Hi Sinux, what version of puppet are you using? There was a bug in this area but it was fixed quite a while ago, in Puppet 3.1.0: https://projects.puppetlabs.com/issues/18161
Can you paste the output of `puppet -tv --debug 2>&1 | grep SRV` it should have some lines like: Debug: Searching for SRV records for domain: dummy.example.com Debug: Found 0 SRV records for: _x-puppet-ca._tcp.dummy.example.com Note that if you already have a signed cert for the host, a CRL and CA certificate, the agent will not contact the CA server. On Thursday, May 12, 2016 at 7:11:17 AM UTC-7, sinux shen wrote: > > hi there, > > I am in the middle of setting multiple master with single CA, if I > statically set: > ca_server = <ca server> > server = <master server> > in puppet.conf, it works well, > > but to make if more smart, I use srv settings, here is my conf: > [main] > vardir = /var/lib/puppet > logdir = /var/log/puppet > rundir = /var/run/puppet > ssldir = $vardir/ssl > use_srv_records = true > srv_domain = mydomain.example.com > > [agent] > listen = true > pluginsync = true > report = true > ignoreschedules = true > daemon = false > classfile = $vardir/classes.txt > > I found that when agent run, it didn't query SRV record like > _x-puppet-ca._tcp for getting CA Server, instead, it assume that "puppet" > is the CA server and trying to talk to it, but in our environment, we don't > use "puppet" as the CA server's hostname, it does tried to resovle > _x-puppet._tcp and _x-puppet-fileserver._tcp though, can anyone please take > a look or give me some hint please. > > BTW, even I specifically set ca_server in the "main" part together with > use_srv_records, it still doesn't work > > Thanks > Sinux > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/53a0b9c4-1480-4e43-88f1-8d772a44f3a5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
