similar to: SSL issues: Separate CA, multiple load balanced masters

Displaying 20 results from an estimated 10000 matches similar to: "SSL issues: Separate CA, multiple load balanced masters"

2012 Aug 24
1
Getting issues while separating CA and master servers
I am trying to setup a different CA_server and master server. I am following these links : http://bodepd.com/wordpress/?p=7 http://docs.puppetlabs.com/guides/scaling_multiple_masters.html Kindly help as am getting this error info: Retrieving plugin err: /File[/var/opt/lib/pe-puppet/lib]: Failed to generate additional resources using ''eval_generate: SSL_connect returned=1
2011 Jul 08
2
Puppetmaster setup with separate CA server configuration help
Hi All, I am setting up puppetmaster with nginx and passenger and separating the Puppetmaster primary CA server. I have 3 host loadbalancer01 - Nginx doing LB on IP address and also running puppetmaster with passenger under 127.0.0.1 (port 8140). primaryca - Puppetmaster Primary CA pclient - Puppet Client The did the following steps: On Primary CA server: ---------------------------- cd
2011 Oct 12
2
tlsv1 alert - unknown ca!
Hi, I have setup puppet (2.7.5) on 2 different machines on ec2. Puppet master config 1. Ruby - 1.9.3 2. OS - Amazon linux image 3. runs from root user Puppet agent config 1. Ruby - 1.9.3 2. OS - centos 3. runs from root user When i run the agent, it throws an error "unknown ca" (can been seen in tcpdump/server logs) and closes the SSL connection immediately. I tried following things
2008 Nov 10
12
CA_Server woes
I''m having difficulty getting my head around some CA issues My client has: [puppetd] ca_server=puppetca.mydomain.com and puppet resolves to a different machine. when puppet connects, it requests a signature from puppetca.mydomain.combut then on the next pass fails with the following: err: Could not retrieve catalog: Certificates were not trusted: SSL_connect returned=1 errno=0
2012 Aug 13
4
CA and multiple masters
I did a quick look for it but I could not find it. When it comes to puppet masters, is it required to copy the puppet/ssl/ca directory to each puppet master or is there a configuration to make the puppet master not try to generate its own CA if there is a ca_server option specified? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To
2013 Oct 18
1
'eval_generate: SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: tlsv1 alert unknown ca
Hi, ppl I dont know what to do. I configure a new client do sync with my server. the server accept de client_cert without errors and then when i run the "puppet agent -t" agaion i got this error output info: Retrieving plugin err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using ''eval_generate: SSL_connect returned=1 errno=0 state=SSLv3 read server
2012 Aug 21
3
mcollective getaddrinfo: Name or service not known
I''m getting these errors when running ''puppet agent --test'' after doing a new installation of an agent: err: /Stage[main]/Pe_mcollective::Plugins/File[/opt/puppet/libexec/mcollective/mcollective/security/sshkey.rb]/content: change from {md5}512f42272699eaa085c83d2cc67c27ea to {md5}8fa3e9125fd917948445e3d2621d40e5 failed: Could not back up
2011 Jan 13
5
Problem restarting the agent
Just installed Puppet 2.6.4 on Ubuntu 10.10 I was trying to restart the puppet agent but got the following error and the agent didn''t run: $ sudo puppetd --server server.domain.com --waitforcert 60 --test err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed warning: Not using cache on failed
2009 Jun 24
1
puppetrun and certs - CA certdnsnames?
Hi, I''m rolling out a new Puppet install and am having some problems with certs. I''ve googled and read the docs but can''t find anything. Almost all boxes on the network are dual-homed, with a primary network (VLAN, /27 subnet) for public data and an admin/management network for backups and other backend stuff. All hosts have a primary interface on the main network (and
2009 Apr 20
2
CA different than hostname?
I''m trying to setup a puppetmaster, and I''ve got a couple of questions. The first, is a design question. Since I expect to eventually have multiple puppetmaster servers, I''d like to name this one to be named puppet1.example.com. But I''d like my clients to connect via a cname as puppet.example.com. Is this pretty standard? Is there some more common way?
