Thanks very much Ken, I'm away from the comp for the weekend, I'll try these and get back to you as soon as I can.
On Friday, 5 July 2013 22:08:37 UTC+10, Ken Barber wrote: > > If it helps I did a bit of a Gist walkthrough of the full cert > recreation etc. using puppet cert generate here: > https://gist.github.com/kbarber/5934100 ... > > On Fri, Jul 5, 2013 at 1:00 PM, Ken Barber <[email protected]<javascript:>> > wrote: > >> I have a standard Puppet 2.7 configuration installed from Gem on Ubuntu > >> 12.04, running behind Apache. > >> > >> I'm testing the reprovisioning of the puppet master from scratch in > Vagrant > >> and ran into a little snug - apache configuration points to a puppet > >> ca_crl.pem file which doesn't exist, so apache refuses to start. > > > > Have you tried just using 'puppet cert generate <mymaster_name>' to > > populate the initial certificates? I don't have a 2.7.x around, but > > for 3.x it repopulates all the missing certificates it seems including > > ca_crl.pem. > > > >> The puppet master documentation says that it'll automatically generate > this > >> file if it isn't present, but I need a way to get it generated > automatically > >> before apache tries to start. > > > > Yes, and it does - when you start it standalone using webrick (ie. > > puppet master --no-daemonize --debug --log console ... or something > > will probably do the trick). But the SSL offloading to Apache kind of > > breaks this as you've mentioned. > > > > ken. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
