hi,
i'm trying to set up my puppetmaster infrastructure with multiple
puppetservers behind load balancers in each of our datacenters. i'm
using 0.24.6. i've read the howto on puppet scalability, and i think
i've got the ssl config working correct, but i'm noticing that when
puppetd is used to build a puppetmaster, some of the files in $vardir/
ssl conflict. from other posts on this list, i've gathered that it's
NOT best practice to specify different ssl dirs for puppetd and
puppetmaster. i actually tried that and noticed that "puppetca --
clean" refused to look in the ssl dir that puppetmasterd was using...
it was looking in /var/lib/puppet/ssl which was puppetd's ssl dir.
so, i'm back to using one ssldir for puppetd and puppetmasterd.
so, my problem is i start my puppetd, it successfully talks to my
exisitng puppet master, gets a cert, and starts applying the config.
when it gets to the part where it runs puppetmasterd for the first
time, $vardir/ssl/certs/ca.pem gets overwritten by the puppetmasterd
initialization process. this prevents puppetd from working until i go
back in and fix it. is there a trick to get this working that i am
missing? i've also noticed that puppetd and puppetmasterd both create
host certificates with the same name, which is $vardir/ssl/certs/
$fqdn.pem. however, the cert that puppetd makes does not have the
subject alternative names for "puppet", etc. i got around this by
specifying "certname = puppet" in my puppetmaster section of the
config, so that it creates a file called puppet.pem instead. if
anyone has any ideas what i might be doing wrong, please let me know.
i've included my puppet.conf below.
thanks!
-drew
[main]
# Where Puppet stores dynamic and growing data.
# The default value is '/var/puppet'.
vardir = /var/lib/puppet
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
[puppetd]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
runinterval = 120
#factsync = true
# These settings are necessary to enable plugin support via
modules
# Our custom facter facts rely on this
pluginsync=true
pluginsource = puppet://$server/plugins
plugindest = $vardir/lib
factpath = $vardir/lib/facter
factdest = $vardir/lib/facter
[puppetmasterd]
modulepath = /var/lib/puppet/modules
certname = puppet
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
