I can give that a try ... does that mean I wouldn't be able to use passenger like I currently am to get this to work?
I'll let you know of my results shortly. Regards, Jake On Apr 14, 11:35 am, Dominic Maraglia <[email protected]> wrote: > Jake, > > Can you please try the following step and see if these allows you to use > duplicates certs? > > On your Puppet Master node: > > - Stop the Puppet Master daemon. > - Restart your Puppet Master as follows: > puppet master --allow_duplicate_certs --certdnsnames="puppet:$(hostname > -s):$(hostname -f)" --verbose --noop" > > On a Puppet Agent node: > > - Generate a cert: > puppet certificate generate `hostname` --ca-location remote --server > Name_of_Puppet_Master > > - Generate a second cert : > puppet certificate generate `hostname` --ca-location remote --server > Name_of_Puppet_Master > > I would quite interested to know the outcome of these step. > > Cheers, > > Dominic Maraglia > > On 4/14/11 7:37 AM, Jake - USPS wrote: > > > > > > > > > I saw this feature became available in 2.7.0rc1 and wanted to try it > > out. I entered 'allow_duplicate_certs = true' on both my master and > > agent systems in the puppet.conf (not sure if its need in both, saw it > > in genconf for puppetd and puppetmasterd though ...). I also have > > autosign.conf configured to allow autosigning for our domain > > (*.domain.com). I had my agent register with the master for the first > > time, works good (always has ;). Now on my agent I removed the ssl > > directory. Do another test run, it generates new certs on the agent > > system and tries to communicate with the master. I then receive the > > following error on the agent: > > > info: /User[puppet]: Provider useradd does not support features > > manages_aix_lam; not managing attribute ia_load_module > > info: /File[/etc/puppet/ssl]: Scheduling refresh of (completed_/etc/ > > puppet/ssl) > > notice: /Whit[completed_/etc/puppet/ssl]: Triggered 'refresh' from 1 > > events > > info: /File[/etc/puppet/ssl/private]: Scheduling refresh of > > (completed_/etc/puppet/ssl/private) > > notice: /Whit[completed_/etc/puppet/ssl/private]: Triggered 'refresh' > > from 1 events > > info: /File[/etc/puppet/ssl/certs]: Scheduling refresh of (completed_/ > > etc/puppet/ssl/certs) > > info: /File[/etc/puppet/ssl/certificate_requests]: Scheduling refresh > > of (completed_/etc/puppet/ssl/certificate_requests) > > notice: /Whit[completed_/etc/puppet/ssl/certificate_requests]: > > Triggered 'refresh' from 1 events > > info: /File[/etc/puppet/ssl/private_keys]: Scheduling refresh of > > (completed_/etc/puppet/ssl/private_keys) > > notice: /Whit[completed_/etc/puppet/ssl/private_keys]: Triggered > > 'refresh' from 1 events > > info: /File[/etc/puppet/ssl/public_keys]: Scheduling refresh of > > (completed_/etc/puppet/ssl/public_keys) > > notice: /Whit[completed_/etc/puppet/ssl/public_keys]: Triggered > > 'refresh' from 1 events > > notice: /Whit[completed_/etc/puppet/ssl/certs]: Triggered 'refresh' > > from 1 events > > info: Creating a new SSL key for XXX > > warning: peer certificate won't be verified in this SSL session > > info: Caching certificate for ca > > warning: peer certificate won't be verified in this SSL session > > info: Caching certificate for XXX > > err: Could not request certificate: Retrieved certificate does not > > match private key; please remove certificate from server and > > regenerate it with the current key > > Exiting; failed to retrieve certificate and waitforcert is disabled > > > I guess I was expecting for this to work fine when > > 'allow_duplicate_certs = true'. Maybe I misconfigured something? > > Maybe I'm misunderstanding how allow_duplicate_certs behaves? > > > Thanks! > > Jake -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
