I've verified that the "puppet cert generate.." command generates the files which are required to get the Apache daemon up and running. Thanks Ken.
On Saturday, 6 July 2013 13:03:12 UTC+10, Amos Shapira wrote: > > Thanks very much Ken, > > I'm away from the comp for the weekend, I'll try these and get back to you > as soon as I can. > > On Friday, 5 July 2013 22:08:37 UTC+10, Ken Barber wrote: >> >> If it helps I did a bit of a Gist walkthrough of the full cert >> recreation etc. using puppet cert generate here: >> https://gist.github.com/kbarber/5934100 ... >> >> On Fri, Jul 5, 2013 at 1:00 PM, Ken Barber <[email protected]> wrote: >> >> I have a standard Puppet 2.7 configuration installed from Gem on >> Ubuntu >> >> 12.04, running behind Apache. >> >> >> >> I'm testing the reprovisioning of the puppet master from scratch in >> Vagrant >> >> and ran into a little snug - apache configuration points to a puppet >> >> ca_crl.pem file which doesn't exist, so apache refuses to start. >> > >> > Have you tried just using 'puppet cert generate <mymaster_name>' to >> > populate the initial certificates? I don't have a 2.7.x around, but >> > for 3.x it repopulates all the missing certificates it seems including >> > ca_crl.pem. >> > >> >> The puppet master documentation says that it'll automatically generate >> this >> >> file if it isn't present, but I need a way to get it generated >> automatically >> >> before apache tries to start. >> > >> > Yes, and it does - when you start it standalone using webrick (ie. >> > puppet master --no-daemonize --debug --log console ... or something >> > will probably do the trick). But the SSL offloading to Apache kind of >> > breaks this as you've mentioned. >> > >> > ken. >> > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
