Re: [Puppet Users] Cannot make autosign works
Hi, On Wed, May 12, 2010 at 07:35:18PM -0700, Eric wrote: I'm a first time user of puppet and I'm playing around with it using Amazone EC2 instances in order to learn it. The OS is Ubuntu 10.04 server and puppet version is 0.25.4. Right now I'm facing a hard time to make autosign feature work. You may wanna have a look at the blog series [1] I wrote about using Ubuntu images in EC2. I've outlined an architecture to not use auto signing on the puppetmaster. [1]: http://ubuntumathiaz.wordpress.com/2010/03/25/using-puppet-in-uecec2-automating-the-signing-process/ -- Mathias Gug Ubuntu Developer http://www.ubuntu.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Cannot make autosign works
On Thu, May 13, 2010 at 6:04 AM, Mathias Gug math...@ubuntu.com wrote: Hi, On Wed, May 12, 2010 at 07:35:18PM -0700, Eric wrote: I'm a first time user of puppet and I'm playing around with it using Amazone EC2 instances in order to learn it. The OS is Ubuntu 10.04 server and puppet version is 0.25.4. Right now I'm facing a hard time to make autosign feature work. You may wanna have a look at the blog series [1] I wrote about using Ubuntu images in EC2. I've outlined an architecture to not use auto signing on the puppetmaster. [1]: http://ubuntumathiaz.wordpress.com/2010/03/25/using-puppet-in-uecec2-automating-the-signing-process/ Essentially by making your own specialized alternative autosigner, yes :) We (Mattias, I, others) were all talking about this Monday, our consenus was that we're going to consider making a way to teach the autosigner to accept the name of an external script (much akin to external_nodes) that could be called to decide whether or not to autosign a certain cert. In any event, if you can't get basic autosign to work, the above would be no easier -- I would suggest starting with what Dan had said and let us know where you get from there. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Cannot make autosign works
Hi Folks, I'm a first time user of puppet and I'm playing around with it using Amazone EC2 instances in order to learn it. The OS is Ubuntu 10.04 server and puppet version is 0.25.4. Right now I'm facing a hard time to make autosign feature work. I'd like to make the master autosign any client from amazon AWS. For that I create an /etc/puppet/autosign.conf file with only one line containing *.compute-1.internal and the started the puppetmaster using sudo puppetmasterd -v --no-daemonize . The client connects to the server but no signed certificate is delivered. At the serve I got a message saying: info: Could not find certificate for 'domu-12-31-38-04- b0-28.compute-1.internal' I also tried adding autosign=true and autosign=/etc/puppet/ autosign.conf under [puppetmasterd] section in /etc/puppet/ puppet.conf, but no luck so far. What am I doing wrong here? One think I was considering is that at some point I might messed up with the server certificate. Not sure. Does a sudo puppetca --clean -- all remove the master certificate? Best regards, Cheers, -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Cannot make autosign works
On Wed, May 12, 2010 at 7:35 PM, Eric epaschoal...@gmail.com wrote: Hi Folks, I'm a first time user of puppet and I'm playing around with it using Amazone EC2 instances in order to learn it. The OS is Ubuntu 10.04 server and puppet version is 0.25.4. Right now I'm facing a hard time to make autosign feature work. I'd like to make the master autosign any client from amazon AWS. For that I create an /etc/puppet/autosign.conf file with only one line containing *.compute-1.internal and the started the puppetmaster using sudo puppetmasterd -v --no-daemonize . The client connects to the server but no signed certificate is delivered. At the serve I got a message saying: info: Could not find certificate for 'domu-12-31-38-04- b0-28.compute-1.internal' I also tried adding autosign=true and autosign=/etc/puppet/ autosign.conf under [puppetmasterd] section in /etc/puppet/ puppet.conf, but no luck so far. What am I doing wrong here? One think I was considering is that at some point I might messed up with the server certificate. Not sure. Does a sudo puppetca --clean -- all remove the master certificate? that will remove the masters ssl certs, as well as any client ssl certs if you messed up with the client certs, you sometimes have to wipe them out with rm (on the client) you can also try puppetca --list to see the pending certs to be signed and puppetca --list --all to see all signed and unsigned certs. Best regards, Cheers, -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
