M C schreef: > We would like to avoid pre-scheduled updates in our production environment > by puppet. The solution I've come across is to instruct the puppet agent > not to update on a schedule and instead use "puppet kick" from the puppet > master to force updates when we're ready to deploy them. I can't seem to > get this to work. I have asked around the IRC channel and received a few > pointers, but it's still not working correctly. I've added the "listen = > true" line to the puppet.conf file on each node, as well as creating a > namespaceauth.conf file on each node, with wide open permissions at the > moment. When I attempt to run puppet kick from the master, I receive the > following error: > > [r...@admin puppet]# puppet kick -d test.foo.com > Triggering test.foo.com > Host test.foo.com failed: SSL_connect returned=1 errno=0 state=SSLv3 read > server certificate B: certificate verify failed > test.foo.com finished with exit code 2 > Failed: test.foo.com > > I am running both the puppet master and agent services with full debugging > and I do not see anything in the logs relating to this "puppet kick". Can > anyone offer any insight?
We use triggered runs without problems. The only thing that we have, that you did not mention, is a file named /etc/puppet/auth.conf with the following contents on all clients: path /run method save allow * I think this is a new requirement with Puppet 2.6. I think I got it from the release notes at http://projects.reductivelabs.com/projects/puppet/wiki/Release_Notes#Puppet+Runner Best regards, Martijn.
smime.p7s
Description: S/MIME Cryptographic Signature