Hi, I am trying to achieve the following in Ubuntu 18.04 (bionic):
1) I want to have several Puppet servers act as compile masters. They will be load balanced and point to a DNS record in AWS. 2) All the compile masters will share same Puppet CA server. The CA server be responsible for only signing certificates and nothing else. This should be reasonably easy to implement but I am not getting odd SSL errors at every turn. I am looking to know how I should go about creating a setup like this with open source Puppet. The steps that I am following now are something like this: 1) Provision the instance from a packer template. I am installing Puppet 5.5.6 from the packer template. 2) Login to the server and install puppetserver. 3) Disable internal CA service from services.d/ca.cfg file. 4) Edit puppet.conf to point master to the DNS name of the load balancer. Don't do any change of ca server for now. Don't run any puppet agent as well. 5) Provision another instance from the same packer template. 6) Install puppetserver. 7) Edit it's puppet.conf to point to the DNS name of the load balancer and also change ca server to this server itself. 8) Run puppet agent -t on the compile master created in step 1. 9) Sign the cert in CA server. Is this all that there is? Do I need to do any config change in the webserver.conf of the Puppet compile master? If so, what would be required changes? What files should be copied over from the CA server to the compile server? What files need to be copied over from CA server to the compile server and where they should be placed? Right now in my CA server, I am getting this error: # puppet agent -t Warning: Setting autosign is deprecated. (location: /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/settings.rb:1169:in `issue_deprecation_warning') Warning: Setting ca is deprecated. (location: /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/settings.rb:1169:in `issue_deprecation_warning') Warning: Unable to fetch my node definition, but the agent run will continue: Warning: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [ok for /CN=puppetserver.org.com] Info: Retrieving pluginfacts Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [ok for /CN=puppetserver.org.com] Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [ok for /CN=puppetserver.org.com] Info: Retrieving plugin Error: /File[/opt/puppetlabs/puppet/cache/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [ok for /CN=puppetserver.org.com] Error: /File[/opt/puppetlabs/puppet/cache/lib]: Could not evaluate: Could not retrieve file metadata for puppet:///plugins: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [ok for /CN=puppetserver.org.com] Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [ok for /CN=puppetserver.org.com] Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run Error: Could not send report: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [ok for /CN=puppetserver.org.com] root@puppet-ca-server:~# And in Puppet compile master, I am getting: # puppet agent -t Warning: Unable to fetch my node definition, but the agent run will continue: Warning: execution expired Info: Retrieving pluginfacts Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Failed to generate additional resources using 'eval_generate': execution expired Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: execution expired Info: Retrieving plugin Error: /File[/opt/puppetlabs/puppet/cache/lib]: Failed to generate additional resources using 'eval_generate': execution expired Error: /File[/opt/puppetlabs/puppet/cache/lib]: Could not evaluate: Could not retrieve file metadata for puppet:///plugins: execution expired Error: Could not retrieve catalog from remote server: execution expired Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run root@puppetserver:~# The nodes are not yet in site.pp but I would expect the errors to be different. Thanks, -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/c6d93372-bb2d-4f6b-8db8-136cbd55f464%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
