Hi All,
I have spent days trying to get a CA Master configuration setup. I have
followed the exactly followed the documentation provided by Puppet cannot
seem to determine what I am doing wrong.
I have DNS configured to Round Robin between 2 Non-CA Puppet Masters. I
have one CA Puppet Master. I am just using one client for testing right
now. The pertinent portions of puppet.conf for all of these are shown at
the bottom.
I have done the following:
- Ran the following CA Master.
- puppet master --verbose --no-daemonize
- Ran the following on both the Non-CA Masters. This creates
certificates ready to sign on the CA Master.
- puppet agent --test
- Sign both certificates on the the CA Master. Both get signed fine.
- puppet cert --allow-dns-alt-names sign --all
Now when I run 'puppet agent --test' on my client I get the following:
Info: Creating a new SSL key for gpfs-puppetclient-v01.osp.lab.level3.net
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for
gpfs-puppetclient-v01.osp.lab.level3.net
Info: Certificate Request fingerprint (SHA256):
CD:45:B3:6C:6F:0B:EE:43:CF:1A:55:C1:01:DF:D2:C5:AB:DB:BC:EF:DD:54:1F:01:14:98:A4:D5:1D:DB:16:41
Info: Caching certificate for gpfs-puppetclient-v01.osp.lab.level3.net
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for ca
Warning: Unable to fetch my node definition, but the agent run will
continue:
Warning: Connection refused - connect(2)
Info: Retrieving pluginfacts
Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional
resources using 'eval_generate': Connection refused - connect(2)
Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not
retrieve file metadata for
puppet://dev-puppetmaster.osp.lab.level3.net/pluginfacts: Connection
refused - connect(2)
Info: Retrieving plugin
Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources
using 'eval_generate': Connection refused - connect(2)
Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve
file metadata for puppet://dev-puppetmaster.osp.lab.level3.net/plugins:
Connection refused - connect(2)
I am using Passenger.
Thanks in advance. This has been driving me insane.
==================================================
====== Non-CA puppet.conf =========================
==================================================
[main]
ca = false
ca_server = dev-puppetca.osp.lab.level3.net
dns_alt_names =
dev-puppetmaster.osp.lab.level3.net,dev-puppetmaster01.osp.lab.level3.net,dev-puppetmaster02.osp.lab.level3.net,dev-puppetca-pri.osp.lab.level3.net,dev-puppetca-sec.osp.lab.level3.net,dev-puppetca.osp.lab.level3.net
==================================================
====== CA puppet.conf ============================
==================================================
[main]
ca = true
certname = dev-puppetca.osp.lab.level3.net
dns_alt_names =
dev-puppetmaster01.osp.lab.level3.net,dev-puppetmaster02.osp.lab.level3.net,dev-puppetmaster.osp.lab.level3.net,dev-puppetca-pri.osp.lab.level3.net,dev-puppetca-sec.osp.lab.level3.net,dev-puppetca.osp.lab.level3.net
==================================================
====== Puppet Client puppet.conf =================
==================================================
server = dev-puppetmaster.osp.lab.level3.net
ca_server = dev-puppetca.osp.lab.level3.net
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/43f25592-f043-44a3-970f-a7cc28653e29%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
