "puppet" and puppetd runs as user "root", yet both expect the certificates to be readable and chmod 600. I tried telling puppetd to use

Hey list, I was having a similar SSL/openLDAP problem to this last week. I had a chance to look at this again today and it still appears to not be working. I called godaddy and had the last cert cancelled and reissued as I had mis-typed the name of the CN on the last one. I am trying to setup a Godaddy turbo SSL certificate with an openLDAP 2.4 server under FreeBSD 8.1. The clients are mainly

I have a problem with puppet on a machine which has public and private IP address. My nodes are on private lan, and hostname of master is FQDN of the public IP. Client''s just cannot connect. Problem which I get is: err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed I''ve added