Re: [Puppet Users] automatic certificate signing for CloudPack
On Mon, Sep 19, 2011 at 4:56 PM, hamoun hamoun...@gmail.com wrote:
Hi All
Despite several tries I have been unable to setup automatic
certificate signing for CloudPack.
This is part of typical output:
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
notice: Did not receive certificate
warning: peer certificate won't be verified in this SSL session
notice: Did not receive certificate
^CCancelling startup
when I run:
puppet node install ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com --
login ec2-user --keyfile x --install-script gems --puppet-version
2.7.3 --debug --certname cloudadmin
Although in the master I can see that the certificate is requested by
client, I couldnt figure out where and how the automatic signing takes
place. I looked into modules/cloud_provisioner/lib/puppet/cloudpack.rb
where install is handled and thought maybe provisioner pulls cert
requests and signs them but I could not find any code or log.
right now, certificate signing is a step that needs to be performed after
the installation script runs.
The controller node (or the node from which you invoke puppet node) should
be authorized to remotely sign certificates
For this, you need to add the following line to the master's auth.conf
path /certificate_status
method save
auth yes
allow #{controller.to_s}
you also need to ensure that auth is set to any on the following config
sections:
# allow access to the master CA
path /certificate/ca
auth any
method find
allow *
path /certificate/
auth any
method find
allow *
path /certificate_request
auth any
method find, save
allow *
Once the controller node has permission to sign certificates, you can run:
puppet certificate sign #{agent_certname} --ca-location remote --mode agent
the bootstrap action should be able to create nodes in ec2, run install and
sign the certs in one action
hope this helps
-Dan
Thank you
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
Join us for PuppetConf http://bit.ly/puppetconfsig, September 22nd and
23rd in Portland, OR.
http://bit.ly/puppetconfsig
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: testing exec
That's it! I was getting lazy and not putting the #! /bin/bash at the
top of the shell script.
This was a pig to pull out tho': when run under the debugger I flushed
out an 'Exec format error', which just didn't make it to the log when
run normally.
Google found the 'Exec format error' on a unix bash blog as a side
comment that 'some scripting languages won't use the shell to run a
script unless you're specific in the source file'.
Good shout David. Disappointing that I had to learn a/ ruby, b/ the
ruby debugger, to pin this down. Do you think that I should record a
bug/feature request that all errors get logged?
On 19 Sep, 16:58, David Douthitt ddouth...@acm.org wrote:
Here's an idea: the first one is probably not run by the shell, as there
is no shell meta-characters in it. The latter three all have shell
meta-characters in them.
I don't know for certain that puppet does it this way, but it is common
to do things in this manner in scripting languages all over the place.
Is this possible?
If this is true, then using any shell meta-character (such as
backquotes, wildcards, pipes, or other things) will cause your script to
succeed.
--
David Douthitt
ddouth...@acm.org
On Monday, September 19, 2011 8:52 AM, Tim Coote
tim.coo...@googlemail.com wrote:
I've clearly not approaching this correctly, so would appreciate some
advice.
I have a trivial shell script to execute. I've whittled this down to a
one line invocation of true. The file is calledtestand has mode 755
I'm testing with:
sudo puppetd --debug --test
I'm using puppet-0.25.5-2.fc15.noarch on the client and
puppet-0.25.5-1.fc14.noarch on the server.
I have anexeccomponent that looks like this:
exec{ initMysql:
cwd = /home/tim/backups,
path = [/usr/bin, /bin],
command = /home/tim/backups/test, # fails
# command = /home/tim/backups/test21, # works
# command = /home/tim/backups/test /tmp/wibble, # works
# command = /home/tim/backups/test2 /tmp/wibble, # works
logoutput = true,
creates = /home/tim/backups/inited,
}
Failure looks like this:
debug: //Node[uranustest]/Exec[initMysql]: Changing returns
debug: //Node[uranustest]/Exec[initMysql]: 1 change(s)
debug: //Node[uranustest]/Exec[initMysql]: Executing '/home/tim/
backups/test'
debug: Executing '/home/tim/backups/test'
err: //Node[uranustest]/Exec[initMysql]/returns: change from notrun to
0 failed: /home/tim/backups/testreturned 1 instead of one of [0] at /
etc/puppet/manifests/nodes.pp:117
An example of success looks like this:
debug: //Node[uranustest]/Exec[initMysql]: Changing returns
debug: //Node[uranustest]/Exec[initMysql]: 1 change(s)
debug: //Node[uranustest]/Exec[initMysql]: Executing '/home/tim/
backups/test21'
debug: Executing '/home/tim/backups/test21'
notice: //Node[uranustest]/Exec[initMysql]/returns: executed
successfully
I'm pretty sure that I shouldn't need to redirect the output to get
the command to work.
Any thoughts?
