On Tue, May 22, 2012 at 5:43 PM, Ryan Coleman <[email protected]> wrote: > On Tue, May 22, 2012 at 2:56 AM, Matthew Burgess > <[email protected]> wrote: >> Thanks for any help, either in being able to get puppet-load to load >> test our environment, or in letting me know what might cause our >> clients to fail to check in reliably if it's not a load issue. >> > > Hi Matt, > > I ran into this as well, it seems as though puppet-load isn't properly > authenticating with its agent certificate to the master. To work > around this for now, assuming the client running puppet-load has a > certificate named centos6.puppetlabs.vm, insert the following > statement into auth.conf > > path /catalog/centos6.puppetlabs.vm > method find > allow centos6.puppetlabs.vm > auth any
Apologies for taking so long to get back about this, more pressing matters took precedence. So, back on this, I think I must be doing something really daft then, as I've made that change to my auth.conf file and still get the same forbidden errors. I also missed some potentially important information from my original message, which is that we're running puppet behind mod_passenger due to already hitting scalability issues with Webrick. We've now also had to turn on storeconfigs to handle some external resources, and therefore have pointed foreman at the same MySQL DB to gather its hosts, facts and reports from. Foreman is also running under mod_passenger. puppet, foreman and mysql are all on the same server; a virtual machine running on a VMWare ESXi host. Having not been able to get any info out of puppet-load to date, I decided to bump the number of vCPUs up to 4, from 1, and increase its RAM from 2GB to 4GB, but that hasn't helped any. So, I'm now wondering whether apache/mod_passenger is configured correctly in terms of launching enough worker threads/puppetmasterd children. One other concern is that foreman shows a roughly even split of load across the 30 minute time window (~10 hosts every 3 minutes), except for one spike where 28 clients decide to hit it in one 3 minute interval. Should puppet not be telling these clients to back off a bit? I have a hunch that if I could get the clients all averaged out (~14 hosts per 3 minute window) things may go a little smoother. That said, I would have thought that the hardware I've thrown at this is already sufficient to handle what I'd imagine is a fairly small environment compared to others out there? Thanks, Matt. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
