Did you try signing your secondary puppet master as a client of the first one? make sure you use fqdn when referring to the second one, as its certificate would be valid to "puppet" or its fqdn.
Ohad On Thu, Sep 24, 2009 at 4:37 AM, lschiere <luke.schie...@gmail.com> wrote: > > I have tried copying over the contents of the /var/lib/puppet/ssl/ca > directory, but apparently something with in it is specific to the > host, such it then complains that the certificates and keys do not > match. I also saw > http://reductivelabs.com/trac/puppet/wiki/MultipleCertificateAuthorities, > but I do not want to put apache on each host. With cfengine2, it was > very simple to have cfservd running on each host, distribute the keys > to each, and then pull result files from the clients to the central > server. I cannot seem to find an example of a similar setup with > puppet. > > Luke > > On Sep 22, 4:30 pm, Luke Schierer <luke.schie...@gmail.com> wrote: > > On Sat, Sep 19, 2009 at 7:53 AM, Luke Schierer <luke.schie...@gmail.com > >wrote: > > > > > > > > > > > > > On Sep 19, 2009, at 05:11 EDT, Peter Meier wrote: > > > > >> The standard way to do that is: > > >>>> source => > > >>>> ["puppet:///foo/file-$hostname","puppet:///foo/file-$lsbdistcodename > > >>>> ","puppet:///foo/file"] > > >>>> - check for modules/foo/file-www4, then file-jaunty, then file > > > > >>>> * sourceselect: > > > > >> Whether to copy all valid sources, or just the first one. This > parameter > > >> is only used in recursive copies; by default, the first valid source > is > > >> the only one used as a recursive source, but if this parameter is set > to > > >> all, then all valid sources will have all of their contents copied to > > >> the local host, and for sources that have the same file, the source > > >> earlier in the list will be used. Valid values are first, all. > > > > >> So you can have both variants. > > > > >> cheers pete > > > > > When I tried to do this with > > > > source => [ 'puppet://host1/files/target','puppet://host2/files/target'] > > it works fine for the first host, which acts as the puppetmaster, but not > > for the second one. It complains about an unknown CA. > > > > I realize that this is because the CA certificates differ on the two > hosts, > > and the certificate puppet is using to pull files is only signed by one > of > > the two, the one it gets its configuration from. > > > > Is there a key or keys I can distribute to each node so that I can pull > > files from all of them? > > > > Thanks! > > > > Luke- Hide quoted text - > > > > - Show quoted text - > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