Tim
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] qualified variables in templates
Hi all,
is there a way for qualifying variables inside a template?
I've tried :
Name = %= ${::hostname} %
but the var gets ${::hostname} value.
thinking in version 2.8, is it needed?
http://docs.puppetlabs.com/guides/scope_and_puppet.html says nothing
about this...
TIA,
Arnau
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Parameterized class of Parameterized classes
Hi all,
is there any problem in creating a parameterized class of parameterized
classes?
something like:
class A ($var1,$var2,$var3) {
class { 'B' :
param = ${var1} ;
'C' :
param = ${var2} ;
'D' :
param = ${var3} ;
}
}
node Z {
class { 'A' :
var1= 'value1',
var2= 'value2',
var3= 'value3',
}
}
This is working fine in my test set (2.7.3), but I'm wondering if this
could cause issues in any way (most probably scope), or there's a
better way for grouping several classes into one (avoiding inheritance).
TIA,
Arnau
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Deployment of applications
This looks fascinating and I'm absolutely going to do some experimentation
with it this week as a way to do some of the awkward deploys that exist. I
love the idea. As a recent 2.7 upgrader I look forward to seeing the faces
version you talk about. I guess today I'll finally get mcollective rolled
out in advance of testing with Puppi. Thanks!
(As for the rest of this thread Volcane convinced me that I was being stupid
and my approach to the problem was wrong and to put the build logic in
Jenkins and keep the deploy logic to package{}.
On Mon, Sep 19, 2011 at 5:01 PM, Alessandro Franceschi a...@lab42.it wrote:
You might be interested in Puppi, which is a Puppet module and a bash
command that i've written exactly for this reason.
Code: https://github.com/example42/puppi
More info: http://www.example42.com (now terribly slow) or
http://puppetlabs.com/blog/deploying-applications-and-bringing-puppet-information-to-the-cli-with-puppi/
It mixes the possibility of defining inside puppet manifests what you
need to make a deploy with a simple command that is actually used to
launch the deploy (by hand, via cron, via mcollective or triggered by
whatever tool).
The deploy procedure (commands to execute) can be totally customized,
but there are some ready examples to deploy from a Nexus repository,
or deploy directly wars, tarballs, zip archives and so on.
In few words, in order to be able to issue a command like:
puppi deploy supersite
you write Puppet code like this:
puppi::project::war { supersite:
source = http://repo.example42.com/deploy/prod/
supersite.war,
deploy_root = /store/tomcat/myapp/webapps,
report_email = sysadm...@example42.com,
}
but you can have more complex arguments like:
puppi::project::maven { supersite:
source = http://nexus.example42.com/nexus/content/
repositories/releases/it/example42/supersite/,
deploy_root = /usr/local/tomcat/supersite/webapps,
config_suffix= cfg,
config_root = /srv/htdocs/supersite,
document_suffix = css,
document_root= /srv/htdocs/supersite,
firewall_src_ip = $site ? {
dr = 192.168.101.1/30,
main= 192.168.1.1/30,
},
backup_retention = 3,
init_script = tomcat,
report_email = sysadm...@example42.com,
enable = true,
}
And, if you need it, there's the mcollective agent and relevant mc-
puppi command.
Hope it might help,
al
On Sep 13, 9:53 pm, Ashley Penney apen...@gmail.com wrote:
I know this has come up on the list numerous times before but I
thought it would be a good time to see if the state of the art has
advanced for this kind of thing. I wanted to know how people are
handling higher level deployment of applications - things that have to
be done repeatedly but not all the time. An example of this is
checking an application out of svn, building it, creating a package
and then moving it off to a repo. Or even just building/installing
locally for developers.
It never seems to fit well into Puppet for me and I end up with crazy
complicated manifests to deal with this kind of thing. I recently
moved these jobs into Rundeck (www.rundeck.org) which works pretty
well but doesn't really leverage any of the stuff I have within
Foreman/Puppet. I've seen suggestions to use mcollective but this
doesn't easily integrate our existing scripts (written in many
languages) or processes and would require me to force a lot of
developers to work differently. I could just have classes that
trigger scripts only when some condition is met (like /.buildapp
files) or something along those lines but nothing seems elegant.
What I'm trying to find out is what other people did to handle this?
