Ask Your Question
0

Running puppetmaster that is already a puppet agent of another PuppetMaster

asked 2015-11-30 08:26:45 -0500

Yasebriy gravatar image

Hello Community, Please How can I run puppetmaster that's is already a puppet agent of another Puppetmaster ?

When I am trying to run puppetmaster is shows me this : err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key

Actually I have a puppetmaster that is working fine with agents and I want that agent to be also a puppetmaster of another agents... I hope I am clear.

Details : facterversion => 1.5.8 fqdn => util02.dms01.tt016.lan puppetversion => 2.6.6 rubyversion => 1.8.6

I have deleted all the contenant of /var/lib/puppet/ssl/ and cleaned the certs in the Master.

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
0

answered 2015-12-03 10:56:06 -0500

you can only have one ca (not strictly true as you can have a load balancer in front of multiple ca's with shared storage..)

choose 1st puppetmaster as ca - then specify in puppet.conf the ca_server setting - then should work,

edit flag offensive delete link more
0

answered 2015-12-03 16:57:28 -0500

Yasebriy gravatar image

Hello,

thanks for your answer, however I have created a new directory in /var/lib/puppet/ (sslmaster) in the agent and added theses lines to /etc/puppet/puppet.conf : ... [master] ssldir = $vardir/sslmaster

This way the new puppetmaster (which is an agent of an existing ppmaster) has his own CA.

both agent and ppmaster are running.

Cheers

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2015-11-30 08:26:45 -0500

Seen: 95 times

Last updated: Dec 03 '15