Thank you for the response, Max Is there any way for us to tell from the puppet master (command line or REST) if a signed certificate has actually been picked up? Running Kick just gives us a connection refused, so we can't really tell why the connection was refused. We just sit around waiting and retrying until it suddenly starts working.
Arm. On Apr 20, 3:58 pm, Max Martin <[email protected]> wrote: > Hi Arm, > > It sounds like the problem here is that your puppet agents are running as > daemons, and kicking them isn't causing them to check for a signed cert. I > would suggest that you run your agents using --no-daemonize, and set up a > cron schedule for them to check in with the master, which will cause them to > check for any signed certs. I'm CCing this to the public dev and user lists > in case anyone else has any better ideas, and don't hesitate to reply again > if you run into any more issues. > > Thanks for the feedback! > > > > > > > > > > On Wed, Apr 20, 2011 at 2:05 PM, Arm Adam <[email protected]> wrote: > > This REST api is very interesting to us. However, one issue we have > > is that we don't know when an agent has actually picked up the > > certificates. For example, we bring a new puppet agent online and it > > connects to the master to generate a certificate request. We sign the > > request and get an immediate response from the puppet master > > certificate command, but when we subsequently attempt to perform a > > kick, it fails due to a connection refused. This will happen until > > the agent actually picks up the signed certificate. > > > So, > > > 1) How can we determine if a certificate is signed AND has been picked > > up by the agent? > > 2) How can we force the agent to connect and pick up the signed > > certificates without having access to the agent system. > > > Notes: > > We don't want to have to connect to an agent. Only the master. > > We don't have agent hostname prior to it coming online. According to > > what we've seen online pre-generating and distributing keys is not an > > option given that constraint. > > > Thank you for your help! > > -- > Max Martin (404) 585-1840 > Puppet Labshttp://www.puppetlabs.com -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
