[Puppet Users] Re: PuppetCA not signing Certificate-Requests
Hey Denmat, I'm already using Passenger with Apache. Problem is still there. Markus On 20 Jun., 23:00, Denmat tu2bg...@gmail.com wrote: Hi, If you are using the standard webrick server that comes puppetmasterd then you will find it doesn't scale very well. Check out the scaling puppet docs on the puppetlabs site for your options. Cheers, Deb On 20/06/2011, at 22:18, markus markus.fenste...@googlemail.com wrote: I'm not sure whether it is a problem with the Provisioner I use. I added a little sleep time between requesting the node to send its CSR to the Server and the signing of this certificate on all nodes. Until now it works perfectly. On 18 Jun., 18:58, markus markus.fenste...@googlemail.com wrote: Hi! I'm having a setup with MCollective 1.2.0, Puppet 2.6.4 and an provision-agent. Most of the time this works great, but sometimes (every 10th node or so) I experience, that signing-requests of puppet- agents are not getting signed on the master. So the request of the puppet agent to /production/certificate/... ends everytime in an HTTP-Error 404. Does anyone have a glue about that? The problem is also hard to analyze because the logoutput is not very detailed. Puppet-Agent: Jun 18 16:10:38 ip-10-242-62-183 puppet-agent[1001]: Creating a new SSL key for ... Jun 18 16:10:38 ip-10-242-62-183 puppet-agent[1001]: Caching certificate for ca Jun 18 16:10:41 ip-10-242-62-183 puppet-agent[1001]: Creating a new SSL certificate request for ... Jun 18 16:10:41 ip-10-242-62-183 puppet-agent[1001]: Certificate Request fingerprint (md5): 6A:3F:63:8A:59:2C:F6:C9:5E:56:5F:39:16:FF: 19:BE Puppet-Master: puppet:443 a.b.c.d - - [18/Jun/2011:18:10:39 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:10:39 +0200] GET /production/ certificate_request/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:10:42 +0200] PUT /production/ certificate_request/a.b.c.d HTTP/1.1 200 2202 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:10:42 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:10:43 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:11:03 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:11:04 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:11:04 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:11:26 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:11:26 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:11:26 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:11:48 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:11:48 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - Regards Markus -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: PuppetCA not signing Certificate-Requests
Puppet doesn't even recognise the CSR that was sended. Is there a known threading problem with puppetca? Or a problem, that it can not handle several requests per seconds to add and sign CSRs? On 22 Jun., 12:10, markus markus.fenste...@googlemail.com wrote: Hey Denmat, I'm already using Passenger with Apache. Problem is still there. Markus On 20 Jun., 23:00, Denmat tu2bg...@gmail.com wrote: Hi, If you are using the standard webrick server that comes puppetmasterd then you will find it doesn't scale very well. Check out the scaling puppet docs on the puppetlabs site for your options. Cheers, Deb On 20/06/2011, at 22:18, markus markus.fenste...@googlemail.com wrote: I'm not sure whether it is a problem with the Provisioner I use. I added a little sleep time between requesting the node to send its CSR to the Server and the signing of this certificate on all nodes. Until now it works perfectly. On 18 Jun., 18:58, markus markus.fenste...@googlemail.com wrote: Hi! I'm having a setup with MCollective 1.2.0, Puppet 2.6.4 and an provision-agent. Most of the time this works great, but sometimes (every 10th node or so) I experience, that signing-requests of puppet- agents are not getting signed on the master. So the request of the puppet agent to /production/certificate/... ends everytime in an HTTP-Error 404. Does anyone have a glue about that? The problem is also hard to analyze because the logoutput is not very detailed. Puppet-Agent: Jun 18 16:10:38 ip-10-242-62-183 puppet-agent[1001]: Creating a new SSL key for ... Jun 18 16:10:38 ip-10-242-62-183 puppet-agent[1001]: Caching certificate for ca Jun 18 16:10:41 ip-10-242-62-183 puppet-agent[1001]: Creating a new SSL certificate request for ... Jun 18 16:10:41 ip-10-242-62-183 puppet-agent[1001]: Certificate Request fingerprint (md5): 6A:3F:63:8A:59:2C:F6:C9:5E:56:5F:39:16:FF: 19:BE Puppet-Master: puppet:443 a.b.c.d - - [18/Jun/2011:18:10:39 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:10:39 +0200] GET /production/ certificate_request/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:10:42 +0200] PUT /production/ certificate_request/a.b.c.d HTTP/1.1 200 2202 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:10:42 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:10:43 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:11:03 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:11:04 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:11:04 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:11:26 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:11:26 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:11:26 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:11:48 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:11:48 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - Regards Markus -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: PuppetCA not signing Certificate-Requests
