Hi! 2 puppetmasters and 1 client installed on VMware. I'm using puppetversion 3.4.2 on all 3 hosts
2 pupetmasters, one as primary (hostname =puppetserver.ops.ss) , second (hostname=puppetslave) as secondary, client (hostname=client.ops.ss). High availability and all other steps - exactly as described on this link http://projects.puppetlabs.com/projects/1/wiki/High_Availability_Patterns 2 puppetmasters + 1 client in 192.168.1.x network 2 puppetmasters connected via 10.0.0.x network for heartbeat purposes. ( primary 10.0.0.1, secondary 10.0.0.2, redundant IP 192.168.1.200) heartbeat works I moved ca_crl.pem to secondary puppetmaster according to link above. primary puppetmaster */etc/hosts* 127.0.0.1 puppetserver 192.168.1.20 client 192.168.1.30 puppetslave *puppet.conf* all defaults , only added in [main] ca =true secondary puppetmaster */etc/hosts* 127.0.0.1 puppetslave 192.168.1.20 client 192.168.1.10 puppetserver.ops.ss *puppet.conf* [main] server = puppetserver.ops.ss listen = true ca = false ca_server = puppetserver.ops.ss client */etc/hosts* 127.0.0.1 client 192.168.1.200 puppetserver.ops.ss *puppet.conf* [main] server = puppetserver.ops.ss listen = true Client machine gets certificate and puppet works with primary puppetmaster - no problem at all. Now I stop primary puppetmaster, wait for secondary takes 192.168.1.200 redundant ip and trying on client machine: #puppet agent --server puppetserver.ops.ss --waitforcert 45 --test --verbose trying to get certificate from secondary puppetmaster for testing purposes. And I got respond : Could not retrieve catalog from remote server: Server hostname 'puppetserver.ops.ss' did not match server certificate; expected puppetslave Could you help me with the problem? What's wrong? #openss x509 -text -noout -in /var/lib/puppet/ssl/certs/ca.pem on secondary puppetmaster gives CN=Puppet CA:puppetserver.ops.ss in my understanding secondary puppetmaster shoud send respond as primary one ("puppetserver.ops.ss"), when first one is dead and actually it does, why client does not accept it? Thank you for your help -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/8d59db1d-14b4-44f6-987d-960d45938d36%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
