puppet compile master load balancing

[chanlinux]

Hi,

I have set-up one MOM and two compile masters by following the link - https://puppet.com/docs/pe/2017.3/installing/installing_compile_masters.html. I am able to download and install the package in agents by replacing the MOM server ip with LB ip.

Client details: Client are pointed to LB IP

Ha proxy configuration: 

frontend puppet-frontend_test_1

  bind x.x.x.x:8140

  mode  tcp

  default_backend puppet-backend-test-1

backend puppet-backend-test-1

  balance roundrobin

  mode tcp

  stick-table type ip size 1m expire 1m

  server server1 compilemaster1.example.com:8140

  server server2 compilemaster2.example.com:8140

I am facing issues to run puppet client in agents after registration and getting below error. please help me.

Warning: Unable to fetch my node definition, but the agent run will continue:

Warning: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [ok for /CN=compilemaster1.example.com]

Info: Retrieving pluginfacts

Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [ok for /CN=compilemaster1.example.com]

Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [ok for /CN=compilemaster1.example.com]

Thanks in advance.

chanlinux

[Thomas Müller]

Am Dienstag, 29. Mai 2018 17:14:38 UTC+2 schrieb chanlinux:

Warning: Unable to fetch my node definition, but the agent run will continue:

Warning: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [ok for /CN=compilemaster1.example.com]

Info: Retrieving pluginfacts

Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [ok for /CN=compilemaster1.example.com]

Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [ok for /CN=compilemaster1.example.com]

the server provided cert fails the validation.does it work if you connect your agent directly to the compilemaster1.example.com ?

are you using PE ?

[chandrashekar]

the server provided cert fails the validation.does it work if you connect your agent directly to the compilemaster1.example.com ?

Yes

are you using PE ?

Yes

Thanks,

Chanlinux

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/38365657-8bf1-4730-913f-3d104bdf7f04%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Thomas Müller]

Am Mittwoch, 30. Mai 2018 13:40:19 UTC+2 schrieb chanlinux:

the server provided cert fails the validation.does it work if you connect your agent directly to the compilemaster1.example.com ?

Yes

does

puppet cert list --all

show the DNS name of the load-balancer on  both compiler server certs?

 

are you using PE ?

Yes

then you also could ask Puppet Inc these questions: https://support.puppet.com

 

 thomas

[chandrashekar]

i fixed the issue by updating the LB name to master certificate

--

You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/82b2f129-1c20-4b8b-9fe8-efcf9d378b98%40googlegroups.com.