Your message dated Mon, 08 Feb 2010 09:37:55 +0100
with message-id <[email protected]>
and subject line no way to disable ssl
has caused the Debian Bug report #520979,
regarding no way to disable ssl
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
520979: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520979
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: puppetmaster
Version: 0.24.7-2
Severity: wishlist
we had a lot of problems setting up puppet when we first got started, and most
of those were dealing with ssl.
we are now having a problem where we're trying to alleviate the load on our
network. our puppet server is on two subnets and we want our systems to
connect
to the interface on the puppet server that is on the same subnet. when we
specify a specific interface in the puppet clients' puppet.conf, by specifying
"server = hostname" or "server = ip", we get a certification mismatch "hostname
was not match with the server certificate". we've tried a few different
things,
and playing wtih the certname configuration option doesn't help.
we'd really just like a way to disable ssl completely.
-- System Information:
Debian Release: 4.0
APT prefers oldstable
APT policy: (500, 'oldstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.24-etchnhalf.1-686-bigmem
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
--- End Message ---
--- Begin Message ---
tags 520979 + wontfix
thanks
Hello, and thanks for the bug report.
In order to have two puppetmasters with the same name, you will have to
synchronize the SSL CA and certificates, or move the SSL handling to a
load balancing frontend, which distributes requests to backends on
different servers.
You should be able to design your way around this issue, but disabling
the SSL certificate handling is not the way to go.
I'm closing this issue.
--
Stig Sandbeck Mathisen
--- End Message ---
