Only if all your servers use the *same* certificate and are listed as
alternate DNS names in certdnsnames. (Search the group for certdnsnames for
examples - including mine)

John

On 30 November 2010 04:24, CraftyTech <hmmed...@gmail.com> wrote:

>     I'm only using one master for CA (following
> http://bodepd.com/wordpress/?p=7).
> But When I run puppetd -t from a client, against an alternate master
> (puppetd -t --server alt_master.domain.com), I get "err: Could not
> retrieve catalog from remote server: hostname not match with the
> server certificate".  Shouldn't I be able to run puppet against any of
> the masters?
>
> Thanks,
>
>
>
> On Nov 18, 3:43 pm, Nigel Kersten <ni...@puppetlabs.com> wrote:
> > On Thu, Nov 18, 2010 at 12:01 PM, Scott Smith <sc...@ohlol.net> wrote:
> > > Puppetmasters (the puppetmasterds serving catalogs) don't need access
> to the
> > > same SSL dir the Puppet CA (the puppetmasterd signing and revoking
> certs).
> > > But, they do need to share the private key for presenting
> thecertificate
> > > for puppet.domain.com. And the CRL as well, if you use it. That
> directory
> > > doesn't have to be shared via NFS. You could rsync the ssl directory
> between
> > > your puppetmasters.
> >
> > Absolutely. I just try to avoid NFS where possible.
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > > On Thu, Nov 18, 2010 at 9:00 AM, Nigel Kersten <ni...@puppetlabs.com>
> wrote:
> >
> > >> I think it's a bad idea to deal with the overhead of an NFS mount when
> > >> you have a dedicated puppet CA, as on your non-CA servers there should
> > >> be no need to ever write to that directory.
> >
> > >> On Wed, Nov 17, 2010 at 7:55 PM, Scott Smith <sc...@ohlol.net> wrote:
> > >> > Oh, that's for sharing the puppetmaster SSL keypair between each
> other,
> > >> > that's all.
> >
> > >> > On Nov 17, 2010 3:53 PM, "Nigel Kersten" <ni...@puppetlabs.com>
> wrote:
> > >> >> On Wed, Nov 17, 2010 at 1:29 PM, Scott Smith <sc...@ohlol.net>
> wrote:
> > >> >>> nfs mount the puppetmaster ssl dir. seperate puppetca (set on
> clients)
> > >> >>> play
> > >> >>> with it and you'll figure it out :)
> >
> > >> >> Why do you need to nfs mount the puppetmaster SSL dir in this case
> > >> >> Scott?
> >
> > >> >> There's no state to be shared if you're operating with a dedicated
> > >> >> puppetca.
> >
> > >> >>> On Nov 11, 2010 9:18 AM, "luke.bigum" <luke.bi...@fasthosts.co.uk
> >
> > >> >>> wrote:
> > >> >>>> Hi,
> >
> > >> >>>> Does anyone know if this document is up to date (besides the
> comment
> > >> >>>> at the top saying it's not):
> >
> > >> >>>>
> http://projects.puppetlabs.com/projects/1/wiki/Multiple_Certificate_A...
> >
> > >> >>>> Or does anyone who has a load balanced multi puppet master with
> some
> > >> >>>> kind of shared CA confirm that the procedure is accurate?
> >
> > >> >>>> --
> > >> >>>> You received this message because you are subscribed to the
> Google
> > >> >>>> Groups
> > >> >>>> "Puppet Users" group.
> > >> >>>> To post to this group, send email to
> puppet-us...@googlegroups.com.
> > >> >>>> To unsubscribe from this group, send email to
> > >> >>>> puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com>
> .
> > >> >>>> For more options, visit this group at
> > >> >>>>http://groups.google.com/group/puppet-users?hl=en.
> >
> > >> >>> --
> > >> >>> You received this message because you are subscribed to the Google
> > >> >>> Groups
> > >> >>> "Puppet Users" group.
> > >> >>> To post to this group, send email to
> puppet-us...@googlegroups.com.
> > >> >>> To unsubscribe from this group, send email to
> > >> >>> puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com>
> .
> > >> >>> For more options, visit this group at
> > >> >>>http://groups.google.com/group/puppet-users?hl=en.
> >
> > >> >> --
> > >> >> Nigel Kersten - Puppet Labs -  http://www.puppetlabs.com
> >
> > >> >> --
> > >> >> You received this message because you are subscribed to the Google
> > >> >> Groups
> > >> >> "Puppet Users" group.
> > >> >> To post to this group, send email to puppet-users@googlegroups.com
> .
> > >> >> To unsubscribe from this group, send email to
> > >> >> puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com>
> .
> > >> >> For more options, visit this group at
> > >> >>http://groups.google.com/group/puppet-users?hl=en.
> >
> > >> > --
> > >> > You received this message because you are subscribed to the Google
> > >> > Groups
> > >> > "Puppet Users" group.
> > >> > To post to this group, send email to puppet-us...@googlegroups.com.
> > >> > To unsubscribe from this group, send email to
> > >> > puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com>
> .
> > >> > For more options, visit this group at
> > >> >http://groups.google.com/group/puppet-users?hl=en.
> >
> > >> --
> > >> Nigel Kersten - Puppet Labs -  http://www.puppetlabs.com
> >
> > >> --
> > >> You received this message because you are subscribed to the Google
> Groups
> > >> "Puppet Users" group.
> > >> To post to this group, send email to puppet-us...@googlegroups.com.
> > >> To unsubscribe from this group, send email to
> > >> puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com>
> .
> > >> For more options, visit this group at
> > >>http://groups.google.com/group/puppet-users?hl=en.
> >
> > > --
> > >http://about.me/scoot
> > >http://twitter.com/ohlol
> >
> > > --
> > > You received this message because you are subscribed to the Google
> Groups
> > > "Puppet Users" group.
> > > To post to this group, send email to puppet-us...@googlegroups.com.
> > > To unsubscribe from this group, send email to
> > > puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com>
> .
> > > For more options, visit this group at
> > >http://groups.google.com/group/puppet-users?hl=en.
> >
> > --
> > Nigel Kersten - Puppet Labs -  http://www.puppetlabs.com
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com>
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>


-- 
John Warburton
Ph: 0417 299 600
Email: jwarbur...@gmail.com

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Reply via email to