I want something I can build up over time and slowly migrate legacy
apps and processes into without having to do a massive up front
development. It should also be relatively simple and not require me
to code anything as anyone on the list who knows me can tell you that
I am absolutely awful at coding.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Custom the puppet CA settings
Hi, I am trying to use my self-signed CA and certificates instead of the built-in CA.That is what I do: create a self-signed CA by openssll issue a certificate for puppet master by CA above then, add the private key files, ca files and pub key files into the folowing location(use the default values) on master server: localcacert hostprivkey hostcert hostpubkey cacert cakey capub Finally, I run 'puppet --test' on the agent,and get the error: err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key Is it possible to use customized CAs instead of the builtin CA?If answer is yes, did I miss some steps for the error above? Sorry for my bad English. Thanks Yunfeng -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Requiring a package to satisfy a provider requirement
On Sep 19, 4:06 pm, Matt matthew.wills...@gmail.com wrote: On Sep 19, 3:52 pm, John Kennedy skeb...@gmail.com wrote: Would it be possible to create a class to install Glassfish and require that class to be fulfilled before? I actually thought that require = Package['glassfish'] would have the desired effect... That's what I was expecting but it fails when it can't find asadmin then if I create a dummy asadmin it files when it can't find passwordfile. Further reading reveals this to be a function of the provider suitability checks. Apparently the use of stages (=2.6) can be used to resolve this, so there's my way forward. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Requiring a package to satisfy a provider requirement
On Sep 20, 1:02 pm, Matthew Willsher matthew.wills...@gmail.com wrote: On Sep 19, 4:06 pm, Matt matthew.wills...@gmail.com wrote: On Sep 19, 3:52 pm, John Kennedy skeb...@gmail.com wrote: Would it be possible to create a class to install Glassfish and require that class to be fulfilled before? I actually thought that require = Package['glassfish'] would have the desired effect... That's what I was expecting but it fails when it can't find asadmin then if I create a dummy asadmin it files when it can't find passwordfile. Further reading reveals this to be a function of the provider suitability checks. Apparently the use of stages (=2.6) can be used to resolve this, so there's my way forward. Sorry to post to my own reply and so soon afterwards, but stages appear not to have resolved this. It seems that the provider tests are done irrespective of stages, so at this point it looks as though it's not possible to use providers that exist as the result of the action of another resource. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] debugging new custom type
Stefan, thanks again for your reply. I'm just trying to get something
working, even if it doesn't actually do anything yet . . .
On Mon, Sep 19, 2011 at 1:48 PM, Stefan Schulte
stefan.schu...@taunusstein.net wrote:
On Thu, Sep 15, 2011 at 04:22:45PM -0400, Guy Matz wrote:
hi! Does anyone have any advice on debugging a new custom type?
Any thoughts would be greatly appreciated . . .
BTW, I'm getting the error:
err: Could not retrieve catalog from remote server: Error 400 on SERVER:
Could not render to pson: undefined method `merge' for []:Array
with some very rough code.
The Type (vncserver.rb):
module Puppet
newtype(:vncserver) do
ensurable
newproperty(:port) do
[...]
newproperty(:username) do
[...]
newproperty(:geometry) do
[...]
end
The Provider (parsed.rb):
[...]
record_line :parsed, :fields = %w{vncservers}, :match =
/^VNCSERVERS=(.*)/
end
You have defined three properties (port, username, geometry) but your
provider is not able to retrieve or write any of these properties. So
how does a line in vncservers actually looks like? How can you get port,
username and geometry of a certain vncserver?
-Stefan
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Requiring a package to satisfy a provider requirement
On Tue, Sep 20, 2011 at 5:27 AM, Matthew Willsher matthew.wills...@gmail.com wrote: On Sep 20, 1:02 pm, Matthew Willsher matthew.wills...@gmail.com wrote: On Sep 19, 4:06 pm, Matt matthew.wills...@gmail.com wrote: On Sep 19, 3:52 pm, John Kennedy skeb...@gmail.com wrote: Would it be possible to create a class to install Glassfish and require that class to be fulfilled before? I actually thought that require = Package['glassfish'] would have the desired effect... That's what I was expecting but it fails when it can't find asadmin then if I create a dummy asadmin it files when it can't find passwordfile. Further reading reveals this to be a function of the provider suitability checks. Apparently the use of stages (=2.6) can be used to resolve this, so there's my way forward. Sorry to post to my own reply and so soon afterwards, but stages appear not to have resolved this. It seems that the provider tests are done irrespective of stages, so at this point it looks as though it's not possible to use providers that exist as the result of the action of another resource. stages were definitely not designed to solve this. It has been a known issue for a while and has a few work-arounds. The pip provider works around this by not using the commands method, and instead implements lazy pip. Another example of a work around if to create a default provider that does nothing except determine suitability, then you can explicitly specify provider = 'real_provider' during compile time you can see an example of this approach in the rabbitmq provider https://github.com/puppetlabs/puppetlabs-rabbitmq -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Join us for PuppetConf http://bit.ly/puppetconfsig, September 22nd and 23rd in Portland, OR. http://bit.ly/puppetconfsig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Custom the puppet CA settings
On Sep 20, 2011, at 3:32 AM, Yunfeng Xu wrote: Hi, I am trying to use my self-signed CA and certificates instead of the built-in CA.That is what I do: create a self-signed CA by openssll issue a certificate for puppet master by CA above then, add the private key files, ca files and pub key files into the folowing location(use the default values) on master server: localcacert hostprivkey hostcert hostpubkey cacert cakey capub Finally, I run 'puppet --test' on the agent,and get the error: err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key Is it possible to use customized CAs instead of the builtin CA?If answer is yes, did I miss some steps for the error above? Sorry for my bad English. your English is fine http://projects.puppetlabs.com/projects/1/wiki/Certificates_And_Security#Manual-CA-Configuration-optional short answer, yes, the problem you are having is described in the 'err' Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet on VPC-Virtual private cloud
On Sep 19, 2011, at 7:20 PM, newguy wrote:
Hi guys
am running puppet clients as Ubuntu machines and am under a VPC, now
the problem is that due to a bug in ubuntu (lets not get in to the bug
details) I cant run apt-get update, upgrade remotely from the new VPC
puppet client but I can connect to my puppetmaster(I have a script
which takes care of that when a new system comes up), so what am
looking for is that when I connect to puppetmaster only one module
(ex: source.list) is pushed to the client which would allow me to
change source.list file and hence I can do update/ upgrade and then
client connects again to master to get all other modules(the
connecting again part is already there).
