Hello,
I'm deploying multiple puppetmasters (running latest puppet server
AIO). So I have create a single puppet master acting as CA. I have no
problem with this.
But the problem I'm having is configuring another puppet master. This
one is configure to run its puppetserver but using the
We currently have a handful number of puppet masters and using
apache-passenger stack to run puppet master service. We use set of
dedicated puppet master servers as CA servers. So any ssl request that come
to a puppet master , will redirect to proxy server which is dedicated CA
puppet master.
What it looks like to me is going on is the YML file for the host ends up
on the Remote Master (which I can verify by looking for it) and the node.rb
is running on the Grand Master. Since the YML files isn't on the Grand
Master the lookup (of course) fails. So the real question is can we make
On 2015-02-24 16:09, Peter Berghold wrote:
What it looks like to me is going on is the YML file for the host ends
up on the Remote Master (which I can verify by looking for it) and the
node.rb is running on the Grand Master. Since the YML files isn't on the
Grand Master the lookup (of course)
Using crude ascii art, here is what I have set up so far in my lab..
[Foreman/Puppet Grand Master] -- foreman-proxy here
^
|
V
Hi Peter,
you might be running into http://projects.theforeman.org/issues/5925 .
I'm wondering whether subsequent runs work.
Also, the node.rb will run on the remote client's puppet master, so,
probably your Remote Master. Since the default node.rb from foreman
requires this yaml file, it'll
FOUND IT!
It was a comedy of errors. The perms on the node.rb script were wrong (not
sure how they got that way, but...) and not only that there was some
residual configuration issues from an experiment I did two weeks ago that
was pointing to the hostname pocforman.domain instead of the FQDN of
The problem is that the puppetdb certificate is not for localhost, but for
puppetdb hostname.
You have two options:
1. Set in /etc/hosts puppetdb as alias of localhost
2. Generate a new certificate for the puppetdb with an alias for local host
as valid hostname.
I would prefer option 1.
I'm trying to set up something that will have multiple puppet masters (with
one as the CA) and multiple puppet db's (they will be geographically
dispersed).
The multi-masters stuff all works fine, but I'm struggling with multiple
puppet db's.
Ideally I'd like puppet db to live on the same
Hi all,
I'm trying to set up something that will have multiple puppet masters
(with one as the CA) and multiple puppet db's (they will be
geographically dispersed).
The multi-masters stuff all works fine, but I'm struggling with multiple
puppet db's.
Ideally I'd like puppet db to live on
We have a few different offices. I am looking to setup a puppet master in
each location. I would like them to all have the same node definitions so
that all offices are working off the same recipes. Is it possible if we
have an nfs share that is accessable to all puppet masters that the .pp
On Thu, Mar 6, 2014 at 9:48 AM, kevin McCartney mccartney...@gmail.com wrote:
We have a few different offices. I am looking to setup a puppet master in
each location. I would like them to all have the same node definitions so
that all offices are working off the same recipes. Is it possible if
On Wednesday, March 5, 2014 3:28:30 PM UTC-8, Patrick Kelso wrote:
On Thu, Mar 6, 2014 at 9:48 AM, kevin McCartney
mccart...@gmail.comjavascript:
wrote:
We have a few different offices. I am looking to setup a puppet master
in
each location. I would like them to all have the same
+1 just a one puppet master. If you cannot attack it directly from clients,
set up a proxy in each location.
Regards
El 06/03/2014 00:36, Garrett Honeycutt g...@garretthoneycutt.com escribió:
On Wednesday, March 5, 2014 3:28:30 PM UTC-8, Patrick Kelso wrote:
On Thu, Mar 6, 2014 at 9:48 AM,
So,
We are working on migrating a global deployment of Puppet over to a
single PuppetDB instance away from a single MySQL storeconfigs
instance and are running into an issue. It seems is that PuppetDB will
only allow nodes from a single Puppet master to connect if each Puppet
master is running as
Hi,
I would like to set up an additional puppet master but have the CA server
handled by only 1 puppet master. I have set this up as per the
documentation here:
http://docs.puppetlabs.com/guides/scaling_multiple_masters.html
I have configured my second puppet master as follows:
[main]
...
ca
Thanks guys, I really appreciate the responses here.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/xGWoov-8j58J.
To post to this group, send email to
On 27 September 2012 17:24, Alex Harvey alexharv...@gmail.com wrote:
On Thursday, September 27, 2012 9:13:32 AM UTC+10, Pete wrote:
Another option would be to put all your puppet code into a git repo
and setup each master to pull from a central repo over ssh.
That _Should_ be secure enough.
On 27.09.2012 09:24, Alex Harvey wrote:
On Thursday, September 27, 2012 9:13:32 AM UTC+10, Pete wrote:
Another option would be to put all your puppet code into a git repo
and setup each master to pull from a central repo over ssh.
That _Should_ be secure enough.
I am also
Hi all,
I am interested to hear from anyone who might have deployed Puppet in a
large organisation with a lot of subnets firewalled off from each other.
I am considering to have, if possible, a 'master' Puppet Master controlling
'client' Puppet Masters that live on the firewalled subnets. I
Hi,
without describing your threat analysis, there is little we can suggest.
Depending on its contents, it might be enough to leverage(sic!) the
existing ACL controls, confining each agent to certname specific
locations or you'd have to have completely separate masters to avoid a
central
On 26 September 2012 09:14, Alex Harvey alexharv...@gmail.com wrote:
Hi all,
I am interested to hear from anyone who might have deployed Puppet in a
large organisation with a lot of subnets firewalled off from each other.
I am considering to have, if possible, a 'master' Puppet Master
Hi Alex,
I attempted to set this up a while ago but never got to finish my module.
I still have it somewhere and I will likely need to finish it soon as
I need to do a similar setup soon for a PCI setup.
Another option would be to put all your puppet code into a git repo
and setup each master to
23 matches
Mail list logo
