Well, this is frustrating. Let's say I have two puppet masters, where one is active, and the other is a hot stand by. Obviously each is going to have a different FQDN. Everything will work fine when the client talks to the server that signed it's certificate. However, after a failover to the secondary master, it's all going to fail because the FQDN of the master will not match.
I've been searching around, reading the mailing list, and am surprised to find very little information on this. The new "Pro Puppet" book skims over this detail. You'd think they'd have some proof it before selling it. Anyway, someone suggested just using a DNS alias, but that doesn't seem to work. If my master is called hpma01p1, and the ssl certs are created in the default manner, when I create a DNS alias, and my client talks to hpma01p1 by using 'puppet', it still fails: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key I know that there's a 'certname' option but it looks like it's only valid in the [agent], not the master section. How do I do this? Doug. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