Is there a way to do it?
Of course there's a way to do that... this is how I handle it.
# cat manifests/nodes.pp
# Note: this is what is installed on the first pass for a new puppet client
node default {
include apt
... irrelevant snip ...
}
# cat modules/apt/manifests/apt.pp
class apt {
include apt::updates
package { apt:
ensure = installed,
}
# Puppet maintained file /etc/apt/sources.list
file{/etc/apt/sources.list:
ensure = present,
owner = root,
group = root,
mode= 0444,
content = template(apt/sources.list.erb),
require = Package[apt],
notify = File[/etc/puppet/deployment_files/apt_update_initiator],
}
}
# cat modules/apt/templates/sources.list.erb
# This file is managed by puppet
#
# MANUAL EDITS OF THIS FILE WILL BE OVERWRITTEN!
#
deb http://archive.ubuntu.com/ubuntu/ %= lsbdistcodename % main restricted
universe multiverse
deb-src http://archive.ubuntu.com/ubuntu/ %= lsbdistcodename % main
restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu/ %= lsbdistcodename %-updates main
restricted universe multiverse
deb-src http://archive.ubuntu.com/ubuntu/ %= lsbdistcodename %-updates main
restricted universe multiverse
deb http://security.ubuntu.com/ubuntu %= lsbdistcodename %-security main
restricted universe multiverse
deb-src http://security.ubuntu.com/ubuntu %= lsbdistcodename %-security main
restricted universe multiverse
#
deb http://archive.canonical.com/ %= lsbdistcodename % partner
deb-src http://archive.canonical.com/ %= lsbdistcodename % partner
# cat modules/apt/manifests/apt_updates.pp
# apt::updates class
#
# Last update 07/20/2011
#
# Craig White
#
# Maintains puppet deployment files executes apt updates/upgrades
#
# Causes clients to 'apt update', 'aptitude safe_upgrade' or 'aptitude
full_upgrade'
