similar to: Puppet agent hostname/domain change

I am trying to come up with a workable solution in managing numerous Mac workstations allowing a high degree of flexibility with regards to certs. My puppet environment is setup to application installation on machines that have been ''imaged'' with a base OS and the puppet and facter apps. So, when a Mac is ''imaged'' and subsequently re-booted, puppet is run at

Hello a newbie here. The situation is that: 2 machine one master one client Puppet 0.24.5 This my configuration: Client: /etc/puppet/puppetd.conf [puppetd] server = Asus-Vista-Box logdir = /var/log/puppet vardir = /var/lib/puppet rundir = /var/run master /etc/puppet/manifests/classes/sudo.pp class sudo { file { "/etc/sudoers": owner => "root",

hello, I''ve just added a new client to an existing configuration but cannot get it recognised. Both client and server are running 0.24.5, installed on gentoo linux using portage. This is what I dis: Server: /etc/init.d/puppetmaster start * Starting puppetmaster ... [ ok ] Client: puppetd --test warning: peer certificate won''t be verified in this SSL session notice: Did not

Started the discussion in puppet users mailing list based on recommendation from luke. This discussion is to a follow up regarding bug#1955 "Could not find server puppet" - installation/configuration error". jamtur01''s last recommendation: Rather than renaming things try the certname option (see http://reductivelabs.com/trac/puppet/wiki/ConfigurationReference). But

Greetings! As you undoubtedly know, the fixes for CVE 2007-5162 in ruby break installations where puppetca has created certificates with a CommonName different from the server's real hostname. The Puppet clients quite correctly complains about hostname mismatch. A number of better and worse solutions have been suggested for this problem, especially in ticket #896. IMHO, there are two good

I''d like to extend my use of puppet to manage my desktop/notebook macs. As others have noted, the hostname of the mobile machines tends to change frequently, so basing the node name (in my site.pp) and the corresponding cert and private key names seems to be an issue. I seem to recall somewhat talking about this at Puppet Camp last week….. Generally my signing strategy is always to

Hello all, Recently I was asked to start using Puppet as part of our Eucalyptus powered internal cloud. I have been able to set up Puppet and a puppet master on various instances, but what I am running into, is that several of the instances have the same hostname or no hostname when they are first launched, so of course when they try to get a cert from puppetmaster I get an error saying that I

Trying to setup a sandbox environment, and I''m running into some issues. When I run the system in --noop mode, everything works as it should (long list of options truncated to ...): [root@kvm001 ~]# puppetd ... --noop info: Caching catalog at /var/lib/puppet/localconfig.yaml notice: Starting catalog run notice: //dev_server/basenode/role_general/ntpd/File[/etc/localtime]/ensure: is

hi, i''m trying to set up my puppetmaster infrastructure with multiple puppetservers behind load balancers in each of our datacenters. i''m using 0.24.6. i''ve read the howto on puppet scalability, and i think i''ve got the ssl config working correct, but i''m noticing that when puppetd is used to build a puppetmaster, some of the files in $vardir/ ssl

Hi All, I have spent couple of days trying to work-out this problem with not luck. I am working on a Linux Fedora 14. I ssh from the server to the client using teh IP with no problem. Client: # puppetd --server puppet --waitforcert 60 --test --verbose info: Creating a new SSL key for bar03 warning: peer certificate won''t be verified in this SSL session warning: peer certificate

Hi all I''m trying to set up a separate puppet master and client on EC2. I''ve used two instances of CentOS5.4 with nothing other than the base install and have installed puppet via the ruby gems. Puppet is at 2.6.4 on both machines. I''ve been following the guide to get a basic configuration working (http://docs.puppetlabs.com/guides/configuring.html) with a little tweak

Hello Gang, I''m working on scaling my puppet solution, and I''m deploying multiple masters w/ passenger that are going sit behind a load balancer. If anyone is using these type of setup, would you share how you deal with the SSL certs? I''ve been following Bode''s Blog (http://bodepd.com/wordpress/?p=7), and it''s not working to good for me.

Hello everyone, Just getting my first puppet master set up and I am having a problem that I just do not know how to get past. For some reason, my certificate store keeps getting corrupted. Basically what happens is that the server will issue itself a valid certificate (after removing the ''bad'' cert) and will run just fine. When I start puppetDB (I am pretty sure it happens

Hi, I am using the cloud provisioner to bootstrap some ec2 nodes, and these clients are signed using a randomly generated certname, which is put in /etc/puppet.conf at the bootstrap time (eg certname = d7bcd693-73fd-495f-0876-ff91ea11111e). But my puppet code repo also manages the puppet.conf file, so the file will be overwritten on the client at the first puppet run. Nevertheless, i should not

I am banging my head against the wall for recently built hosts that are unable to verify the server''s certs. The usual is not working. on the puppet agent machine: find /var/lib/puppet/ssl -type f -delete on puppet master: puppetca --clean <new_host_cert> on agent: puppetd --server puppet --waitforcert 2 --no-daemonize -d -o on puppet master: puppetca --sign

Hi everyone, I’ve been working on getting puppet set up for our systems for the past week, and all has gone well in learning about writing manifests, but now that I’m ready to set it into production, I realize that it’s still unclear to me exactly how that’s supposed to go. For instance, during testing it has always been that I manually started and stopped puppetd and puppetmasterd on their

Is there a way to force the puppetmaster to resign certificates for existing certificates when a new CSR for the same hostname arrives? When we reinstall freshly formatted clients with puppet (with the same hostname) the puppet client complains: err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it

Hi guys, I''m installing Puppet on RHEL5 systems using KickStart but struggle with the first boot. Here''s my situation: 1) kickstart installs the system, including puppet from our local repo 2) after reboot I have to login and set the hostname and IP 3) then run puppet, register it with the server and bring in the config 4) configure puppet for automatic start I have to

I''ve tried this over and over, and I just cannot get it to work. I''m trying to do a proof of concept on puppet, so I''m using two CentOS 5.3 systems running in VMs on separate hardware (i.e. the two VMs are not on the same physical box). I''ve built the systems from scratch numerous times, and then pulled down puppet from the rpmforge repo. In the course of

What is required to allow running puppetrun as a normal user? The documentation implies that puppetrun has to be run as root to get access to the SSL certificates. What permissions need to be set to allow normal users (or a group of users) to perform puppetrun? Is it possible to create a more-public certificate that can only be used for puppetrun? We could use the ability to have developers