similar to: CA and multiple masters

Hello All, I require some help for creating multiple puppetmaster with separate Puppet CA server. I followed the steps given in the link below for creating a separate CA server http://bodepd.com/wordpress/?p=7 My requirement is to create 2 Puppetmasters running nginx and unicorn which will be loadbalanced via RR DNS with a separate single Puppet CA server only for issuing and signing

Hi, I''ve been at it for about 4 days now and I just can''t figure it out. I''m getting the following error when running puppet agent on my masters: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed At startup, I''m running ntpdate (I''ve read in a lot of places that this error occurs when date between servers

Hey all, after installing the 3.0.0 version of puppet (debian package from puppetlabs), doing the initial config, doing an initial start of master to generate the certs needed and then starting apache with passenger to control puppetmaster. I can do: puppet ca list --all and get a listing of the certs in the system (initially only the master). afterwards, on the client node, I run: puppet

I am trying to setup a different CA_server and master server. I am following these links : http://bodepd.com/wordpress/?p=7 http://docs.puppetlabs.com/guides/scaling_multiple_masters.html Kindly help as am getting this error info: Retrieving plugin err: /File[/var/opt/lib/pe-puppet/lib]: Failed to generate additional resources using ''eval_generate: SSL_connect returned=1

Hello everyone, Just getting my first puppet master set up and I am having a problem that I just do not know how to get past. For some reason, my certificate store keeps getting corrupted. Basically what happens is that the server will issue itself a valid certificate (after removing the ''bad'' cert) and will run just fine. When I start puppetDB (I am pretty sure it happens

In my puppet client I have puppet.conf defined puppet server as mypuppet server = mypuppet.example.net Not sure why the puppet client puppet-test is still sending these noises to the syslog Jun 10 13:36:23 puppet-test puppetd[10863]: [ID 702911 daemon.error] Could not find server : getaddrinfo: node name or service name not known Jun 10 13:36:23 puppet-test puppetd[10863]: [ID 702911

I am wondering how to manually (using openssl instead of puppet cert command) create CA that would be usable by Puppet? The goal would be to script creation of such CA''s to deploy them on multiple puppetmasters, instead of certificates being created on them via puppet cert command. Any ideas on how to do it? I was only able to find something like that:

HI all, I am currently setting up a HA devops configuration using puppet. I want to be able to run a single puppet master as the CA and the rest act as peering puppet masters. I have each puppet master running on passenger and I am proxying the SSL requests to the CA server following: http://docs.puppetlabs.com/guides/scaling_multiple_masters.html#option-2-redirect-certificate-traffic

I have a single LB running Apache with mod_proxy in front of a Puppet master. These are the LB and Puppet master configs: <Proxy balancer://puppetmaster> BalancerMember http://192.168.1.10:8140 </Proxy> Listen 8140 <VirtualHost *:8140> SSLEngine on SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite

I''m having difficulty getting my head around some CA issues My client has: [puppetd] ca_server=puppetca.mydomain.com and puppet resolves to a different machine. when puppet connects, it requests a signature from puppetca.mydomain.combut then on the next pass fails with the following: err: Could not retrieve catalog: Certificates were not trusted: SSL_connect returned=1 errno=0

How do I initiate a certificate request without going into non-daemon mode ? According to "Pro Puppet" book, so far the only way I know that can trigger a certficate request with puppet master is like this puppet agent --server=puppetmaster.test.com --no-daemonize --verbose but doing so will break my intention of automation I need to create a puppet client package. A control-C is

Hi, I''ve created two Nginx patches (see at the end of this message) to allow a simpler Nginx configuration for your Mongrel puppetmasters. The two main issues with Nginx in front of puppet were: * no CRL support * no optional certificate verification (and thus we''re forced to have two separate configs on two different ports, and to use --ca_port). Now, it is as simple as

Hello, Running into a problem when wanting to daemon-ize the agent. It doesnt seems to do anything: - cannot find any daemon process with (ps aux | grep puppet) - the config is not updated after editing some params on the master - /var/log/puppet stay empty... while, when logged as root, it is working without issue with $puppet agent --test. ##Conf Ubuntu 12.04 Puppet 2.7.11 ## Daemon is

Hi, I''m new to Puppet, but it looks very good, so far. We are going to use it for a multi-tier (DEV, QA, staging, production) environment which is consists of web, app, and database servers. I have a couple of suggestions for the Puppet documentation that may save others some time. First, it seems node names MUST be FQDNs (hostname and hostname. will not work). Since we are not using

Hello All, I''m using the "Branch Testing" approach documented at https://reductivelabs.com/trac/puppet/wiki/BranchTesting and am seeing an issue with certificates. On all clients, I can run puppetd --masterport=8141 successfully but see the following error when I run against the default (8140) port: err: Could not retrieve configuration: Certificates were not trusted:

Ok, I''m new to puppet, but I''ve got everything working for my setup. Almost. I''m trying to set up a new server, using cobbler, and then puppet. CentOS 6.2 Puppet 2.7.11 Cobbler 2.0.11 I have things set up so I can use kickstart to install the server on boot. It installs puppet and facter from the puppetlabs repos and the snippet

Hello, As the 2.7 branch doesn''t seem to be available for RHEL4 (yes I know EOS next week) am trying to use a 2.6.11 client for our new Puppet infrastructure to replace the creaking one we have now. The POC setup is all running behind an F5 with a pair of CA''s and seperate pool of Puppet Masters. RHEL5/6 clients running 2.7.9 work fine. The older version on RHEL4 gives me SSL

Hello Gang, I''m working on scaling my puppet solution, and I''m deploying multiple masters w/ passenger that are going sit behind a load balancer. If anyone is using these type of setup, would you share how you deal with the SSL certs? I''ve been following Bode''s Blog (http://bodepd.com/wordpress/?p=7), and it''s not working to good for me.

Hello, Attempting to setup a CA primary/standby as well as seperate puppetmaster servers (all running Apache/Passenger) behind another Apache/Passenger type load balancer. Clients are not getting certs:- err: Could not request certificate: Could not intern from s: nested asn1 error Clearly an SSL issue but not something I know a great deal about. loadbalancer.conf # Puppet Load Balancing

Hello all, Recently I was asked to start using Puppet as part of our Eucalyptus powered internal cloud. I have been able to set up Puppet and a puppet master on various instances, but what I am running into, is that several of the instances have the same hostname or no hostname when they are first launched, so of course when they try to get a cert from puppetmaster I get an error saying that I