thanks Jason. Didn't realize I didn't post it as a new thread. Have a good one.
On Friday, October 26, 2012 4:44:30 PM UTC-4, jwright wrote: > > We don't run that configuration on Corp Puppet servers; we change > ca_server. > > You may have better luck if you ask on puppet-users. > > https://groups.google.com/forum/?fromgroups#!forum/puppet-users > > Thanks, > Jason > > On Fri, Oct 26, 2012 at 1:06 PM, ryan wallner > <[email protected]<javascript:>> > wrote: > > > > HI all, > > > > I am currently setting up a HA devops configuration using puppet. I want > to be able to run a single puppet master as the CA and the rest act as > peering puppet masters. I have each puppet master running on passenger and > I am proxying the SSL requests to the CA server following: > > > > > http://docs.puppetlabs.com/guides/scaling_multiple_masters.html#option-2-redirect-certificate-traffic > > > http://docs.puppetlabs.com/guides/passenger.html > > > > as a reference. > > > > Watching the access.log on each master, when an agent requests a cert > from a puppetmaster that is not the CA, I can see the request forwarded: > (below) > > > > .4 is the agent > > .3 us the master proxying the request > > puppetca is the acting CA for all masters > > > > Here is the what logs in access.log for the puppetmaster that is NOT the > CA. > > ubuntu-pupmaster1:8140 192.168.192.4 - - [26/Oct/2012:15:32:36 -0400] > "GET /production/certificate/agent-hostname? HTTP/1.1" 200 2245 "-" "-" > > > > Here is what logs in the master which IS the CA > > puppetca:8140 192.168.192.3 - - [26/Oct/2012:15:32:33 -0400] "GET /" 400 > 588 "-" "-" > > > > Here is what I am receiving on the Agents end. > > warning: peer certificate won't be verified in this SSL session > > err: Could not request certificate: No content type in http response; > cannot parse > > > > Attached are the config files for the vhost for the masters, labeled CA > and NONCA. Also attached are the config.ru for the rack app and > httpd.conf whre the proxy balancer is specified. > > > > Any help is appreciated. I just started debugging but feedback is > appreciated if anyone has ideas. > > > > -r > > > > > > > > -- > > You received this message because you are subscribed to the Google > Groups "Puppet Users" group. > > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/7ws4VMcUxE8J. > > To post to this group, send email to > > [email protected]<javascript:>. > > > To unsubscribe from this group, send email to > [email protected] <javascript:>. > > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > > > > -- > "Life was better when sun4m mattered." -Thom > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/LoRsdlHusE4J. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