# merely by changing the appropriate file. On the client machine, this file is
# in /etc/puppet/deployment_files directory.
#
# On the puppet master, the files that can be twiddled are in
/etc/puppet/modules/apt/files
#
# I have been executing the 'date' command. Example...
#
# date /etc/puppet/modules/apt/files/apt_update_initiator which will cause
all puppet
# client systems to run 'apt-get update' at their next cycle. The plan is to
implement
# a cron script that does this automatically each day.
#
class apt::updates {
include mod_puppet::deployment_files
# Puppet maintained file /etc/puppet/deployment_files/apt_update_initiator
file { /etc/puppet/deployment_files/apt_update_initiator:
source = puppet:///modules/apt/apt_update_initiator,
require = Class[mod_puppet::deployment_files],
ensure = present,
owner = root,
group = root,
mode= 0644,
}
exec { /usr/bin/aptitude update:
refreshonly = true,
subscribe = File[/etc/puppet/deployment_files/apt_update_initiator],
}
# Puppet maintained file
/etc/puppet/deployment_files/apt_safe_upgrade_initiator
file { /etc/puppet/deployment_files//apt_safe_upgrade_initiator:
source = puppet:///modules/apt/apt_safe_upgrade_initiator,
require = [ Class[mod_puppet::deployment_files],
Exec[/usr/bin/aptitude update] ],
ensure = present,
owner = root,
group = root,
mode= 0644,
}
exec { /usr/bin/aptitude -y safe-upgrade:
refreshonly = true,
subscribe =
File[/etc/puppet/deployment_files/apt_safe_upgrade_initiator],
}
# Puppet maintained file
/etc/puppet/deployment_files/apt_full_upgrade_initiator
file { /etc/puppet/deployment_files/apt_full_upgrade_initiator:
source = puppet:///modules/apt/apt_full_upgrade_initiator,
require = [ Class[mod_puppet::deployment_files],
Exec[/usr/bin/aptitude update] ],
ensure = present,
owner = root,
group = root,
mode= 0644,
}
exec { /usr/bin/aptitude -y full-upgrade:
refreshonly = true,
subscribe =
File[/etc/puppet/deployment_files/apt_full_upgrade_initiator],
}
}
Craig
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more
[Puppet Users] Re: troubles with require parametre
Hi is there any news on this topic, did you find a workaround? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/FZaXGxabmpcJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] facter fails to detect network interfaces with long names
I have Gentoo host where `ifconfig -a` prints long interface names truncated to 9 chars (there is closed bug report [1]). Unfortunately, `facter` uses `ifconfig -a` output to get list of interface names and because of truncation it generates `interfaces` fact with incorrect interface names. Also it fails to retrieve individual interface information with following message for each interface with name myinterface: Device myinterfa does not exist. myinterfa: error fetching interface information: Device not found [1]: https://bugs.gentoo.org/show_bug.cgi?id=179920 -- Alex L. Demidov (ALD9-RIPE). http://alexeydemidov.com/ Freelance Consulting. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] facter fails to detect network interfaces with long names
Hi Alex, What happens when you run 'ip addr list' instead? ken. On Tue, Sep 20, 2011 at 6:20 PM, Alex L. Demidov alexeydemi...@gmail.com wrote: I have Gentoo host where `ifconfig -a` prints long interface names truncated to 9 chars (there is closed bug report [1]). Unfortunately, `facter` uses `ifconfig -a` output to get list of interface names and because of truncation it generates `interfaces` fact with incorrect interface names. Also it fails to retrieve individual interface information with following message for each interface with name myinterface: Device myinterfa does not exist. myinterfa: error fetching interface information: Device not found [1]: https://bugs.gentoo.org/show_bug.cgi?id=179920 -- Alex L. Demidov (ALD9-RIPE). http://alexeydemidov.com/ Freelance Consulting. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Join us for PuppetConf, September 22nd and 23rd in Portland, OR: http://bit.ly/puppetconfsig; -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] facter fails to detect network interfaces with long names
On Tue, Sep 20, 2011 at 06:24:40PM +0100, Ken Barber wrote: Hi Alex, What happens when you run 'ip addr list' instead? It shows interface names properly and not truncated. ken. On Tue, Sep 20, 2011 at 6:20 PM, Alex L. Demidov alexeydemi...@gmail.com wrote: I have Gentoo host where `ifconfig -a` prints long interface names truncated to 9 chars (there is closed bug report [1]). Unfortunately, `facter` uses `ifconfig -a` output to get list of interface names and because of truncation it generates `interfaces` fact with incorrect interface names. Also it fails to retrieve individual interface information with following message for each interface with name myinterface: Device myinterfa does not exist. myinterfa: error fetching interface information: Device not found [1]: https://bugs.gentoo.org/show_bug.cgi?id=179920 -- Alex L. Demidov (ALD9-RIPE). http://alexeydemidov.com/ Freelance Consulting. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet installation and configuration (Master and Client)
On Sep 19, 1:40 pm, Jo Rhett jrh...@netconsonance.com wrote: On Sep 19, 2011, at 11:23 AM, Mr. E. wrote: I need latest documentation on how to install and configure Puppet master and Puppet client in CentOS environment. The CentOS version is 5.4 and Puppet version is 0.22.4. Puppet 0.22.4 is quite old. Why don't you enable epel-testing repo and get 2.6.6 from there? There is nothing unique about CentOS, fwiw. Any puppet installation instructions will apply to CentOS. I'm having problem with configuring between the Puppet master and Puppet client. The Puppet master is not seeing the CA certificate of the Puppet client. If you phrased that accurately, you're somewhere off the reservation. The puppet master *IS* the CA for the client's certificate in normal configuration. I suspect you phrased that wrong. Certificate problems are very common FAQ. Lots of pages about this. If you really can't find the answer online, post the exact error you are seeing. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness You can also enable the Puppetlabs yum repo. For CentOS 5 look here, http://yum.puppetlabs.com/el/5/products/. I have a brief writeup on how to build Puppet RPMs, and also have a link to download the 2.6.9 RPM which is the same as the one in that repo. Here, http://itscblog.tamu.edu/creating-your-own-puppet-rpms-part-1/ . - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] facter fails to detect network interfaces with long names
