When you have a separate server providing the CA service, it is only contacted when a client first connects. After the client's cert is signed, the CA server does nothing. Does that make sense?
On Sun, Mar 30, 2014 at 2:07 PM, Chris <[email protected]> wrote: > Hi, > > Apologies if this appears twice, I couldn't see it show up in the archives. > > I've been trying to set up a separate ca server for puppetmaster and > failing. I'm sure I've missed something but I'm not sure where to look. > > server a is the puppetmaster: > > [main] > ca_server = puppetmaster.puppet.local > > [agent] > server = puppetmaster.puppet.local > > [master] > ca=true > > > server b is the puppetmaster-client (slave puppetmaster): > [main] > ca_server = puppetmaster.puppet.local > server = puppetmaster.puppet.local > > [agent] > <no server related settings> > > [master] > ca=false > > > and finally server c is the puppet-client: > [main] > ca_server = puppetmaster.puppet.local > server = puppetmaster-client.puppet.local > > [agent] > <no server related settings> > > > When I run 'puppet agent --test' on puppet-client, it generates a cert > which is then signed. The next run then hits puppetmaster-client. All good > so far. > > However I never see another hit on puppetmaster at all. > If I shut down the daemon on puppetmaster, nothing complains. If I revoke > the certificate on puppetmaster, nothing complains. > > If I change puppet-client config so: > [main] > server = puppetmaster.puppet.local > > Then it does complain. > > Using puppet 3.4.3 from puppetlabs rpm's. > > Any help/suggestions etc would be fantastic. > > Cheers, > Chris. > > -- > Postgresql & php tutorials > http://www.designmagick.com/ > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/puppet-users/533887A8.7030104%40gmail.com. > For more options, visit https://groups.google.com/d/optout. > -- Spencer Krum (619)-980-7820 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CADt6FWNi3rpLcSW_%3DmM66mFpSaorkKJ0J1Bhgh6kdq70fXxWnw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
