Hello Thanks to the ones who replied.
Patrick Mohr ha scritto: > Basically, the puppet packages you are using (and I suspect most > others) assume that the client and the server on a given machine are > part of the same PKI. It also might be assuming a couple of other > things, but my experiments never got that far. Hm, I see... >> Is there a way to make this all work as intended? > > > WARNING: This fix is almost as destructive as rm -Rf /var/lib/puppet > > > I think everything will just work if you set puppetd and puppetmaster > to have a different "ssldir" like this: > > [main] #remove the ssldir entry from here. > > [puppetmasterd] ssldir=/var/lib/puppet/ssl_server > > [puppetd] ssldir=/var/lib/puppet/ssl_client That did the trick, thanks. > I won't say this is working as intended. The normal way is to make a > real PKI that includes all the servers, but this is probably much > easier, and will probably do what you want. > I'm not sure if you're suggesting to use a single machine to host a CA for the whole infrastructure. In case, would that scale? Thanks Ciao --bronto -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