I think this gives a little weight to this ticket for Facter then: http://projects.puppetlabs.com/issues/1346 Although - I don't see a 9 char limitation on Debian Wheezy. Not sure where that patch came from though. I wonder how many other distros suffer from this. Of slightly related interest - I do see a 15 character limit when using 'brctl addbr somelongnamefoo' to create a named interface - and that seems to exist for both ifconfig and ip addr when reading the interfaces. So I'm guessing 15 chars is the kernel limit or perhaps brctl limit :-). ken. On Tue, Sep 20, 2011 at 6:31 PM, Alex L. Demidov alexeydemi...@gmail.com wrote: On Tue, Sep 20, 2011 at 06:24:40PM +0100, Ken Barber wrote: Hi Alex, What happens when you run 'ip addr list' instead? It shows interface names properly and not truncated. ken. On Tue, Sep 20, 2011 at 6:20 PM, Alex L. Demidov alexeydemi...@gmail.com wrote: I have Gentoo host where `ifconfig -a` prints long interface names truncated to 9 chars (there is closed bug report [1]). Unfortunately, `facter` uses `ifconfig -a` output to get list of interface names and because of truncation it generates `interfaces` fact with incorrect interface names. Also it fails to retrieve individual interface information with following message for each interface with name myinterface: Device myinterfa does not exist. myinterfa: error fetching interface information: Device not found [1]: https://bugs.gentoo.org/show_bug.cgi?id=179920 -- Alex L. Demidov (ALD9-RIPE). http://alexeydemidov.com/ Freelance Consulting. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] facter fails to detect network interfaces with long names
On Tue, Sep 20, 2011 at 06:50:25PM +0100, Ken Barber wrote: I think this gives a little weight to this ticket for Facter then: http://projects.puppetlabs.com/issues/1346 Although - I don't see a 9 char limitation on Debian Wheezy. Not sure where that patch came from though. I wonder how many other distros suffer from this. It seems that they (and RHEL/Fedora) patched this long ago. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405521 Of slightly related interest - I do see a 15 character limit when using 'brctl addbr somelongnamefoo' to create a named interface - and that seems to exist for both ifconfig and ip addr when reading the interfaces. So I'm guessing 15 chars is the kernel limit or perhaps brctl limit :-). Luckily all my interface names under 15 chars length. ken. On Tue, Sep 20, 2011 at 6:31 PM, Alex L. Demidov alexeydemi...@gmail.com wrote: On Tue, Sep 20, 2011 at 06:24:40PM +0100, Ken Barber wrote: Hi Alex, What happens when you run 'ip addr list' instead? It shows interface names properly and not truncated. ken. On Tue, Sep 20, 2011 at 6:20 PM, Alex L. Demidov alexeydemi...@gmail.com wrote: I have Gentoo host where `ifconfig -a` prints long interface names truncated to 9 chars (there is closed bug report [1]). Unfortunately, `facter` uses `ifconfig -a` output to get list of interface names and because of truncation it generates `interfaces` fact with incorrect interface names. Also it fails to retrieve individual interface information with following message for each interface with name myinterface: Device myinterfa does not exist. myinterfa: error fetching interface information: Device not found [1]: https://bugs.gentoo.org/show_bug.cgi?id=179920 -- Alex L. Demidov (ALD9-RIPE). http://alexeydemidov.com/ Freelance Consulting. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Alex L. Demidov (ALD9-RIPE). http://alexeydemidov.com/ Freelance Consulting. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet - Update a custom debian pkg
Hello folks,
We're starting using Puppet in our production environment and now
we're with some preformance issues.
For example, we've some large(200MB) recursives directories for
puppet's deploy, and that was totally inefficient. (Minimize recursive
file serving: http://docs.puppetlabs.com/guides/scaling.html).
So we made a test creating our custom debian package (.deb) for our
files and libs. Doing that Puppet don't need to recursively check all
the file's md5sum.
And now we've this catalog :
file { /tmp/my-custom.deb:
ensure = present,
source = puppet:///modules/test/deb/my-custom.deb,
}
package {my-custom:
require = File['/tmp/my-custom.deb'],
ensure = installed,
source = /tmp/my-custom.deb,
provider = dpkg,
}
That way, works great (less than 30 sec), but when updated our custom
package puppet just copy the file and do not execute the dpkg to
install.
How can I achive this goal?
And there is a best way to manage large files?
Can someone indicate me some references of the best deployment
practices (puppet+custom debian or something else) ?
Best regards,
Sidarta Oliveira
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] debugging new custom type
But to answer your question, vncservers file is a little different . . .
there are two type of lines:
1. contains a space-separated list of port and usernames separated by
colons, e.g.:
VNCSERVERS=92:gmatz 44:wsmith
2. contains arguments to be supplied to vncserver, with port number acting
as an aray index, e.g.:
VNCSERVERARGS[92]=-geometry 1280x1024
VNCSERVERARGS[44]=-geometry 1280x1024
I was hoping to parse the vncserver config file using two different type of
record_lines, one for each of the line types . . .
thanks,
guy
On Mon, Sep 19, 2011 at 1:48 PM, Stefan Schulte
stefan.schu...@taunusstein.net wrote:
On Thu, Sep 15, 2011 at 04:22:45PM -0400, Guy Matz wrote:
hi! Does anyone have any advice on debugging a new custom type?
