Hello everyone. for security reasons. we decided to get 2 puppetdb servers
up and running. there will be a setup with *master* and *slave*.
We thought of using our load balancer to perform this operation. So we need
a *cname* with a valid self-generated certificate. ie:
puppetdb.internet.net
Here's how I think I'm going to achieve it:
- I generated my puppetdb cert via the puppetca:
$ sudo puppetserver ca generate --certname puppetdb.internet.net
Successfully saved private key for puppetdb.internet.net to
/etc/puppetlabs/puppet/ssl/private_keys/puppetdb.internet.net.pem
Successfully saved public key for puppetdb.internet.net to
/etc/puppetlabs/puppet/ssl/public_keys/puppetdb.internet.net.pem
Successfully submitted certificate request for puppetdb.internet.net
Error:
Signed certificate puppetdb.internet.net could not be found on the CA
Successfully signed certificate request for puppetdb.internet.net
Successfully saved certificate for puppetdb.internet.net to
/etc/puppetlabs/puppet/ssl/certs/puppetdb.internet.net.pem
Then I copied over the freshly selfsigned cert from puppetca to puppetDB.
I changed the */etc/puppetlabs/puppetdb/conf.d/jetty.ini* like this :
ssl-key = /etc/puppetlabs/puppet/ssl/private_keys/puppetdb.internet.net.pem
ssl-cert = /etc/puppetlabs/puppet/ssl/public_keys/puppetdb.internet.net.pem
ssl-ca-cert = /etc/puppetlabs/puppet/ssl/certs/puppetdb.internet.net.pem
restarting my puppetdb, I get an error about certification implementation.
error is not clear. java errors
At the end, my goal is to start puppetdb with the certificate
*puppetdb.internet.net
*loaded. then the puppetmaster didn't complain about the puppetca
certificate.
Does someone have any idea?
Thanks.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/163cae20-4e87-400a-8f95-fa51bb241aadn%40googlegroups.com.
