We don't run that configuration on Corp Puppet servers; we change ca_server.
You may have better luck if you ask on puppet-users. https://groups.google.com/forum/?fromgroups#!forum/puppet-users Thanks, Jason On Fri, Oct 26, 2012 at 1:06 PM, ryan wallner <[email protected]> wrote: > > HI all, > > I am currently setting up a HA devops configuration using puppet. I want to > be able to run a single puppet master as the CA and the rest act as peering > puppet masters. I have each puppet master running on passenger and I am > proxying the SSL requests to the CA server following: > > http://docs.puppetlabs.com/guides/scaling_multiple_masters.html#option-2-redirect-certificate-traffic > http://docs.puppetlabs.com/guides/passenger.html > > as a reference. > > Watching the access.log on each master, when an agent requests a cert from a > puppetmaster that is not the CA, I can see the request forwarded: (below) > > .4 is the agent > .3 us the master proxying the request > puppetca is the acting CA for all masters > > Here is the what logs in access.log for the puppetmaster that is NOT the CA. > ubuntu-pupmaster1:8140 192.168.192.4 - - [26/Oct/2012:15:32:36 -0400] "GET > /production/certificate/agent-hostname? HTTP/1.1" 200 2245 "-" "-" > > Here is what logs in the master which IS the CA > puppetca:8140 192.168.192.3 - - [26/Oct/2012:15:32:33 -0400] "GET /" 400 588 > "-" "-" > > Here is what I am receiving on the Agents end. > warning: peer certificate won't be verified in this SSL session > err: Could not request certificate: No content type in http response; cannot > parse > > Attached are the config files for the vhost for the masters, labeled CA and > NONCA. Also attached are the config.ru for the rack app and httpd.conf whre > the proxy balancer is specified. > > Any help is appreciated. I just started debugging but feedback is appreciated > if anyone has ideas. > > -r > > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/7ws4VMcUxE8J. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. -- "Life was better when sun4m mattered." -Thom -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
