Jeff, thank you very much for taking the time to answer all my questions. I
really appreciate it. This thread had helped me a lot in my journey to
mastering Puppet.
Thank you again!
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this
On Mon, Jun 18, 2012 at 7:06 AM, kai wrote:
> I understand that only the CA cert needs to be copied on the LB and not
> the private key, as the private key is just for signing the agents
> certificates. Just wanted to note that the CA also needs
> SSLCARevocationFile, for revocation to work it se
I understand that only the CA cert needs to be copied on the LB and not the
private key, as the private key is just for signing the agents
certificates. Just wanted to note that the CA also needs
SSLCARevocationFile, for revocation to work it seems.
The only other concept that is not clear to me
On Fri, Jun 15, 2012 at 1:27 PM, kai wrote:
> I get it now! Since the CA signed the agents cert the LB knows that the
> agent cert is valid because the LB has the CA cert and key to validate
> with. So, what is the point of the CA storing all the signed agent certs?
Yes, but one more detail; th
I get it now! Since the CA signed the agents cert the LB knows that the
agent cert is valid because the LB has the CA cert and key to validate
with. So, what is the point of the CA storing all the signed agent certs?
--
You received this message because you are subscribed to the Google Groups
On Fri, Jun 15, 2012 at 11:51 AM, kai wrote:
> If the LB does not have all the signed agent's certificates, how will it
> know which agent is valid. All the signed certs are stored on the CA which
> is behind the LB.
>
The same way your web browser knows https://www.puppetlabs.com is valid
witho
If the LB does not have all the signed agent's certificates, how will it
know which agent is valid. All the signed certs are stored on the CA which
is behind the LB.
I'll try and figure out how to just copy the signed certificate and the
private key associated with that certificate from the CA t
On Fri, Jun 15, 2012 at 6:27 AM, kai wrote:
> Jeff,
>
> So the way I solved this is by exporting the /var/lib/puppet/ssl directory
> from the Puppet CA and mounting it on the LB, then making sure that the
> Puppet Masters have "certname = puppetlb.example.com" in their
> puppet.conf files.
> I wo
Jeff,
So the way I solved this is by exporting the /var/lib/puppet/ssl directory
from the Puppet CA and mounting it on the LB, then making sure that the
Puppet Masters have "certname = puppetlb.example.com" in their puppet.conf
files.
I wonder if there's better way to do this, as the LB actuall
Well everything would have to be synced...
On Thu, Jun 14, 2012 at 5:03 PM, david.gar...@gmail.com <
david.gar...@gmail.com> wrote:
> You would have to sync serial number too?
>
>
> On Thu, Jun 14, 2012 at 12:10 PM, david.gar...@gmail.com <
> david.gar...@gmail.com> wrote:
>
>> If puppet is to be
You would have to sync serial number too?
On Thu, Jun 14, 2012 at 12:10 PM, david.gar...@gmail.com <
david.gar...@gmail.com> wrote:
> If puppet is to be enterprise than I would think we should be able to use
> a CA generated for the organization?
>
>
> On Thu, Jun 14, 2012 at 12:03 PM, david.gar.
If puppet is to be enterprise than I would think we should be able to use a
CA generated for the organization?
On Thu, Jun 14, 2012 at 12:03 PM, david.gar...@gmail.com <
david.gar...@gmail.com> wrote:
> Yeah,
>
> Good question: Sorry for the interjection. I would like to create a none
> puppet ge
Yeah,
Good question: Sorry for the interjection. I would like to create a none
puppet generated CA and intermediate CA for my puppet master. I tried but
failed. Does anyone have a procedure or has anyone done this?
Thanks,
Dave Garvey
On Thu, Jun 14, 2012 at 9:45 AM, Jeff McCune wrote:
> Is th
Is the same CA is being used to issue the lb certificate and issue the
agent certificate?
Could you paste the output of `puppet cert print puppetlb.example.com`
and again for the agent you're seeing the error on? `puppet cert
print `
-Jeff
On Thu, Jun 14, 2012 at 7:50 AM, kai wrote:
> Puppet v
Puppet version 2.7.14 on Ubuntu.
My puppet master config:
[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates
[master]
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_C
15 matches
Mail list logo
