hello ,your steps helped me a lot. I am able to create a failover. now. Thank you very much !
Le jeu. 21 janv. 2021 à 03:57, comport3 <compo...@gmail.com> a écrit : > You will need to enable DNS alt names in your CA config, and issue a few > names per server - likely including a common one shared by all nodes such > as "puppetdb.domain.example". > https://puppet.com/docs/puppetserver/6.12.2/scaling_puppet_server.html => > dns_alt_names > Then you'll need to go through the steps to (re)configure your PuppetDB > SSL setup. This is usually replacing the 'ssl-key', 'ssl-cert' and > 'ssl-ca-cert' defined in your jetty.ini config. > On my local setup this is located under /etc/puppetlabs/puppetdb/ssl/, use > the same permissions as the old setup, then restart the 'puppetdb' services. > On Wednesday, January 20, 2021 at 3:32:54 AM UTC+11 Nerbolff wrote: > >> Hello everyone. for security reasons. we decided to get 2 puppetdb >> servers up and running. there will be a setup with *master* and *slave*. >> >> We thought of using our load balancer to perform this operation. So we >> need a *cname* with a valid self-generated certificate. ie: >> puppetdb.internet.net >> >> >> Here's how I think I'm going to achieve it: >> >> - I generated my puppetdb cert via the puppetca: >> >> $ sudo puppetserver ca generate --certname puppetdb.internet.net >> Successfully saved private key for puppetdb.internet.net to >> /etc/puppetlabs/puppet/ssl/private_keys/puppetdb.internet.net.pem >> Successfully saved public key for puppetdb.internet.net to >> /etc/puppetlabs/puppet/ssl/public_keys/puppetdb.internet.net.pem >> Successfully submitted certificate request for puppetdb.internet.net >> Error: >> Signed certificate puppetdb.internet.net could not be found on the CA >> Successfully signed certificate request for puppetdb.internet.net >> Successfully saved certificate for puppetdb.internet.net to >> /etc/puppetlabs/puppet/ssl/certs/puppetdb.internet.net.pem >> >> >> Then I copied over the freshly selfsigned cert from puppetca to puppetDB. >> I changed the */etc/puppetlabs/puppetdb/conf.d/jetty.ini* like this : >> >> ssl-key = >> /etc/puppetlabs/puppet/ssl/private_keys/puppetdb.internet.net.pem >> ssl-cert = >> /etc/puppetlabs/puppet/ssl/public_keys/puppetdb.internet.net.pem >> ssl-ca-cert = /etc/puppetlabs/puppet/ssl/certs/puppetdb.internet.net.pem >> >> restarting my puppetdb, I get an error about certification >> implementation. error is not clear. java errors >> >> At the end, my goal is to start puppetdb with the certificate >> *puppetdb.internet.net >> <http://puppetdb.internet.net> *loaded. then the puppetmaster didn't >> complain about the puppetca certificate. >> >> Does someone have any idea? >> Thanks. >> > -- > You received this message because you are subscribed to a topic in the > Google Groups "Puppet Users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/puppet-users/qvLBVR1wlzs/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/942f949f-afb8-4fda-8e2b-3ab9cb731095n%40googlegroups.com > <https://groups.google.com/d/msgid/puppet-users/942f949f-afb8-4fda-8e2b-3ab9cb731095n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAM9FioAaW83ZAugpW_c2SW%3D-Aw3gtBYqBeCY4PLrY5Fwu-Gfxg%40mail.gmail.com.
