Hi! 2 puppetmasters and 1 client installed on VMware. I'm using puppetversion 3.4.2 on all 3 hosts
2 pupetmasters, one as primary (hostname =puppetserver.ops.ss) , second (hostname=puppetslave) as secondary, client (hostname=client.ops.ss). High availability and all other steps - exactly as described on this link http://projects.puppetlabs.com/projects/1/wiki/High_Availability_Patterns 2 puppetmasters + 1 client in 192.168.1.x network 2 puppetmasters connected via 10.0.0.x network for heartbeat purposes. ( primary 10.0.0.1, secondary 10.0.0.2, redundant IP 192.168.1.200) heartbeat works I moved ca_crl.pem to secondary puppetmaster according to link above. primary puppetmaster */etc/hosts* 127.0.0.1 puppetserver 192.168.1.20 client 192.168.1.30 puppetslave *puppet.conf* all defaults , only added in [main] ca =true secondary puppetmaster */etc/hosts* 127.0.0.1 puppetslave 192.168.1.20 client 192.168.1.10 puppetserver.ops.ss *puppet.conf* [main] server = puppetserver.ops.ss listen = true ca = false ca_server = puppetserver.ops.ss client */etc/hosts* 127.0.0.1 client 192.168.1.200 puppetserver.ops.ss *puppet.conf* [main] server = puppetserver.ops.ss listen = true Client machine gets certificate and puppet works with primary puppetmaster - no problem at all. Now I stop primary puppetmaster, wait for secondary takes 192.168.1.200 redundant ip and trying on client machine: #puppet agent --server puppetserver.ops.ss --waitforcert 45 --test --verbose trying to get certificate from secondary puppetmaster for testing purposes. And I got respond : Could not retrieve catalog from remote server: Server hostname 'puppetserver.ops.ss' did not match server certificate; expected puppetslave Could you help me with the problem? What's wrong? #openss x509 -text -noout -in /var/lib/puppet/ssl/certs/ca.pem on secondary puppetmaster gives CN=Puppet CA:puppetserver.ops.ss in my understanding secondary puppetmaster shoud send respond as primary one ("puppetserver.ops.ss"), when first one is dead and actually it does, why client does not accept it? Thank you for your help -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/8d59db1d-14b4-44f6-987d-960d45938d36%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.