Hi!

2 puppetmasters and 1 client installed on VMware. I'm using  puppetversion 
3.4.2 on all 3 hosts

2 pupetmasters, one as primary  (hostname =puppetserver.ops.ss) , second 
(hostname=puppetslave) as secondary, client (hostname=client.ops.ss). High 
availability and all other steps  -  exactly as described on this link 
http://projects.puppetlabs.com/projects/1/wiki/High_Availability_Patterns

2 puppetmasters + 1 client  in 192.168.1.x network

2 puppetmasters connected via 10.0.0.x network for heartbeat purposes. ( 
primary 10.0.0.1, secondary 10.0.0.2,  redundant IP 192.168.1.200)
heartbeat works

I moved ca_crl.pem to secondary puppetmaster according to link above.

primary puppetmaster
*/etc/hosts*
127.0.0.1 puppetserver
192.168.1.20 client
192.168.1.30 puppetslave

*puppet.conf*
all defaults , only added in
[main]
ca =true


secondary puppetmaster
*/etc/hosts*
127.0.0.1         puppetslave
192.168.1.20    client
192.168.1.10    puppetserver.ops.ss

*puppet.conf*
[main]
server = puppetserver.ops.ss
listen = true
ca = false
ca_server = puppetserver.ops.ss

client
*/etc/hosts*
127.0.0.1    client
192.168.1.200     puppetserver.ops.ss

*puppet.conf*
[main]
server = puppetserver.ops.ss
listen = true

Client machine gets certificate and puppet works with primary puppetmaster 
-   no problem at all.

Now I stop primary puppetmaster,   wait for secondary takes 192.168.1.200  
redundant ip    and trying on client machine:
#puppet agent --server puppetserver.ops.ss --waitforcert 45 --test --verbose
trying to get certificate from secondary puppetmaster for testing purposes.

And I got respond :
Could not retrieve catalog from remote  server: Server hostname 
'puppetserver.ops.ss' did not match server certificate; expected puppetslave

Could you help me with the problem? What's wrong?   

#openss x509 -text -noout -in /var/lib/puppet/ssl/certs/ca.pem   on 
secondary puppetmaster
gives CN=Puppet  CA:puppetserver.ops.ss

in my understanding secondary puppetmaster shoud send respond  as primary 
one ("puppetserver.ops.ss"), when first one is dead 
and actually it does,  why client does not accept it?

Thank you for your help

























-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/8d59db1d-14b4-44f6-987d-960d45938d36%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to