Re: [Puppet Users] Re: puppetdb failover - implement ca self signed

2021-01-22 Thread Renato 
hello ,your steps helped me a lot. I am able to create a failover. now.
Thank you very much !

Le jeu. 21 janv. 2021 à 03:57, comport3  a écrit :

> You will need to enable DNS alt names in your CA config, and issue a few
> names per server - likely including a common one shared by all nodes such
> as "puppetdb.domain.example".
> https://puppet.com/docs/puppetserver/6.12.2/scaling_puppet_server.html =>
> dns_alt_names
> Then you'll need to go through the steps to (re)configure your PuppetDB
> SSL setup. This is usually replacing the 'ssl-key', 'ssl-cert' and
> 'ssl-ca-cert' defined in your jetty.ini config.
> On my local setup this is located under /etc/puppetlabs/puppetdb/ssl/, use
> the same permissions as the old setup, then restart the 'puppetdb' services.
> On Wednesday, January 20, 2021 at 3:32:54 AM UTC+11 Nerbolff wrote:
>
>> Hello everyone. for security reasons. we decided to get 2 puppetdb
>> servers up and running. there will be a setup with *master* and *slave*.
>>
>> We thought of using our load balancer to perform this operation. So we
>> need a *cname* with a valid self-generated certificate. ie:
>> puppetdb.internet.net
>>
>>
>> Here's how I think I'm going to achieve it:
>>
>>- I generated my puppetdb cert via the puppetca:
>>
>> $ sudo puppetserver ca generate --certname puppetdb.internet.net
>> Successfully saved private key for puppetdb.internet.net to
>> /etc/puppetlabs/puppet/ssl/private_keys/puppetdb.internet.net.pem
>> Successfully saved public key for puppetdb.internet.net to
>> /etc/puppetlabs/puppet/ssl/public_keys/puppetdb.internet.net.pem
>> Successfully submitted certificate request for puppetdb.internet.net
>> Error:
>> Signed certificate puppetdb.internet.net could not be found on the CA
>> Successfully signed certificate request for puppetdb.internet.net
>> Successfully saved certificate for puppetdb.internet.net to
>> /etc/puppetlabs/puppet/ssl/certs/puppetdb.internet.net.pem
>>
>>
>> Then I copied over the freshly selfsigned cert from puppetca to puppetDB.
>>  I changed the */etc/puppetlabs/puppetdb/conf.d/jetty.ini* like this :
>>
>> ssl-key =
>> /etc/puppetlabs/puppet/ssl/private_keys/puppetdb.internet.net.pem
>> ssl-cert =
>> /etc/puppetlabs/puppet/ssl/public_keys/puppetdb.internet.net.pem
>> ssl-ca-cert = /etc/puppetlabs/puppet/ssl/certs/puppetdb.internet.net.pem
>>
>> restarting my puppetdb, I get an error about certification
>> implementation.  error is not clear. java errors
>>
>> At the end,  my goal is to start puppetdb with the certificate 
>> *puppetdb.internet.net
>>  *loaded. then the puppetmaster didn't
>> complain about the puppetca certificate.
>>
>> Does someone have any idea?
>> Thanks.
>>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Puppet Users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/puppet-users/qvLBVR1wlzs/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/942f949f-afb8-4fda-8e2b-3ab9cb731095n%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAM9FioAaW83ZAugpW_c2SW%3D-Aw3gtBYqBeCY4PLrY5Fwu-Gfxg%40mail.gmail.com.

Re: [Puppet Users] CustomFacts: Can we pass the credentials in custom facts in secure way?

2021-01-22 Thread 'Dan White' via Puppet Users 
Have you considered “orapwd” ?
https://docs.oracle.com/database/121/ADMIN/dba.htm#ADMIN12478
___
Dan White : d_e_wh...@icloud.com
“Sometimes I think the surest sign that intelligent life exists elsewhere in 
the universe is that none of it has tried to contact us.” 
Bill Waterson (Calvin & Hobbes)

> On Jan 22, 2021, at 3:02 AM, Vinay Korrapati  wrote:
> 
> 
> puppet enterprise : 2019.8.1
> Oracle: 12c
> 
> On Friday, January 22, 2021 at 1:10:42 PM UTC+5:30 Vinay Korrapati wrote:
> Hi Team,
> 
> Can we pass the credentials in custom facts in secure way?
> 
> Use case : I have to write a fact which , executes a Query on Oracle DB's and 
> returns the output. 
> 
> To execute the query it requires the credentials ($oralogin). 
> Eg:
> 
> $OracleUserName="username"
> $OraclePassword="password"
> $OraLogin = "$OracleUserName/$OraclePassword@" + $oraInstance + " as sysdba"
> 
> $Query | sqlplus -silent $OraLogin
> 
> Any thoughts/suggestions to pass the credentials in secure way ?
> 
> Regards
> Vinay
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users+unsubscr...@googlegroups.com 
> .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/149bea7f-2cf8-4e38-8fd6-225b34e90912n%40googlegroups.com
>  
> .

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/878F026D-4F0B-4970-8AC1-CDB9086462CF%40icloud.com.

[Puppet Users] Re: CustomFacts: Can we pass the credentials in custom facts in secure way?

2021-01-22 Thread Vinay Korrapati 

puppet enterprise : 2019.8.1
Oracle: 12c

On Friday, January 22, 2021 at 1:10:42 PM UTC+5:30 Vinay Korrapati wrote:

> Hi Team,
>
> Can we pass the credentials in custom facts in secure way?
>
> *Use case : *I have to write a fact which , executes a Query on Oracle 
> DB's and returns the output. 
>
> To execute the query it requires the credentials ($oralogin). 
> Eg:
>
> $OracleUserName="username"
> $OraclePassword="password"
>
> $OraLogin = "$OracleUserName/$OraclePassword@" + $oraInstance + " as sysdba"
>
> $Query | sqlplus -silent $OraLogin
>
> Any thoughts/suggestions to pass the credentials in secure way ?
>
> Regards
> Vinay
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/149bea7f-2cf8-4e38-8fd6-225b34e90912n%40googlegroups.com.