Load balanced passenger (with ProxyPassMatch) to puppetserver (1.1) - how?
I have a current puppetmaster setup with one CA and two puppetmasters serving as front. These were set up with foreman which sets up the apache/passenger etc. Now I am trying to convert the current setup to use puppetserver 1.1 instead (as a prep for puppet 4 upgrade). All clients use SVR records to connect to the frontingfacing puppetmasters.
After following the instructions which I found it still is not working and the client is getting SSL errors.
Error: Could not retrieve catalog from remote server: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read finished A
Even though all the certs etc are placed correctly (as they were referenced in apache) the above errors occur. Is there an easy step-by-step guide to move from passenger to puppetserver where you have puppetmasters with a separate ca?
I am also wondering about the ProxyPassMatch directive which the passenger uses to proxy certificate creations to the Puppet CA
ProxyPassMatch ^/([^/]+/certificate.*)$ https://puppetca.local:8140/$1
How can I handle this with the new puppetserver setup?