Hi,
I'm trying to unify puppet with func too, but I'm still getting this error:
Error: [('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert bad certificate'),
('SSL routines', 'SSL3_READ_BYTES', 'ssl handshake failure')]
Minion config
[main]
log_level = INFO
acl_dir = /etc/func/minion-acl.d
listen_addr =
listen_port = 51234
minion_name = test-machine.test.org
method_log_dir = /var/log/func/methods/
use_certmaster = False
ca_file=/var/lib/puppet/ssl/certs/ca.pem
cert_file=/var/lib/puppet/ssl/certs/test-machine.test.org.pem
key_file=/var/lib/puppet/ssl/private_keys/test-machine.test.org.pem
crl_location=/var/lib/puppet/ssl/crl.pem
overlord.conf
# configuration for overlord
[main]
socket_timeout = 0
backend = conf
group_db =
puppet_minions = True
Could you please guide me in the right way?
Thank you
Filip
On Thu, Mar 31, 2011 at 4:11 AM, Greg Swift <[email protected]> wrote:
>
>
> On Wed, Mar 30, 2011 at 18:42, Norvell, Preston <
> [email protected]> wrote:
>
>> I've read the func man page and trolled the list as much as I can to find
>> an answer to this; apologies if I've been blind.
>>
>> I'm interested in running Func in conjunction with our pre-existing Puppet
>> infrastructure. Per the wiki <
>> https://fedorahosted.org/func/wiki/FuncWithPuppet> the wiki itself is no
>> longer an appropriate reference for doing the integration work as of 0.27
>> (I've got func-0.27 from rpmforge and certmaster-0.27 from another
>> location). Is there a reference for what the new proper integration is? I
>> am (and my team is) new to Func so perhaps I'm missing something that would
>> intuitive to a seasoned user, but I'm down to reading the patch commits and
>> such to try to figure things out. I would appreciate any pointers, and I'd
>> be happy to provide an updated wiki page if one is not already elsewhere.
>>
>>
> I've never set it up, and this might not work (but i hope it can at least
> get you going the right direction till someone more in the know answers),
> however to the best of my knowledge:
>
> 1: overlord must be on the same host as puppetmaster
> 2: in /etc/func/overlord.conf:
> a: you need to set "puppet_minions = True" under the [main] section.
> b: set ca_file, cert_file, key_file based on where puppet places its
> files
> c: If the following is not true for you environment you need to set
> how your system is configured in /etc/func/overlord.conf:
> puppet_inventory = /var/lib/puppet/ssl/ca/inventory.txt
> puppet_signed_certs_dir = /var/lib/puppet/ssl/ca/ca_crl.pem
> 3: On minion in /etc/func/minion.conf:
> a: set "use_certmaster = False"
> b: set ca_file, cert_file, key_file, and crl_location paths based on
> where puppet places its files
> c: start daemon
> 4: Back on overlord try running 'func "*" ping'
>
> If that doesn't work then 2b might need to be augmented with the previous
> "passphrase/key removal" steps from the wiki.
>
> Cleanup help on the wiki is always appreciated :)
>
> -greg/xaeth
>
> _______________________________________________
> Func-list mailing list
> [email protected]
> https://www.redhat.com/mailman/listinfo/func-list
>
_______________________________________________
Func-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/func-list
