On Tue, Mar 6, 2012 at 11:20 PM, Gonzalo Servat <gser...@gmail.com> wrote: > Hi All, > > I tried to implement a second Puppet server as a "staging" server with the > idea of being able to run puppet in dry run mode against this staging > server.
As other have suggested, environments might be an easier way to do this. > I ran into some SSL trouble. When I point at the staging server, I get > various SSL related errors and I assume it's because the ca cert is > different. I can get around it by clearing /var/lib/puppet/ssl and > regenerating/signing the certificate, but I have to do the same thing when I > go back to the production server which is not what I was hoping for. The issue here is you are running two puppet master with two different self signed CA. If you intend all puppet agents to connect to both system, only run CA on one master and configure the second master ca=false. Generate the second master's cert on the CA server with the appropriate dns_alt_name: puppet cert -g secondmaster --dns_alt_name='secondmaster,secondmaster.foo.lan' Copy this cert to the appropriate location on your secondary puppet master. All puppet agent should configure puppet_ca to the master running ca, and they should be able to connect to both server. Thanks, Nan -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
