similar to: failed to retrieve certificate on Amazon EC2

Hi, I''m using Amazon EC2 and I''m planning to use puppet to deploy automatically my instances, however, I have an issue I can''t rely think through. As most people advised, I used a DNS server (bind to be precise) so that my instances can register to it but also ask this DNS Server the IP of the puppetmaster. However, as this DNS server is also running on Amazon EC2

I''ve been going round in circles a little bit in the last few days trying to figure out how to get a 64-bit CentOS-based puppetmaster that can be managed/provisioned via puppet also - so I''d like ruby, passenger, rails etc coming from RPMs and yum. As far as I can see, the three choices are: 1) Puppetlabs prosvc repo, which specifically says it can go away at any time 2)

I testing Puppet 0.19.3. If we decide to use it, we''d deploy it across several thousand hosts. The method described for creating client certificates described in the documentation - running "puppetd --server <server> --waitforcert 60 --test" and "puppetca --sign <client>" - is not practical for our installation. I''ve tried creating

Hi, I''ve just finished James Turnbull book "Pulling Strings With Puppet" - which definitely an excellent introduction to Puppet, and I was wondering - as the book is a couple years old, what was the status of the all mongrel/webrick situation ? I guess it''s still recommended to use Mongrel rather than Webrick for puppetmaster, at least for 0.25.5 (which I''m

Hi: I''m trying to configure Puppet on Ubuntu, and strangely I am never able to generate a certificate because my server never shows any pending certificate requests. Put differently, on the server I am running puppetmasterd and on the client I am able to connect to the server, but the client continues printing notice: Did not receive certificate warning: peer certificate

Hi, I''m building a staging environement and I would like it to be able to redeploy automatically, after each commit - or every hour, some applications. Those applications are right now deployed and set up by puppet. I wonder if I should use puppet to redeploy those applications after each commit, and if I should how trigger, on the puppet, a full redeployement of the application ? --

I am using Puppet 2.7.2 with ruby 1.8.7 (2010-01-10 patchlevel 249) and 64 bit Ubuntu 10.4. I have a Vagrant environment which I have been using for development. In the vagrant environment about 5 minutes is required to run all of the modules used for the configuration I have been developing. When I run exactly the same modules in AWS several hours are required. The Vagrant VM has 1 CPU and 1 GB

Hi. When running "puppetd --server <puppetmaster> --waitforcert 50 --test" on a puppet client we get the following error: /usr/lib/ruby/1.8/net/http.rb:560:in `initialize'': getaddrinfo: Name or service not known (SocketError) from /usr/lib/ruby/1.8/net/http.rb:560:in `open'' from /usr/lib/ruby/1.8/net/http.rb:560:in `connect''

In my puppet client I have puppet.conf defined puppet server as mypuppet server = mypuppet.example.net Not sure why the puppet client puppet-test is still sending these noises to the syslog Jun 10 13:36:23 puppet-test puppetd[10863]: [ID 702911 daemon.error] Could not find server : getaddrinfo: node name or service name not known Jun 10 13:36:23 puppet-test puppetd[10863]: [ID 702911

Hi! I''ve installed puppetmaster 2.7.13 on a server with CentOS 6.2 with a rpm supplied by yum.puppetlabs.com. I''ve setup a apache2 vhost with mod_ssl and passenger. The server is configured to autosign the cert requests. The agent installed on the puppetmaster''s server works fine. I''ve a second agent on a server which can sync with the server too. This

Hi all, I''m doing a new install of my puppet server and I''m doing it like: 1.-) adding epel repo: http://fedoraproject.org/wiki/EPEL/FAQ#howtouse 2.-) yum -y install puppet-server 3.-) rm -rf /etc/puppet 4.-) copy my old puppet conf (from puppet-0.24.5 to 0.24.6) mv /etc/puppet.old /etc/puppet 5.-) start puppetmaster: [gridinstall etc]# /etc/init.d/puppetmaster start

So set up new node, ran on the client puppetd --server puppetmaster --waitforcert 60 --test on the puppetmaster itself I ran puppetca --list saw the hostname and then ran: puppetca --sign hostname.domain.com and on the puppet node itself I went back and ran puppetd -tv and get the following error: err: Could not retrieve catalog from remote server: certificate verify failed warning: Not

Hi All, I am setting up puppetmaster with nginx and passenger and separating the Puppetmaster primary CA server. I have 3 host loadbalancer01 - Nginx doing LB on IP address and also running puppetmaster with passenger under 127.0.0.1 (port 8140). primaryca - Puppetmaster Primary CA pclient - Puppet Client The did the following steps: On Primary CA server: ---------------------------- cd

hi, i''m trying to set up my puppetmaster infrastructure with multiple puppetservers behind load balancers in each of our datacenters. i''m using 0.24.6. i''ve read the howto on puppet scalability, and i think i''ve got the ssl config working correct, but i''m noticing that when puppetd is used to build a puppetmaster, some of the files in $vardir/ ssl

Hi, I was at the Puppet talk at Oscon and I would like to try using Puppet for PXE on RHEL machines and I was wondering if there are standard minimal Kickstart recipes from which Puppet can then take over. Thanks, Jason van Zyl jason at maven.org

Hi all, I''m trying to set up puppet 0.24.5 using the packages provided for Mandriva 2009.0. After installing the packages and starting the puppetmaster service for the first time, the relevant CA certificates and keys are generated automatically and placed in subdirectories of $ssldir. However, when I then run puppetd on the same machine thus: $ puppetd --server myhost.mydomain

I am banging my head against the wall for recently built hosts that are unable to verify the server''s certs. The usual is not working. on the puppet agent machine: find /var/lib/puppet/ssl -type f -delete on puppet master: puppetca --clean <new_host_cert> on agent: puppetd --server puppet --waitforcert 2 --no-daemonize -d -o on puppet master: puppetca --sign

hello, I''ve just added a new client to an existing configuration but cannot get it recognised. Both client and server are running 0.24.5, installed on gentoo linux using portage. This is what I dis: Server: /etc/init.d/puppetmaster start * Starting puppetmaster ... [ ok ] Client: puppetd --test warning: peer certificate won''t be verified in this SSL session notice: Did not

I saw this feature became available in 2.7.0rc1 and wanted to try it out. I entered ''allow_duplicate_certs = true'' on both my master and agent systems in the puppet.conf (not sure if its need in both, saw it in genconf for puppetd and puppetmasterd though ...). I also have autosign.conf configured to allow autosigning for our domain (*.domain.com). I had my agent register with

I am working on setting up a Puppet configuration where some of the data is stored on a DRBD volume. The modules and vardir are stored on the drbd volume. The puppet.conf files point to the drbd volume for vardir. I created a cert for a VIP puppet-master using the puppetca -- create command I had everything working on the primary drbd node, but when I fail over, everything starts up fine, but I