similar to: SSL issues: Separate CA, multiple load balanced masters

I am trying to setup a different CA_server and master server. I am following these links : http://bodepd.com/wordpress/?p=7 http://docs.puppetlabs.com/guides/scaling_multiple_masters.html Kindly help as am getting this error info: Retrieving plugin err: /File[/var/opt/lib/pe-puppet/lib]: Failed to generate additional resources using ''eval_generate: SSL_connect returned=1

Hi All, I am setting up puppetmaster with nginx and passenger and separating the Puppetmaster primary CA server. I have 3 host loadbalancer01 - Nginx doing LB on IP address and also running puppetmaster with passenger under 127.0.0.1 (port 8140). primaryca - Puppetmaster Primary CA pclient - Puppet Client The did the following steps: On Primary CA server: ---------------------------- cd

Hi, I have setup puppet (2.7.5) on 2 different machines on ec2. Puppet master config 1. Ruby - 1.9.3 2. OS - Amazon linux image 3. runs from root user Puppet agent config 1. Ruby - 1.9.3 2. OS - centos 3. runs from root user When i run the agent, it throws an error "unknown ca" (can been seen in tcpdump/server logs) and closes the SSL connection immediately. I tried following things

I''m having difficulty getting my head around some CA issues My client has: [puppetd] ca_server=puppetca.mydomain.com and puppet resolves to a different machine. when puppet connects, it requests a signature from puppetca.mydomain.combut then on the next pass fails with the following: err: Could not retrieve catalog: Certificates were not trusted: SSL_connect returned=1 errno=0

I did a quick look for it but I could not find it. When it comes to puppet masters, is it required to copy the puppet/ssl/ca directory to each puppet master or is there a configuration to make the puppet master not try to generate its own CA if there is a ca_server option specified? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To

Hi, ppl I dont know what to do. I configure a new client do sync with my server. the server accept de client_cert without errors and then when i run the "puppet agent -t" agaion i got this error output info: Retrieving plugin err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using ''eval_generate: SSL_connect returned=1 errno=0 state=SSLv3 read server

I''m getting these errors when running ''puppet agent --test'' after doing a new installation of an agent: err: /Stage[main]/Pe_mcollective::Plugins/File[/opt/puppet/libexec/mcollective/mcollective/security/sshkey.rb]/content: change from {md5}512f42272699eaa085c83d2cc67c27ea to {md5}8fa3e9125fd917948445e3d2621d40e5 failed: Could not back up

Just installed Puppet 2.6.4 on Ubuntu 10.10 I was trying to restart the puppet agent but got the following error and the agent didn''t run: $ sudo puppetd --server server.domain.com --waitforcert 60 --test err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed warning: Not using cache on failed

Hi, I''m rolling out a new Puppet install and am having some problems with certs. I''ve googled and read the docs but can''t find anything. Almost all boxes on the network are dual-homed, with a primary network (VLAN, /27 subnet) for public data and an admin/management network for backups and other backend stuff. All hosts have a primary interface on the main network (and

I''m trying to setup a puppetmaster, and I''ve got a couple of questions. The first, is a design question. Since I expect to eventually have multiple puppetmaster servers, I''d like to name this one to be named puppet1.example.com. But I''d like my clients to connect via a cname as puppet.example.com. Is this pretty standard? Is there some more common way?

I am banging my head against the wall for recently built hosts that are unable to verify the server''s certs. The usual is not working. on the puppet agent machine: find /var/lib/puppet/ssl -type f -delete on puppet master: puppetca --clean <new_host_cert> on agent: puppetd --server puppet --waitforcert 2 --no-daemonize -d -o on puppet master: puppetca --sign

When I try to connect to my new puppet master, I get an error because of a self-signed certificate: ---snip--- # puppet agent --test --noop Warning: Unable to fetch my node definition, but the agent run will continue: Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA:

Hello readers, I have this little issue that my puppet client refuses to do anything because of SSL validation errors. Maybe I''ll just post dump of what happens, that makes it clear I hope. Does anyone have a suggestion why that might happen? what I already checked: On the master: - Puppet and puppetmaster is running - Something is listening on Port 8140 (although I cannot

Hello, I am trying to configure a new puppet server on Debian Squeeze, so the server version will be 2.6.2-4. I am trying to configure a client running Lenny, the puppet version is 0.25.4-2 I declare the new client with the command : #puppetd --server puppet.domain.tld --waitforcert 60 --test on the server : #puppetca --sign client.domain.tld When the client finish to execute the first

** I installed PE Master on one VM and Agents on two VMs pointing to master . Agent1 VM 64 bit works fine , but agent2 VM 32 bit fails with below error. Only difference is architecture. One more note both the agent nodes were accepted from Dashboard,so master has both the certificates. Any help will be greatly appreciated. puppet-enterprise-3.1.0-el-6-i386]# puppet agent --test Info:

Hi All, I''ve run into a bit of a tangle. I currently have two puppet masters which are "load balanced" with round robin DNS (one is also the CA). I''m using dns_alt_names to let them each answer to puppet.my.domain.com For the past year this has been fine. About a week ago I tried to add a third & while all my Linux clients are happy with the new arrangement,

Hi Dears, I am installing the puppetmaster server and puppet client is running in the same machine. When i running : puppet agent --test --waitforcert 30 I received the error : Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using ''eval_generate'': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed:

I''m running a two headed puppetmaster and have disabled crl''s. Let''s call them the primary and the secondary. The primary and secondary both use the primary as their master. The secondary only is used when the primary isn''t responding (I wrap the puppetd call in cron with a short shell script) I''m managing these ca files on the masters, pushing

Hi, I am trying to bootstrap a new agent from my master node as below. puppet node_aws bootstrap \ --region us-east-1 \ --image ami-cc5af9a5 \ --login root \ --keyfile /root/.ssh/private.pem \ --install-script=puppet-enterprise \ --installer-payload=/usr/local/puppet/puppet-2.7.0.tar.gz \ --installer-answers=/usr/local/puppet/agent.txt \ --keyname icos-client \ --type t1.micro Node is created

Hi all, I launched a Puppet service a few month ago and it did function pretty well for some time. Last week, I tried to clean old entries but I think I deleted too much information as I can no more synchronize my clients. I get a certificate error : *[root@REBITPUPPET01 ~]# puppet agent --test Warning: Unable to fetch my node definition, but the agent run will continue: Warning: SSL_connect