On 23/09/14 17:11, Nate Wolfe wrote: > We are thrilled to announce the preview release of Puppet Server, our > newest open source project. > Puppet Server is a next-generation alternative to our current Puppet > master, which builds on the > successful Clojure technology stack underlying projects like PuppetDB. > > Packages are available in the Puppet Labs package repositories, so you > can try it out today as a > drop-in replacement for the existing Puppet master.
Very neat, it works well as a drop-in replacement. The only hitch I've had was with the Foreman report processor, which makes an HTTPS connection to Apache with mod_ssl. On new OSes with modern mod_ssl versions (e.g. EL7 or Ubuntu 14.04), the report processor fails to make an HTTPS connection from the JVM with the error: 2014-09-26 08:56:09,984 ERROR [puppet-server] Report processor failed: Could not send report to Foreman at https://foreman.example.com/api/reports: Could not generate DH keypair ["sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1287)", ...] This is a well-known problem between JVM clients and recent mod_ssl versions, as the DH prime length supported by the JVM is limited. Adding the DH parameter limits to the server's certificate worked around the problem. http://httpd.apache.org/docs/current/ssl/ssl_faq.html#javadh Java 8 worked slightly better in that it accepts 2048 bit parameters, but the default combination is still a problem. I guess it might affect others using HTTPS from the master. -- Dominic Cleal Red Hat Engineering -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-dev/54253A9A.3040306%40redhat.com. For more options, visit https://groups.google.com/d/optout.