I'm not sure whether it is a problem with the Provisioner I use. I added a little sleep time between requesting the node to send its CSR to the Server and the signing of this certificate on all nodes. Until now it works perfectly. On 18 Jun., 18:58, markus markus.fenste...@googlemail.com wrote: Hi! I'm having a setup with MCollective 1.2.0, Puppet 2.6.4 and an provision-agent. Most of the time this works great, but sometimes (every 10th node or so) I experience, that signing-requests of puppet- agents are not getting signed on the master. So the request of the puppet agent to /production/certificate/... ends everytime in an HTTP-Error 404. Does anyone have a glue about that? The problem is also hard to analyze because the logoutput is not very detailed. Puppet-Agent: Jun 18 16:10:38 ip-10-242-62-183 puppet-agent[1001]: Creating a new SSL key for ... Jun 18 16:10:38 ip-10-242-62-183 puppet-agent[1001]: Caching certificate for ca Jun 18 16:10:41 ip-10-242-62-183 puppet-agent[1001]: Creating a new SSL certificate request for ... Jun 18 16:10:41 ip-10-242-62-183 puppet-agent[1001]: Certificate Request fingerprint (md5): 6A:3F:63:8A:59:2C:F6:C9:5E:56:5F:39:16:FF: 19:BE Puppet-Master: puppet:443 a.b.c.d - - [18/Jun/2011:18:10:39 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:10:39 +0200] GET /production/ certificate_request/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:10:42 +0200] PUT /production/ certificate_request/a.b.c.d HTTP/1.1 200 2202 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:10:42 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:10:43 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:11:03 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:11:04 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:11:04 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:11:26 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:11:26 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:11:26 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:11:48 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:11:48 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - Regards Markus -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: PuppetCA not signing Certificate-Requests
Hi, If you are using the standard webrick server that comes puppetmasterd then you will find it doesn't scale very well. Check out the scaling puppet docs on the puppetlabs site for your options. Cheers, Deb On 20/06/2011, at 22:18, markus markus.fenste...@googlemail.com wrote: I'm not sure whether it is a problem with the Provisioner I use. I added a little sleep time between requesting the node to send its CSR to the Server and the signing of this certificate on all nodes. Until now it works perfectly. On 18 Jun., 18:58, markus markus.fenste...@googlemail.com wrote: Hi! I'm having a setup with MCollective 1.2.0, Puppet 2.6.4 and an provision-agent. Most of the time this works great, but sometimes (every 10th node or so) I experience, that signing-requests of puppet- agents are not getting signed on the master. So the request of the puppet agent to /production/certificate/... ends everytime in an HTTP-Error 404. Does anyone have a glue about that? The problem is also hard to analyze because the logoutput is not very detailed. Puppet-Agent: Jun 18 16:10:38 ip-10-242-62-183 puppet-agent[1001]: Creating a new SSL key for ... Jun 18 16:10:38 ip-10-242-62-183 puppet-agent[1001]: Caching certificate for ca Jun 18 16:10:41 ip-10-242-62-183 puppet-agent[1001]: Creating a new SSL certificate request for ... Jun 18 16:10:41 ip-10-242-62-183 puppet-agent[1001]: Certificate Request fingerprint (md5): 6A:3F:63:8A:59:2C:F6:C9:5E:56:5F:39:16:FF: 19:BE Puppet-Master: puppet:443 a.b.c.d - - [18/Jun/2011:18:10:39 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:10:39 +0200] GET /production/ certificate_request/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:10:42 +0200] PUT /production/ certificate_request/a.b.c.d HTTP/1.1 200 2202 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:10:42 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:10:43 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:11:03 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:11:04 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:11:04 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:11:26 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:11:26 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:11:26 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:11:48 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - puppet:443 a.b.c.d - - [18/Jun/2011:18:11:48 +0200] GET /production/ certificate/a.b.c.d HTTP/1.1 404 2298 - - Regards Markus -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.