similar to: Failed SSL with CNAME'd puppetserver

Hi, I have a the annoying problem that the puppet master cannot connect to itself. It fails with: puppet# puppetd --test err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read finished A: tlsv1 alert decrypt error History: I have had this problem on our old puppet server: puppet.domain.com. It was annoying but not critical. Recently I built a new

Hello All, I don''t seem to be able to get reports to display on the foreman interface. I copied extras/puppet/foreman/files/foreman-report.rb to / usr/lib/ruby/site_ruby/1.8/puppet/reportsforeman.rb, instead of /usr/ lib/ruby/1.8/puppet/reports/foreman.rb. Config: Centos5.4, Apache/ Passenger, Puppet 0.25.4. The reports are coming from the clients, because I can see them in

I''m trying to setup a puppetmaster, and I''ve got a couple of questions. The first, is a design question. Since I expect to eventually have multiple puppetmaster servers, I''d like to name this one to be named puppet1.example.com. But I''d like my clients to connect via a cname as puppet.example.com. Is this pretty standard? Is there some more common way?

Hi I am reading and configuring puppet in relation to http://reductivelabs.com/trac/puppet/wiki/UsingMongrelOnEnterpriseLinux The question I have is in relation to the ssl certificates generated the first time the puppetmaster service is run and the ability to use a CNAME. If the host that i am running the puppetmaster on is server.example.com and i want to use puppet.example.com as a CNAME that

I am working on setting up a Puppet configuration where some of the data is stored on a DRBD volume. The modules and vardir are stored on the drbd volume. The puppet.conf files point to the drbd volume for vardir. I created a cert for a VIP puppet-master using the puppetca -- create command I had everything working on the primary drbd node, but when I fail over, everything starts up fine, but I

Hello Folks! I am trying to learn puppet. Installed the puppet 3.0.2 and configured one node as the master and the other as the client. Generated the certs and all that. But, I seem to be doing something wrong wrt to the init.pp file. Attached is exact error and my current server configuration. Any help in helping me fix this issue is appreciated: *[root@pupclient ~]# puppet agent --test*

I have a single LB running Apache with mod_proxy in front of a Puppet master. These are the LB and Puppet master configs: <Proxy balancer://puppetmaster> BalancerMember http://192.168.1.10:8140 </Proxy> Listen 8140 <VirtualHost *:8140> SSLEngine on SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite

Hello Gang, I''m working on scaling my puppet solution, and I''m deploying multiple masters w/ passenger that are going sit behind a load balancer. If anyone is using these type of setup, would you share how you deal with the SSL certs? I''ve been following Bode''s Blog (http://bodepd.com/wordpress/?p=7), and it''s not working to good for me.

I''m running a two headed puppetmaster and have disabled crl''s. Let''s call them the primary and the secondary. The primary and secondary both use the primary as their master. The secondary only is used when the primary isn''t responding (I wrap the puppetd call in cron with a short shell script) I''m managing these ca files on the masters, pushing

Hi everyone, I’ve been working on getting puppet set up for our systems for the past week, and all has gone well in learning about writing manifests, but now that I’m ready to set it into production, I realize that it’s still unclear to me exactly how that’s supposed to go. For instance, during testing it has always been that I manually started and stopped puppetd and puppetmasterd on their

Hi, I am using puppet from last 2-3 months, I want to know about how puppet internally handles request from puppet client, sequentially or parallel execution as in Puppet Enterprise - Orchestration. Is There ant way of providing facility like orchestration-mcollective in puppet? Can we apply manifest on multiple machine at same instatnce in Open source puppet? -- You received this message

Hi! I''m testing Puppet 2.6 and got all the basic stuff working with the default webricks. I read that it doesn''t scale very well and is not suited for production environments and the recommended setup is Apache/ Passenger. Is there a step-by-step-guide on how to set it up? Any help is very appreciated. Regards, Freddie -- You received this message because you are subscribed

Hello everyone, I am new to puppet. I have installed on redhat Enterprise 5and seems to be working fine. Couple days ago I was testing some permissions on / etc folder and applied 600 /etc and sub folders. Although I have reverted the permission but I am having issues on puppetmaster. Currently I have these permission on etc 755 and puppet folder: my /etc folder is 755 and puppet folder with tese

Hi @all, after upgrading my puppet server to Puppet 3.0 I got the following error every time a client connect to the server: [ pid=1532 thr=70147393710520 file=utils.rb:176 time=2012-10-08 11:17:56.504 ]: *** Exception NoMethodError in PhusionPassenger::Rack::ApplicationSpawner (undefined method `settings'' for Puppet:Module) (process 1532, thread #<Thread:0x7f98ecf7d370>):

I recently aquired a Verisign SSL certificate for my web server on Centos 4, with apache 2.0.59 from centosplus. It however doesn't seem to be working the way I've set it up, browsers connect but are told the certiticate is not recognized. Showing more info, the information looks correct. I think it has probably to do with the fact that I'm using the certificate on a virtual

We have discovered a security vulnerability (“AltNames Vulnerability”) whereby a malicious attacker can impersonate the Puppet master using credentials from a Puppet agent node. This vulnerability cannot cross Puppet deployments, but it can allow an attacker with elevated privileges on one Puppet-managed node to gain control of any other Puppet-managed node within the same infrastructure. All

hi, i''m trying to set up my puppetmaster infrastructure with multiple puppetservers behind load balancers in each of our datacenters. i''m using 0.24.6. i''ve read the howto on puppet scalability, and i think i''ve got the ssl config working correct, but i''m noticing that when puppetd is used to build a puppetmaster, some of the files in $vardir/ ssl

# cat /etc/redhat-release CentOS release 6.4 (Final) # puppet --version 3.2.3 # rpm -q puppetdb puppetdb-1.3.2-1.el6.noarch I am now receiving "Not collecting exported resources without storeconfigs" for my opsview module. It was working fine on puppet 2.7 with Activerecord/MySQL. I am still new to puppetdb so maybe I am missing something. This is from puppet.conf: storeconfigs

I''m getting these errors when running ''puppet agent --test'' after doing a new installation of an agent: err: /Stage[main]/Pe_mcollective::Plugins/File[/opt/puppet/libexec/mcollective/mcollective/security/sshkey.rb]/content: change from {md5}512f42272699eaa085c83d2cc67c27ea to {md5}8fa3e9125fd917948445e3d2621d40e5 failed: Could not back up

Hello, Everybody! I need to allow my developers to run a special script on QA servers and nowhere else. I put this sort of thing in place: class app-server { packages: foo:; bar:; baz:; if $environment == ''qa'' { file { ''a'': content => ... } } which feels kinda kludgey to me. Is there a better way to handle unique cases like this