I think, you need to use master less configuration, it is more robust solution and more suitable for autoscaling env. Just keep puppet and puppet modules on ami or check out on first boot.
On Saturday, May 24, 2014 8:54:04 AM UTC+3, Bad Tux wrote: > > > Wha? > > > Uhm, okay. So I need to solve this problem so that my new instances can > get deployed. Only thing I can think of is to trash the ssl directories on > both the puppet master and all of the clients, and then run puppet again. > Note that all the instances and puppet are in a "puppet" network security > group that was created by CloudFormation, and instances not part of the > "puppet" security group cannot connect to the puppet master, so we *know* > that we're talking to the puppet master, and the puppet master *knows* > we're actual hosts that can talk to it, and besides all of these instances > are inside a virtual private cloud that is inaccessible to the wider > Internet except via port 8080 between the load balancer and the application > instances (again enforced by the security groups mechanism) so there's no > way an outsider could talk to the puppet server anyhow, but... puppet > insists on validating these SSL certificates before letting the instances > talk to it. Even though that's a totally useless exercise given that > Amazon's enforcing the ACL's at the virtual network (firewall) layer to > prevent anybody unauthorized from getting anywhere near that puppet port or > puppet IP address. > > Am I missing a configuration option in the manual to somehow disable SSL > certificate validation? Does everybody add a cron job to their puppet > master to stop the puppetmaster daemon and blow away its SSL directory then > restart it at exactly 12:00AM every day, and the same on the instances at > exactly 12:02AM every day? Or are we the only people on the planet who > actually use Amazon's auto-scaling feature *plus* use Puppet at the same > time? Curious penguins are... curious! > > > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/2daac4c2-18c8-4b90-b144-01524acf200c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
