So, this is the best I can do:
Ok, here we go, how to configure an "in the middle" puppetmaster.
Eg.
```
Puppetmaster (CA) - server-A
Puppetmaster & Agent (to server-A) - server B
Agent (to server-B) - server-C
```
On server-B:
`service puppet stop`
`service puppetserver stop`
`vi /etc/pu
OMG I got it working...
I don't even really know how yet, but I'll reverse engineer what I did and
advise back here.
On Friday, 7 May 2021 at 10:43:29 am UTC+10 Aaron Nicoli wrote:
> So, I'm thinking this is the issue I'm running into, but still not sure
> how to resolve it:
>
> https://www.at
So, I'm thinking this is the issue I'm running into, but still not sure how
to resolve it:
https://www.atcomputing.nl/blog/certificate-authority-and-puppet-6/
Need to run puppetserver ca import - before starting the puppetserver.
However, it seems `--private-key` `--crl-chain` and `--cert-bundl
Cheers Warron,
It was pretty obvious something on B is broken, but what who knows...
I've just deleted everything related to B and C (A is prod, B and C are new
dev) [rm -rf /etc/puppetlabs/puppet/ssl; rm -rf
/etc/puppetlabs/puppetserver/ca; puppetserver ca clean x].
After doing this, will bot
@Aaron, good evening from the east coast of the USA.
It looks like the first break in the chain is on ServerB, if that was not
also obvious to you. To be clear, I have not worked with puppet since
version 4, and in my current professional role we don't use Puppet at all
(makes me sad actually).
G'day Warron,
So, doing some ca/ssl info gathering (note puppet cert not being a thing
anymore on 7x that I'm running):
On server-A (CA & master 1):
puppetserver ca list --all
server-A (alt names: DNS:puppet, DNS:server-A)
server-B (alt names: DNS:server-B)
server-C (alt names: DNS:server-C)
pu
This, if I remember correctly, looks like a certificate chain issue. Your
Puppet Architecture is a "Master of Masters" architecture.
Cert for Server B is signed by Cert for Server A? Correct?
Is the cert for Server C (the agent) signed by the CA certificate chain?
Try executing: *puppet cert l
Hi all,
I have the following puppet layout:
```
Server A - Puppetserver (CA)
Server B - Puppetserver
Server C - Agent
```
With the agent (server C) having it's cert signed by the CA (server A)
however pointed to (server B) as it's master.
The issue I'm having is that when running `puppet
