Displaying 20 results from an estimated 40000 matches similar to: "Backup/restore certificates after new puppetmaster installation"
2006 Oct 18
19
Creating client certificates
I testing Puppet 0.19.3. If we decide to use it, we''d deploy it
across several thousand hosts. The method described for creating
client certificates described in the documentation - running
"puppetd --server <server> --waitforcert 60 --test" and "puppetca
--sign <client>" - is not practical for our installation. I''ve
tried creating
2007 Dec 08
6
Creating certificates with puppetca with puppet.example.com as CommonName
Greetings!
As you undoubtedly know, the fixes for CVE 2007-5162 in ruby break
installations where puppetca has created certificates with a CommonName
different from the server's real hostname. The Puppet clients quite correctly
complains about hostname mismatch.
A number of better and worse solutions have been suggested for this problem,
especially in ticket #896. IMHO, there are two good
2011 Jul 08
2
Puppetmaster setup with separate CA server configuration help
Hi All,
I am setting up puppetmaster with nginx and passenger and separating
the Puppetmaster primary CA server. I have 3 host
loadbalancer01 - Nginx doing LB on IP address and also running
puppetmaster with passenger under 127.0.0.1 (port 8140).
primaryca - Puppetmaster Primary CA
pclient - Puppet Client
The did the following steps:
On Primary CA server:
----------------------------
cd
2006 Nov 02
6
certificate not trusted
Hello,
I try to install puppet on freebsd 6.X. All is well but i cannot get
the certificte to install and be recognized. I run .19.3.
I run the puppetd --test --waitforcert 60
then sign
and then i got:
err: No certificate; running with reduced functionality.
info: Creating a new SSL key at
/usr/local/.aqadmin/puppet/conf/ssl/private_keys/xxxxxxxxxxxxxx.pem
info: Creating a new certificate
2008 Jan 02
4
Puppetmaster doesn''t know itself
I restarted puppetmasterd and it announced that the Cert does not match
existing key !
[root@puppet ~]# puppetmasterd --verbose --no-daemonize
info: Starting server for Puppet version 0.24.1
info: mount[files]: allowing 10.100.0.0/16 access
info: mount[files]: allowing *.gridapp.com access
info: mount[files]: allowing *.dev.gridapp.com access
info: Retrieving existing certificate for
2011 Nov 02
5
Puppet certificate
I''m running in circles with this issue... I accidentally did a ''puppetca --clean --all'' and lost all certificates. I was able to get the puppetmaster running and re-created certificates for the client system, but I get the following error:
warning: peer certificate won''t be verified in this SSL session
info: Caching certificate for w0f.lagged.com
info:
2008 Nov 10
12
CA_Server woes
I''m having difficulty getting my head around some CA issues
My client has:
[puppetd]
ca_server=puppetca.mydomain.com
and puppet resolves to a different machine.
when puppet connects, it requests a signature from
puppetca.mydomain.combut then on the next pass fails with the
following:
err: Could not retrieve catalog: Certificates were not trusted: SSL_connect
returned=1 errno=0
2008 Dec 04
4
puppetmaster built via puppetd
hi,
i''m trying to set up my puppetmaster infrastructure with multiple
puppetservers behind load balancers in each of our datacenters. i''m
using 0.24.6. i''ve read the howto on puppet scalability, and i think
i''ve got the ssl config working correct, but i''m noticing that when
puppetd is used to build a puppetmaster, some of the files in $vardir/
ssl
2011 Mar 24
3
err: Could not retrieve catalog from remote server: certificate verify failed
So set up new node, ran on the client
puppetd --server puppetmaster --waitforcert 60 --test
on the puppetmaster itself I ran
puppetca --list
saw the hostname
and then ran:
puppetca --sign hostname.domain.com
and on the puppet node itself I went back and ran puppetd -tv
and get the following error:
err: Could not retrieve catalog from remote server: certificate verify failed
warning: Not
2007 Oct 09
9
puppetca is unable to sign certificate
Hi - I a ran puppetd -vt against a brand newly build host (which is
what I normally do for a new host) and got the usual message:
err: No certificate; running with reduced functionality.
info: Creating a new certificate request for sega-dev-1.
info: Requesting certificate
On the puppetmaster, I then list the waiting host with: puppetca
--list then sign the key. In this case, I decided that the
2010 Dec 22
3
Using Puppet's client certificates for Apache, SSLVerifyClient
Hi -
I read up on this subject quite a bit, and was able to find a few
posts on the mailing list, even found a wiki article. Unfortunately
it doesn''t quite address what I''m looking to do.
