Load balanced passenger (with ProxyPassMatch) to puppetserver (1.1) - how?

asked 2015-12-22 04:21:15 -0500

phoenixx_ gravatar image

I have a current puppetmaster setup with one CA and two puppetmasters serving as front. These were set up with foreman which sets up the apache/passenger etc. Now I am trying to convert the current setup to use puppetserver 1.1 instead (as a prep for puppet 4 upgrade). All clients use SVR records to connect to the frontingfacing puppetmasters.

After following the instructions which I found it still is not working and the client is getting SSL errors.

Error: Could not retrieve catalog from remote server: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read finished A

Even though all the certs etc are placed correctly (as they were referenced in apache) the above errors occur. Is there an easy step-by-step guide to move from passenger to puppetserver where you have puppetmasters with a separate ca?

I am also wondering about the ProxyPassMatch directive which the passenger uses to proxy certificate creations to the Puppet CA

  ProxyPassMatch ^/([^/]+/certificate.*)$ https://puppetca.local:8140/$1

How can I handle this with the new puppetserver setup?

edit retag flag offensive close merge delete