Hello,
Is-it possible to disable completely the SSL check between the user and the
puppet server ?
Error: Failed to submit 'deactivate node' command for xx to PuppetDB at
xx:443: SSL_connect returned=1 errno=0 state=SSLv3 read server
certificate B: certificate verify failed:
Hi folks,
recently in our Puppet pipeline we added a few tests on catalogs
leveraging Ripienaar's puppet-catalog-diff [1]. Basically, before
merging to production, for each node we compare the catalogs between
production and the committed developing version, to spot any (maybe
unwanted) change
Yea right now I am not using environments, I would like to move to either
passenger or mongrel for a more scalable setup (although I have heard
mongrel has issue with memory leaks).
On Sun, Mar 14, 2010 at 1:53 PM, Nigel Kersten ni...@explanatorygap.netwrote:
On Sat, Mar 13, 2010 at 11:33 AM,
I will keep that in mind, ideally I would like to keep SSL in place for
security purposes I was really looking for a quick hack/slash to disable SSL
for the time being just to get past some auth issues.
Longer term though from a scalability POV, I will in the end have over 24-30
puppetmasters
ssl has nothing to do with mongrel or passenger, as ssl is handled in apache
(or ngnix).
as far as it goes for SSL, you have two options:
1. a single CA
2. CA chain hierarchy.
the first option is simple, one of your puppetmasters will be your CA, and
every sign will run on it, you would require
On Mar 15, 2010, at 8:26 AM, Ohad Levy wrote:
ssl has nothing to do with mongrel or passenger, as ssl is handled in apache
(or ngnix).
as far as it goes for SSL, you have two options:
1. a single CA
2. CA chain hierarchy.
the first option is simple, one of your puppetmasters will be
Yes, I am aware that by going with mongrel/passenger as it will be handled
by mod_ssl. I setup mongrel in my lab today, didn't take much to get going
(puppet wiki was VERY helpful). Unfortunately passenger doesn't look to be
packaged up other then in a gem (didn't investigate further then a
If you're using Red Hat/Fedora flavors of Linux, you can use Kanarip's
Repository to get mod_passenger and other rubygem rpm repackagings -
http://www.kanarip.com/custom/
On 3/15/10 6:14 PM, Christopher Johnston wrote:
Yes, I am aware that by going with mongrel/passenger as it will be
handled
On Sat, Mar 13, 2010 at 11:33 AM, Christopher Johnston
chjoh...@gmail.com wrote:
No I am not using environments with this setup, curious on how that would
make a difference if the module base is identical for all of my production
hosts.
This probably explains it better.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
If you front Puppet with Apache per the Mongrel instructions and set the
SSLCipherSuite to 'NULL' in Apache, then it will turn off all encryption.
Trevor
On 03/12/2010 05:57 PM, Dan Bode wrote:
On Fri, Mar 12, 2010 at 2:53 PM, Christopher
On Fri, 12 Mar 2010, Christopher Johnston wrote:
Reason I am asking is I am having a bunch of SSL issues in production right
now, I need to disable SSL until I get things fixed.
As a workaround, perhaps you could use the
standalone compile/apply feature (new in 0.25); see
No I am not using environments with this setup, curious on how that would
make a difference if the module base is identical for all of my production
hosts.
By using a subject altname on the cert would that allow for a distributed
certificate for all my hosts in that specific environment. Since
Is there a way to disable SSL all together for testing?
-Chris
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
Reason I am asking is I am having a bunch of SSL issues in production right
now, I need to disable SSL until I get things fixed.
On Fri, Mar 12, 2010 at 5:57 PM, Dan Bode d...@reductivelabs.com wrote:
On Fri, Mar 12, 2010 at 2:53 PM, Christopher Johnston
chjoh...@gmail.comwrote:
Is there
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/03/10 2:58 PM, Christopher Johnston wrote:
Reason I am asking is I am having a bunch of SSL issues in production
right now, I need to disable SSL until I get things fixed.
You can't disable SSL as client/server relies on it.
What are your
15 matches
Mail list logo