From what I understand, Puppet''s client/server authentication system -
using SSL - is portable. I believe that I should be able to use the
same SSL certificates and keys (and even
2009 Jun 10
2
Moving to new puppetmaster - certificates
Unfortunately I haven''t been able to find anything in the docs...
I just built a new puppetmaster to replace my testing install on an old
box. The hostname is different, and obviously the master certificates
are different. What needs to be done to the clients to get them to play
nice with the new box?
Thanks,
Jason Antman
--~--~---------~--~----~------------~-------~--~----~
You
2010 Nov 13
12
certificate verify failed
I am banging my head against the wall for recently built hosts that
are unable to verify the server''s certs. The usual is not working.
on the puppet agent machine:
find /var/lib/puppet/ssl -type f -delete
on puppet master:
puppetca --clean <new_host_cert>
on agent:
puppetd --server puppet --waitforcert 2 --no-daemonize -d -o
on puppet master:
puppetca --sign
2010 Apr 21
3
revoked host can't be re-added?
I have a problem I can''t figure out. I was having cert problems with a
host - it seemed to have multiple host names (mot likely from dns
changes in the past) and all the certs were valid. Although it was
giving an error about a cert I could not identify. So I tried:
puppetca --revoke hostname
puppetca --clean hostname
restart puppetmaster
puppetca --list --all
(host does not show up -
2008 May 27
12
Puppetting the puppetmaster problems
Hi,
installing puppet at my first site was quite easy (not w/o problems,
but still). At the second site, I''ve run into something more serious.
First things first - I install puppetmaster on existing server, used
to keep LDAP db (my puppetmaster DOES NOT use LDAP, it just tries to
coexist on the same machine). The thing is, I need to puppet this
baby, so I''m running into a
2010 Feb 12
3
Problems with certs
Trying to setup a sandbox environment, and I''m running into some issues.
When I run the system in --noop mode, everything works as it should (long
list of options truncated to ...):
[root@kvm001 ~]# puppetd ... --noop
info: Caching catalog at /var/lib/puppet/localconfig.yaml
notice: Starting catalog run
notice:
//dev_server/basenode/role_general/ntpd/File[/etc/localtime]/ensure: is
2008 Nov 19
2
Could not request certificate: Certificate does not match private key
hello,
I''ve just added a new client to an existing configuration but cannot
get it recognised. Both client and server are running 0.24.5,
installed on gentoo linux using portage.
This is what I dis:
Server:
/etc/init.d/puppetmaster start
* Starting
puppetmaster ...
[ ok ]
Client:
puppetd --test
warning: peer certificate won''t be verified in this SSL session
notice: Did not
2007 Nov 02
5
Odd SSL Error
I have one puppet complaining -
Could not retrieve configuration: Certificates were not trusted: block
type is not 01
Puppetmaster and puppet''s are CentOS 4.5 and I use the Lutter rpms of
23.2, anyone ever see this?
Thx
Tim
2009 Sep 03
2
Even the "Simplest Puppet Install Recipe" apparently isn't simple enough
I''ve tried this over and over, and I just cannot get it to work.
I''m trying to do a proof of concept on puppet, so I''m using two CentOS
5.3 systems running in VMs on separate hardware (i.e. the two VMs are
not on the same physical box). I''ve built the systems from scratch
numerous times, and then pulled down puppet from the rpmforge repo.
In the course of
2009 Nov 13
2
Multihomed puppet-server Multidomain SSL Problem
Hello List,
I have a problem with the CA on my Puppetmaster. This Puppetmaster is
connected to different Networks with different sub domainnames. The Puppet
clients connecting via different Interfaces. There is no routing between
subnets. Only one subnet can connect successfully. This is because the
subject in the Certificate is the name of this subnet. All other clients get:
Could not