2010 Nov 13
12
certificate verify failed
I am banging my head against the wall for recently built hosts that are unable to verify the server''s certs. The usual is not working. on the puppet agent machine: find /var/lib/puppet/ssl -type f -delete on puppet master: puppetca --clean <new_host_cert> on agent: puppetd --server puppet --waitforcert 2 --no-daemonize -d -o on puppet master: puppetca --sign
2013 Jun 12
4
certificate problem
When I try to connect to my new puppet master, I get an error because of a self-signed certificate: ---snip--- # puppet agent --test --noop Warning: Unable to fetch my node definition, but the agent run will continue: Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA:
2012 Aug 10
3
SSL issues - certificate verify failed
Hello readers, I have this little issue that my puppet client refuses to do anything because of SSL validation errors. Maybe I''ll just post dump of what happens, that makes it clear I hope. Does anyone have a suggestion why that might happen? what I already checked: On the master: - Puppet and puppetmaster is running - Something is listening on Port 8140 (although I cannot
2011 Mar 10
2
Puppet Certificate verify failed
Hello, I am trying to configure a new puppet server on Debian Squeeze, so the server version will be 2.6.2-4. I am trying to configure a client running Lenny, the puppet version is 0.25.4-2 I declare the new client with the command : #puppetd --server puppet.domain.tld --waitforcert 60 --test on the server : #puppetca --sign client.domain.tld When the client finish to execute the first
2013 Nov 01
1
HELP!!! puppet-enterprise-3.1.0-el-6-i386 master/agent test fails
** I installed PE Master on one VM and Agents on two VMs pointing to master . Agent1 VM 64 bit works fine , but agent2 VM 32 bit fails with below error. Only difference is architecture. One more note both the agent nodes were accepted from Dashboard,so master has both the certificates. Any help will be greatly appreciated. puppet-enterprise-3.1.0-el-6-i386]# puppet agent --test Info:
2013 May 17
3
client connection errors: SSL, SNI and DNS_ALT_NAMES Oh My
Hi All, I''ve run into a bit of a tangle. I currently have two puppet masters which are "load balanced" with round robin DNS (one is also the CA). I''m using dns_alt_names to let them each answer to puppet.my.domain.com For the past year this has been fine. About a week ago I tried to add a third & while all my Linux clients are happy with the new arrangement,
2013 Nov 06
1
PuppetMaster and Puppet Client in the same machine
Hi Dears, I am installing the puppetmaster server and puppet client is running in the same machine. When i running : puppet agent --test --waitforcert 30 I received the error : Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using ''eval_generate'': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed:
2012 Feb 27
1
Using puppet cert generate on a client -- why doesn't this work?
I''m running a two headed puppetmaster and have disabled crl''s. Let''s call them the primary and the secondary. The primary and secondary both use the primary as their master. The secondary only is used when the primary isn''t responding (I wrap the puppetd call in cron with a short shell script) I''m managing these ca files on the masters, pushing
2012 Dec 28
1
err: Signing certificate error: Could not render to pson: getaddrinfo: Name or service not known
Hi, I am trying to bootstrap a new agent from my master node as below. puppet node_aws bootstrap \ --region us-east-1 \ --image ami-cc5af9a5 \ --login root \ --keyfile /root/.ssh/private.pem \ --install-script=puppet-enterprise \ --installer-payload=/usr/local/puppet/puppet-2.7.0.tar.gz \ --installer-answers=/usr/local/puppet/agent.txt \ --keyname icos-client \ --type t1.micro Node is created
2013 Jul 03
1
Certificate errors
Hi all, I launched a Puppet service a few month ago and it did function pretty well for some time. Last week, I tried to clean old entries but I think I deleted too much information as I can no more synchronize my clients. I get a certificate error : *[root@REBITPUPPET01 ~]# puppet agent --test Warning: Unable to fetch my node definition, but the agent run will continue: Warning: SSL_connect