similar to: Weird SSL problem

Hi, I''m trying to do ssl offload on amazon ELB for my puppetmaster servers, it seems amazon ELB is not sending ssl_client_header & client_verify_header puppetmaster Listen 8141 <VirtualHost *:8141> SSLEngine off DocumentRoot /etc/puppet/rack/puppetmaster_8141/public/ RackBaseURI / <Directory /etc/puppet/rack/puppetmaster_8141/> PassengerEnabled on

Hey all. I am trying to set up puppet for the first time and I am having the following issues. On the client when I run it I get this error. Running puppet agent it should configure itself now /usr/local/lib/ruby/gems/1.9.1/gems/facter-1.6.3/lib/facter/util/config.rb:7: Use RbConfig instead of obsolete and deprecated Config. /usr/local/lib/ruby/1.9.1/rubygems/custom_require.rb:36:in

Bunch of weird stuff after a power failure here this morning. One of my virtual servers, managed through puppet, seems to not be talking to the master any more. And I can''t get it to reconnect. I did puppetca --clean on the master, cleaned off certs on the client, started puppetd manually on the client, and got this: sh-3.2# rm -rf /var/lib/puppet/ssl/ sh-3.2# puppetd --server

Hi All, There is no direct connection between the hosts I am managing and the Puppetmaster. I have added the "http_proxy_host" option to the "[main]" section of the Puppet config file (/etc/puppet/puppet.conf) on the machine to be managed. The proxy server is squid and I had to add the Puppet port to the "Safe_ports" ACL list and also allow usage of the

All, I have --confdir=/etc/puppet/common in my /etc/init.d/puppetmaster and /etc/init.d/puppet files, vardir set to /var/lib/puppet in /etc/puppet/common/puppet.conf, and yet, every time I run puppetca it creates /etc/puppet/ssl. Anyone know why? Doug. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email

Hello List, I have a problem with the CA on my Puppetmaster. This Puppetmaster is connected to different Networks with different sub domainnames. The Puppet clients connecting via different Interfaces. There is no routing between subnets. Only one subnet can connect successfully. This is because the subject in the Certificate is the name of this subnet. All other clients get: Could not

Welcome back again to the Puppet release cycle with the long-awaited eleventy times better RC2 release. The 2.6.0 release is a major feature release and includes a huge variety of new features, fixes, updates and enhancements. These include the complete cut-over from XMLRPC to the REST API, numerous language enhancements, a complete rewrite of the events and reporting system, an internal Ruby

hello, I''ve just added a new client to an existing configuration but cannot get it recognised. Both client and server are running 0.24.5, installed on gentoo linux using portage. This is what I dis: Server: /etc/init.d/puppetmaster start * Starting puppetmaster ... [ ok ] Client: puppetd --test warning: peer certificate won''t be verified in this SSL session notice: Did not

Currently the puppetca CA password is set to ''secret'' How would one go about changing it? I agree with puppetlabs documentation that you should be an SSL expert to implement your own CA. I am not. However I would like to use puppet''s CA PKI infrastructure with ActiveMQ over TLS and it is seems logical to use puppet''s KPI with this for mcollective and

I have a problem I can''t figure out. I was having cert problems with a host - it seemed to have multiple host names (mot likely from dns changes in the past) and all the certs were valid. Although it was giving an error about a cert I could not identify. So I tried: puppetca --revoke hostname puppetca --clean hostname restart puppetmaster puppetca --list --all (host does not show up -

I am working on setting up a Puppet configuration where some of the data is stored on a DRBD volume. The modules and vardir are stored on the drbd volume. The puppet.conf files point to the drbd volume for vardir. I created a cert for a VIP puppet-master using the puppetca -- create command I had everything working on the primary drbd node, but when I fail over, everything starts up fine, but I

So set up new node, ran on the client puppetd --server puppetmaster --waitforcert 60 --test on the puppetmaster itself I ran puppetca --list saw the hostname and then ran: puppetca --sign hostname.domain.com and on the puppet node itself I went back and ran puppetd -tv and get the following error: err: Could not retrieve catalog from remote server: certificate verify failed warning: Not

Hi all puppet-Users, i try to get my first puppet installation up and running. (puppet-0.24.5, ruby-1.8.5) everything works as expected witch puppetmasterd + puppetd on the same machine. but i''ve problems connecting to the puppet-server from any client host. all i get is the error ------------ debug: Calling puppetca.getcert err: Could not call puppetca.getcert:

Hello I have a puppetmasterd installation running on a Mac OS X 10.6.3 Server with puppet installed via macports. Earlier today it was happily signing requests, before I upgraded puppet from 0.24.8 to 0.25.4. Now I get "Invalid argument": bash-3.2# puppetca --sign bouti.carbonplanet.com bouti.carbonplanet.com err: Could not call sign: Invalid argument The only mention I can find on

Oh my god.... what is this? Getting this on first boot of new client. Aug 24 01:11:09 app03 puppet-agent[5392]: Reopening log files Aug 24 01:11:09 app03 puppet-agent[5392]: Could not request certificate: Neither PUB key nor PRIV key:: header too long I stop the client, and remove the ssl directory on the client: [root@app03 puppet]# service puppet stop Stopping puppet:

Hi All, I am setting up puppetmaster with nginx and passenger and separating the Puppetmaster primary CA server. I have 3 host loadbalancer01 - Nginx doing LB on IP address and also running puppetmaster with passenger under 127.0.0.1 (port 8140). primaryca - Puppetmaster Primary CA pclient - Puppet Client The did the following steps: On Primary CA server: ---------------------------- cd

Hi all, Is there a more elegant way to regenerate the Puppet master certificate than what''s described in the CVE-2011-3872 toolkit? > If you can maintain a secondary shell session to the puppet master server, you can start a WEBrick master with puppet master --no-daemonize --verbose and stop it with ctrl-C. > If you prefer to only maintain one shell session, you can start a

Hello folks, I am getting this error on one of the clients, here''s all of the output. It was working on this client and today it stopped working. I cleaned the cert for this client puppetmaster by "puppetca --clean host.domain.com" and I removed the "/var/lib/puppet/ssl" directory so it would get new certs. But I still keep getting the same error as below. I have other

Hi @all, i have a foreman-proxy server, build from scratch, works fine and i can build unattended hosts. I don''t want to configure all my foreman-proxys manually, so i build them in puppet, and only setup the OS (SL) and basic puppet config manually. I can run the puppet configuration sucsessfully, my config is exactly what i want, but i am unable to build unattended hosts anymore,

Hi,,, I have a strange problem when installing puppet client 2.6.3 on a node. I have installed facter-1.3.8-4 and ruby-1.8.6-8. When I start puppetd as a normal user everything behaves normally. A .puppet directory is installed under $HOME and ssl key is installed under $HOME/.puppet/ssl.. I sign the certificat on the puppet master and the client is working fine. However I cannot change