Hi Ryan, On 28 Apr 2015, at 01:34, Ryan Anderson <[email protected]> wrote:
> I have a need to send reports from a puppet master B in datacenter B to > puppetdb on master A in datacenter A. Both are using puppet open source 3.7.1 > and puppetdb 2.2 (master A) or puppetdb-terminus (master B). This is easily possible when using a common CA between both masters. 1. Master of Masters (CA, Modules for PuppetDB and Puppet Masters) 2. Puppet DB 3. Puppet Master A (catalog compile and file serving) 4. Puppet Master B (catalog compile ans file serving) > > I have done all steps here: > https://docs.puppetlabs.com/puppetdb/2.2/connect_puppet_master.html. However, > this page says nothing about using SSL certs so that puppetdb-terminus on > master B can connect to https port 8081 on master A. I get errors like this: > Warning: Error 400 on SERVER: Could not retrieve facts for > masterB.example.com: Failed to find facts from PuppetDB at > masterA.example.com:8081: SSL_connect returned=1 errno=0 state=SSLv3 read > server certificate B: certificate verify failed: [unable to get local issuer > certificate for /CN=masterA.example.com] > > The separate page on setting up master-less puppet agents to send puppetdb > reports touches on this: > https://docs.puppetlabs.com/puppetdb/2.2/connect_puppet_apply.html > > The most promising solution here looks like setting up an apache SSL proxy > that redirects https 8081 to localhost:8080 mentioned here: > https://docs.puppetlabs.com/puppetdb/2.2/connect_puppet_apply.html#option-a-set-up-an-ssl-proxy-for-puppetdb. > However, I know little about configuring apache this way, and an example > config isn't provided. It even says > More detailed instructions for setting up this proxy will be added to this > guide at a later date". The 2.3 instruction lacks this also. Any ideas? > The apache documentation for mod_proxy has some examples on how to set up an https -> http proxy. hth, Martin -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/543EF0DF-319D-4184-84FB-209E458EF8EC%40gmail.com. For more options, visit https://groups.google.com/d/optout.
