Yes it should, are you sure you contact the second puppetmaster with its FQDN?e.g.
source => puppet://second.foor.com/module/file/.... Ohad On Thu, Sep 24, 2009 at 2:26 PM, Luke Schierer <luke.schie...@gmail.com>wrote: > > The secondaries are each clients of the first one. Does the > puppetmaster process use the same certificate as puppetd? > > Luke > > On Sep 23, 2009, at 21:38 EDT, Ohad Levy wrote: > > > Did you try signing your secondary puppet master as a client of the > > first one? > > > > make sure you use fqdn when referring to the second one, as its > > certificate would be valid to "puppet" or its fqdn. > > > > Ohad > > > > On Thu, Sep 24, 2009 at 4:37 AM, lschiere <luke.schie...@gmail.com> > > wrote: > > > > I have tried copying over the contents of the /var/lib/puppet/ssl/ca > > directory, but apparently something with in it is specific to the > > host, such it then complains that the certificates and keys do not > > match. I also saw > http://reductivelabs.com/trac/puppet/wiki/MultipleCertificateAuthorities > > , > > but I do not want to put apache on each host. With cfengine2, it was > > very simple to have cfservd running on each host, distribute the keys > > to each, and then pull result files from the clients to the central > > server. I cannot seem to find an example of a similar setup with > > puppet. > > > > Luke > > > > On Sep 22, 4:30 pm, Luke Schierer <luke.schie...@gmail.com> wrote: > > > On Sat, Sep 19, 2009 at 7:53 AM, Luke Schierer > > <luke.schie...@gmail.com>wrote: > > > > > > > > > > > > > > > > > > > On Sep 19, 2009, at 05:11 EDT, Peter Meier wrote: > > > > > > >> The standard way to do that is: > > > >>>> source => > > > >>>> > ["puppet:///foo/file-$hostname","puppet:///foo/file-$lsbdistcodename > > > >>>> ","puppet:///foo/file"] > > > >>>> - check for modules/foo/file-www4, then file-jaunty, then file > > > > > > >>>> * sourceselect: > > > > > > >> Whether to copy all valid sources, or just the first one. This > > parameter > > > >> is only used in recursive copies; by default, the first valid > > source is > > > >> the only one used as a recursive source, but if this parameter > > is set to > > > >> all, then all valid sources will have all of their contents > > copied to > > > >> the local host, and for sources that have the same file, the > > source > > > >> earlier in the list will be used. Valid values are first, all. > > > > > > >> So you can have both variants. > > > > > > >> cheers pete > > > > > > > When I tried to do this with > > > > > > source => [ 'puppet://host1/files/target','puppet://host2/files/ > > target'] > > > it works fine for the first host, which acts as the puppetmaster, > > but not > > > for the second one. It complains about an unknown CA. > > > > > > I realize that this is because the CA certificates differ on the > > two hosts, > > > and the certificate puppet is using to pull files is only signed > > by one of > > > the two, the one it gets its configuration from. > > > > > > Is there a key or keys I can distribute to each node so that I can > > pull > > > files from all of them? > > > > > > Thanks! > > > > > > Luke- Hide quoted text - > > > > > > - Show quoted text - > > > > > > > > > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