Any thoughts would be greatly appreciated . . .
BTW, I'm getting the error:
err: Could not retrieve catalog from remote server: Error 400 on SERVER:
Could not render to pson: undefined method `merge' for []:Array
with some very rough code.
The Type (vncserver.rb):
module Puppet
newtype(:vncserver) do
ensurable
newproperty(:port) do
[...]
newproperty(:username) do
[...]
newproperty(:geometry) do
[...]
end
The Provider (parsed.rb):
[...]
record_line :parsed, :fields = %w{vncservers}, :match =
/^VNCSERVERS=(.*)/
end
You have defined three properties (port, username, geometry) but your
provider is not able to retrieve or write any of these properties. So
how does a line in vncservers actually looks like? How can you get port,
username and geometry of a certain vncserver?
-Stefan
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: qualified variables in templates
Use something like %= scope.lookupvar('hostname') %
On Sep 20, 11:06 am, Arnau Bria arnaub...@pic.es wrote:
Hi all,
is there a way for qualifying variables inside a template?
I've tried :
Name = %= ${::hostname} %
but the var gets ${::hostname} value.
thinking in version 2.8, is it
needed?http://docs.puppetlabs.com/guides/scope_and_puppet.htmlsays nothing
about this...
TIA,
Arnau
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: qualified variables in templates
There's also more documentation on using puppet specific methods in
templates at http://docs.puppetlabs.com/guides/templating.html
On Tue, Sep 20, 2011 at 11:53 AM, Alessandro Franceschi a...@lab42.it wrote:
Use something like %= scope.lookupvar('hostname') %
On Sep 20, 11:06 am, Arnau Bria arnaub...@pic.es wrote:
Hi all,
is there a way for qualifying variables inside a template?
I've tried :
Name = %= ${::hostname} %
but the var gets ${::hostname} value.
thinking in version 2.8, is it needed?
http://docs.puppetlabs.com/guides/scope_and_puppet.htmlsays nothing
about this...
TIA,
Arnau
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
Adrien Thebo
Puppet Labs Operations
adr...@puppetlabs.com
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet - Update a custom debian pkg
Use apt
On Sep 20, 2011 11:24 AM, Sidarta sidarta...@gmail.com wrote:
Hello folks,
We're starting using Puppet in our production environment and now
we're with some preformance issues.
For example, we've some large(200MB) recursives directories for
puppet's deploy, and that was totally inefficient. (Minimize recursive
file serving: http://docs.puppetlabs.com/guides/scaling.html).
So we made a test creating our custom debian package (.deb) for our
files and libs. Doing that Puppet don't need to recursively check all
the file's md5sum.
And now we've this catalog :
file { /tmp/my-custom.deb:
ensure = present,
source = puppet:///modules/test/deb/my-custom.deb,
}
package {my-custom:
require = File['/tmp/my-custom.deb'],
ensure = installed,
source = /tmp/my-custom.deb,
provider = dpkg,
}
That way, works great (less than 30 sec), but when updated our custom
package puppet just copy the file and do not execute the dpkg to
install.
How can I achive this goal?
And there is a best way to manage large files?
Can someone indicate me some references of the best deployment
practices (puppet+custom debian or something else) ?
