Hi Ryan, On 28 Apr 2015, at 01:34, Ryan Anderson <ryan.c.ander...@gmail.com> wrote:
> I have a need to send reports from a puppet master B in datacenter B to > puppetdb on master A in datacenter A. Both are using puppet open source 3.7.1 > and puppetdb 2.2 (master A) or puppetdb-terminus (master B). This is easily possible when using a common CA between both masters. 1. Master of Masters (CA, Modules for PuppetDB and Puppet Masters) 2. Puppet DB 3. Puppet Master A (catalog compile and file serving) 4. Puppet Master B (catalog compile ans file serving) > > I have done all steps here: > https://docs.puppetlabs.com/puppetdb/2.2/connect_puppet_master.html. However, > this page says nothing about using SSL certs so that puppetdb-terminus on > master B can connect to https port 8081 on master A. I get errors like this: > Warning: Error 400 on SERVER: Could not retrieve facts for > masterB.example.com: Failed to find facts from PuppetDB at > masterA.example.com:8081: SSL_connect returned=1 errno=0 state=SSLv3 read > server certificate B: certificate verify failed: [unable to get local issuer > certificate for /CN=masterA.example.com] > > The separate page on setting up master-less puppet agents to send puppetdb > reports touches on this: > https://docs.puppetlabs.com/puppetdb/2.2/connect_puppet_apply.html > > The most promising solution here looks like setting up an apache SSL proxy > that redirects https 8081 to localhost:8080 mentioned here: > https://docs.puppetlabs.com/puppetdb/2.2/connect_puppet_apply.html#option-a-set-up-an-ssl-proxy-for-puppetdb. > However, I know little about configuring apache this way, and an example > config isn't provided. It even says > More detailed instructions for setting up this proxy will be added to this > guide at a later date". The 2.3 instruction lacks this also. Any ideas? > The apache documentation for mod_proxy has some examples on how to set up an https -> http proxy. hth, Martin -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/543EF0DF-319D-4184-84FB-209E458EF8EC%40gmail.com. For more options, visit https://groups.google.com/d/optout.
