So in my auth.conf I have this currently (below), which I think is supposed to say allow any traffic in from any master I guess I could put those hostnames in for the puppet hosts with something like puppet*.company.com. Do I require SSL auth here? I am just sending inventory information to a designated node which is mostly being used for RO (informational) data so security is not as critical.
If it is a requirement that I have a signed CA, that could be an issue as I have two puppet masters in each datacenter that has its own shared CA across those two puppet masters only (certname = puppet). I don't have one signed CA that every master is using. path /facts auth any method save allow * On Wed, Jan 4, 2012 at 12:36 PM, Nan Liu <n...@puppetlabs.com> wrote: > On Tue, Jan 3, 2012 at 10:54 AM, Christopher Johnston > <chjoh...@gmail.com> wrote: > > I have multiple masters (40+) that reside in remote locations, I want to > > have them send puppet inventory data to a central inventory with mysql. > > Once the data is there I would like puppet dashboard installation use > that > > data. I have not been able to get the remote masters to send their data > > back to the central server. > > > > I keep getting an error: > > > > err: Could not retrieve catalog from remote server: Error 400 on eth0: > > certificate verify failed. This is often because the time is out of > sync on > > the server or client > > > > On the remote inventory server node I am seeing an SSL error, SSL is > being > > used to authenticate the nodes in order to send the inventory data to the > > remote inventory server? > > Is the inventory server certificate sign by the same CA as the remote > masters? > > puppet cert -p inventory_server_cert > ... > Issuer: CN=Puppet CA ... > > puppet master --configprint certname > puppet_master_cert > puppet cert -p puppet_master_cert > ... > Issuer: CN=Puppet CA ... > > The puppet_master_cert listed above should be in auth.conf as > specified in this doc: > http://docs.puppetlabs.com/pe/1.2/upgrading.html > > Specifically: > # Allow puppet master to save facts to the inventory: > path /facts > auth yes > method save > allow <puppet master's certname> > > Thanks, > > Nan > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