Best regards,
Sidarta Oliveira
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Review of new type provider
Hello, I'm new to both Ruby and Puppet. Puppet is fantastic - loving it so far. I created a new type provider (of parsed file type) for modifying newsyslog.conf files and am hoping some folks would be willing to review it to make sure there are no glaring mistakes or perhaps some shortcuts or language features I've missed since I'm new to both. Any input would be welcome. Either email directly or just comment on the gist if it gets to be off topic: https://gist.github.com/1230749 How often do new types/providers make it into the base system? Should one pursue that avenue (or perhaps the puppet modules project?). Thanks for any assistence or guidance, - Jesse -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] facter fails to detect network interfaces with long names
All, I put in a request to have the gentoo bug reopened and see if we can apply the same patch that the other distributions used. Thanks, Matt On Tue, Sep 20, 2011 at 11:16 AM, Alex L. Demidov alexeydemi...@gmail.com wrote: On Tue, Sep 20, 2011 at 06:50:25PM +0100, Ken Barber wrote: I think this gives a little weight to this ticket for Facter then: http://projects.puppetlabs.com/issues/1346 Although - I don't see a 9 char limitation on Debian Wheezy. Not sure where that patch came from though. I wonder how many other distros suffer from this. It seems that they (and RHEL/Fedora) patched this long ago. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405521 Of slightly related interest - I do see a 15 character limit when using 'brctl addbr somelongnamefoo' to create a named interface - and that seems to exist for both ifconfig and ip addr when reading the interfaces. So I'm guessing 15 chars is the kernel limit or perhaps brctl limit :-). Luckily all my interface names under 15 chars length. ken. On Tue, Sep 20, 2011 at 6:31 PM, Alex L. Demidov alexeydemi...@gmail.com wrote: On Tue, Sep 20, 2011 at 06:24:40PM +0100, Ken Barber wrote: Hi Alex, What happens when you run 'ip addr list' instead? It shows interface names properly and not truncated. ken. On Tue, Sep 20, 2011 at 6:20 PM, Alex L. Demidov alexeydemi...@gmail.com wrote: I have Gentoo host where `ifconfig -a` prints long interface names truncated to 9 chars (there is closed bug report [1]). Unfortunately, `facter` uses `ifconfig -a` output to get list of interface names and because of truncation it generates `interfaces` fact with incorrect interface names. Also it fails to retrieve individual interface information with following message for each interface with name myinterface: Device myinterfa does not exist. myinterfa: error fetching interface information: Device not found [1]: https://bugs.gentoo.org/show_bug.cgi?id=179920 -- Alex L. Demidov (ALD9-RIPE). http://alexeydemidov.com/ Freelance Consulting. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Alex L. Demidov (ALD9-RIPE). http://alexeydemidov.com/ Freelance Consulting. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Custom the puppet CA settings
Hi, Craig I know your meaning,but it seems not working. These are my steps: 1. Run puppetca --clean vmsz014 on the master to remove certificate. vmsz014 is the agent. 2. Rerun puppetd --test on the vmsz014 agent, but I still got the same err: err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key I guess there must be something wrong that can't be simply resolved by removing the old certificate. On Tue, Sep 20, 2011 at 11:40 PM, Craig White craig.wh...@ttiltd.comwrote: On Sep 20, 2011, at 3:32 AM, Yunfeng Xu wrote: Hi, I am trying to use my self-signed CA and certificates instead of the built-in CA.That is what I do: create a self-signed CA by openssll issue a certificate for puppet master by CA above then, add the private key files, ca files and pub key files into the folowing location(use the default values) on master server: localcacert hostprivkey hostcert hostpubkey cacert cakey capub Finally, I run 'puppet --test' on the agent,and get the error: err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key Is it possible to use customized CAs instead of the builtin CA?If answer is yes, did I miss some steps for the error above? Sorry for my bad English. your English is fine http://projects.puppetlabs.com/projects/1/wiki/Certificates_And_Security#Manual-CA-Configuration-optional short answer, yes, the problem you are having is described in the 'err' Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Custom the puppet CA settings
Hi Yunfeng, I implemented a ca that works with puppet. (including putting the right file into right places). Somewhere here: http://code.google.com/p/cloudcrv/source/browse/trunk/CRV/crv/model/centos5_puppet_clientmaker.py You might need to dig around a bit. But most of the stuff are in this file and the crvclient folder. Cheers, Yushu +-+ | Yushu Yao | Ph:1-510-486-4690 | | Lawrence Berkeley National Lab | Mailstop 50B-6222 | 1 Cyclotron Road | Berkeley CA 94720-8147 - USA +-+ On Tue, Sep 20, 2011 at 8:34 PM, Yunfeng Xu hyw...@gmail.com wrote: Hi, Craig I know your meaning,but it seems not working. These are my steps: 1. Run puppetca --clean vmsz014 on the master to remove certificate. vmsz014 is the agent. 2. Rerun puppetd --test on the vmsz014 agent, but I still got the same err: err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key I guess there must be something wrong that can't be simply resolved by removing the old certificate. On Tue, Sep 20, 2011 at 11:40 PM, Craig White craig.wh...@ttiltd.comwrote: On Sep 20, 2011, at 3:32 AM, Yunfeng Xu wrote: Hi, I am trying to use my self-signed CA and certificates instead of the built-in CA.That is what I do: create a self-signed CA by openssll issue a certificate for puppet master by CA above then, add the private key files, ca files and pub key files into the folowing location(use the default values) on master server: localcacert hostprivkey hostcert hostpubkey cacert cakey capub Finally, I run 'puppet --test' on the agent,and get the error: err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key Is it possible to use customized CAs instead of the builtin CA?If answer is yes, did I miss some steps for the error above? Sorry for my bad English. your English is fine http://projects.puppetlabs.com/projects/1/wiki/Certificates_And_Security#Manual-CA-Configuration-optional short answer, yes, the problem you are having is described in the 'err' Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
