hello ,your steps helped me a lot. I am able to create a failover. now. Thank you very much !
Le jeu. 21 janv. 2021 à 03:57, comport3 <[email protected]> a écrit : > You will need to enable DNS alt names in your CA config, and issue a few > names per server - likely including a common one shared by all nodes such > as "puppetdb.domain.example". > https://puppet.com/docs/puppetserver/6.12.2/scaling_puppet_server.html => > dns_alt_names > Then you'll need to go through the steps to (re)configure your PuppetDB > SSL setup. This is usually replacing the 'ssl-key', 'ssl-cert' and > 'ssl-ca-cert' defined in your jetty.ini config. > On my local setup this is located under /etc/puppetlabs/puppetdb/ssl/, use > the same permissions as the old setup, then restart the 'puppetdb' services. > On Wednesday, January 20, 2021 at 3:32:54 AM UTC+11 Nerbolff wrote: > >> Hello everyone. for security reasons. we decided to get 2 puppetdb >> servers up and running. there will be a setup with *master* and *slave*. >> >> We thought of using our load balancer to perform this operation. So we >> need a *cname* with a valid self-generated certificate. ie: >> puppetdb.internet.net >> >> >> Here's how I think I'm going to achieve it: >> >> - I generated my puppetdb cert via the puppetca: >> >> $ sudo puppetserver ca generate --certname puppetdb.internet.net >> Successfully saved private key for puppetdb.internet.net to >> /etc/puppetlabs/puppet/ssl/private_keys/puppetdb.internet.net.pem >> Successfully saved public key for puppetdb.internet.net to >> /etc/puppetlabs/puppet/ssl/public_keys/puppetdb.internet.net.pem >> Successfully submitted certificate request for puppetdb.internet.net >> Error: >> Signed certificate puppetdb.internet.net could not be found on the CA >> Successfully signed certificate request for puppetdb.internet.net >> Successfully saved certificate for puppetdb.internet.net to >> /etc/puppetlabs/puppet/ssl/certs/puppetdb.internet.net.pem >> >> >> Then I copied over the freshly selfsigned cert from puppetca to puppetDB. >> I changed the */etc/puppetlabs/puppetdb/conf.d/jetty.ini* like this : >> >> ssl-key = >> /etc/puppetlabs/puppet/ssl/private_keys/puppetdb.internet.net.pem >> ssl-cert = >> /etc/puppetlabs/puppet/ssl/public_keys/puppetdb.internet.net.pem >> ssl-ca-cert = /etc/puppetlabs/puppet/ssl/certs/puppetdb.internet.net.pem >> >> restarting my puppetdb, I get an error about certification >> implementation. error is not clear. java errors >> >> At the end, my goal is to start puppetdb with the certificate >> *puppetdb.internet.net >> <http://puppetdb.internet.net> *loaded. then the puppetmaster didn't >> complain about the puppetca certificate. >> >> Does someone have any idea? >> Thanks. >> > -- > You received this message because you are subscribed to a topic in the > Google Groups "Puppet Users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/puppet-users/qvLBVR1wlzs/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/942f949f-afb8-4fda-8e2b-3ab9cb731095n%40googlegroups.com > <https://groups.google.com/d/msgid/puppet-users/942f949f-afb8-4fda-8e2b-3ab9cb731095n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAM9FioAaW83ZAugpW_c2SW%3D-Aw3gtBYqBeCY4PLrY5Fwu-Gfxg%40mail.gmail.com.
