similar to: Puppermaster certificate expired

Hello! The FAQ contains an entry about autosigning: http://reductivelabs.com/trac/puppet/wiki/FrequentlyAskedQuestions#why-shouldn-t-i-use-autosign-for-all-my-clients It says: > The certificate itself is stored, so two nodes could not connect with the same CN I tried this (using 0.25.4), and actually, that doesn''t seem to be correct. I was able to run puppetd on two different

I testing Puppet 0.19.3. If we decide to use it, we''d deploy it across several thousand hosts. The method described for creating client certificates described in the documentation - running "puppetd --server <server> --waitforcert 60 --test" and "puppetca --sign <client>" - is not practical for our installation. I''ve tried creating

Hi, Since upgrading from 0.24 to 0.25, I''ve seen repeatedly puppetd clients just stop when they''re unable to reach the puppetmaster for a while. With the normal logging level, they just seem to stop without writing anything in their log. I''ve seen this with 0.25.1rc1, rc2 and final, which are all of the 0.25.x I''ve tried (always with the same version on

I saw this feature became available in 2.7.0rc1 and wanted to try it out. I entered ''allow_duplicate_certs = true'' on both my master and agent systems in the puppet.conf (not sure if its need in both, saw it in genconf for puppetd and puppetmasterd though ...). I also have autosign.conf configured to allow autosigning for our domain (*.domain.com). I had my agent register with

Hi folks Back again with another head-scratcher... I''m trying to get autosigning to work, and am partially succeeding, but not really... Running puppet v24.4, and not yet ready to upgrade unless I have to On puppetmaster, I have autosign.conf (and puppet.conf indicates autosign = /etc/puppet/autosign.conf, which should be redundant, but, covering that base as I can) In autosign.conf,

Hello All. I read in an earlier post at http://markmail.org/search/?q=autosign+issues#query:autosign%20issues+page:1+mid:we6jrbn7hdjnhrie+state:results that as of puppet v24.4, autosigning did not support IP addresses. I am running v25.5. Is this still the case? Cheers, David -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To

I''ve tried to implement puppetmaster High Availability (mon+heartbeat). Herefore, the puppet client and puppet master are running on both servers. When the puppet client starts up, it generates a certificate, public and private key for the machine it runs on. When the puppet master starts up, it changes something so that the puppet client have no valid certificate anymore (the

I am attempting to move our test puppet installation from looking for node information in a manifest to LDAP. I followed the instructions at: https://reductivelabs.com/trac/puppet/wiki/LdapNodes and was able to get the puppet schema loaded into our LDAP. I can now query LDAP and modify/load data without any issues using the OpenLDAP tools. e.g. ldapsearch -h ldapdev1.domain.com -x

Hey Folks, I''m looking at doing automated provisioning of new servers and am trying to integrate puppet into this process. What I''m wondering though is what the best process for securely registering a new node is. At the moment the first time puppet is run I have to then accept the certificate on the puppetmaster and then run puppet again. What I would like to do is accept the

Hi, I''m using puppet on EC2 to setup my VMs with the following configuration: # puppetd --version 0.25.5 # uname -a Linux hostname.domain 2.6.16-xenU #1 SMP Mon May 28 03:41:49 SAST 2007 i686 i686 i386 GNU/Linux But I keep facing some timeout from puppetd: warning: peer certificate won''t be verified in this SSL session Exiting; failed to retrieve certificate and waitforcert

I''m running puppet 0.24.6 on CentOS 5.2 from a puppetmaster on a virtual server to a variety of client servers both virtual and metal running either CentOS 5.2 or Fedora Core 10. I want to extend this to servers running RHEL 5 (and 6) in the near future. My problem is I have puppet set up with all repositories (mirrored locally using cobbler) included in one file in

Hello... I wanted to be able to startup an EC2 instance with one command and have a fully functioning server without having to shell into each new instance and configure the bits to allow puppet to finish the configuration. Here are some notes I came up with for bootstrapping an ec2 instance with puppet using Ubuntu 10.04. I left out a lot of things about creating and running custom AIM

Hi! I''ve installed puppetmaster 2.7.13 on a server with CentOS 6.2 with a rpm supplied by yum.puppetlabs.com. I''ve setup a apache2 vhost with mod_ssl and passenger. The server is configured to autosign the cert requests. The agent installed on the puppetmaster''s server works fine. I''ve a second agent on a server which can sync with the server too. This

Hi all, I''m doing a new install of my puppet server and I''m doing it like: 1.-) adding epel repo: http://fedoraproject.org/wiki/EPEL/FAQ#howtouse 2.-) yum -y install puppet-server 3.-) rm -rf /etc/puppet 4.-) copy my old puppet conf (from puppet-0.24.5 to 0.24.6) mv /etc/puppet.old /etc/puppet 5.-) start puppetmaster: [gridinstall etc]# /etc/init.d/puppetmaster start

I am trying to come up with a workable solution in managing numerous Mac workstations allowing a high degree of flexibility with regards to certs. My puppet environment is setup to application installation on machines that have been ''imaged'' with a base OS and the puppet and facter apps. So, when a Mac is ''imaged'' and subsequently re-booted, puppet is run at

Can you wildcard a domain for a node name like the following? node ''*.sub.example.com'' { .... } Thanks, Kent

I am looking into alternatives for the initial cert sign for new puppet clients. We will have non-sysadmins kickstarting new hosts, and I am trying to minimize the time they have to wait for a cert sign while maintaining at least a marginally sane level of security. My question is this: does the puppetmaster check that a new cert request for host A (csr with subject "cn=A.mydomain") is

This is the first time is happening... and It happens consecutively with all the hosts. Fresh kickstarted host (never set up before the name so its not on the revocation list), I just run puppetd -tv (we have autosign on), I just get the output below: [root@server182 puppet]# puppetd -tv info: Creating a new SSL key for server182.domain.com warning: peer certificate won''t be verified in

I am finding that the puppetlabs-apache module is somehow adding 30-60 seconds onto a host''s catalog compile time when the puppetmaster has no other hosts contacting or generating catalogs. The Puppetmaster is setup to use Puppet-2.7.18 - Apache & Passenger. RIght now only 2 hosts are even configured to use this new PM, the PM itself and a Foreman host. With neither hosts

Hi, I''ve setup the puppetmaster to start 5 processes each listening on a different port, with an Apache server in front. This works fine for existing clients, however when I try to add a new client (ie. a newly installed machine with no previous puppet configuration) I get this error: err: Could not request certificate: sslv3 alert handshake failure error Any ideas what''s