I'm trying to unify puppet with func too, but I'm still getting this error:
Error: [('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert bad certificate'), ('SSL routines', 'SSL3_READ_BYTES', 'ssl handshake failure')]
Minion config
[main]
log_level = INFO
acl_dir = /etc/func/minion-acl.d
listen_addr =
listen_port = 51234
minion_name = test-machine.test.org
method_log_dir = /var/log/func/methods/
use_certmaster = False
ca_file=/var/lib/puppet/ssl/certs/ca.pem
cert_file=/var/lib/puppet/ssl/certs/test-machine.test.org.pem
key_file=/var/lib/puppet/ssl/private_keys/test-machine.test.org.pem
crl_location=/var/lib/puppet/ssl/crl.pem
overlord.conf
# configuration for overlord
[main]
socket_timeout = 0
backend = conf
group_db =
puppet_minions = True
Could you please guide me in the right way?
Thank you
Filip
On Thu, Mar 31, 2011 at 4:11 AM, Greg Swift <gregswift@xxxxxxxxx> wrote:
On Wed, Mar 30, 2011 at 18:42, Norvell, Preston <Preston.Norvell@xxxxxxxxxxxxxxxxxxxx> wrote:
I've read the func man page and trolled the list as much as I can to find an answer to this; apologies if I've been blind.
I'm interested in running Func in conjunction with our pre-existing Puppet infrastructure. ÂPer the wiki <https://fedorahosted.org/func/wiki/FuncWithPuppet> the wiki itself is no longer an appropriate reference for doing the integration work as of 0.27 (I've got func-0.27 from rpmforge and certmaster-0.27 from another location). ÂIs there a reference for what the new proper integration is? ÂI am (and my team is) new to Func so perhaps I'm missing something that would intuitive to a seasoned user, but I'm down to reading the patch commits and such to try to figure things out. ÂI would appreciate any pointers, and I'd be happy to provide an updated wiki page if one is not already elsewhere.
I've never set it up, and this might not work (but i hope it can at least get you going the right direction till someone more in the know answers), however to the best of my knowledge:
1: overlord must be on the same host as puppetmaster
2: in /etc/func/overlord.conf:
   a: you need to set "puppet_minions = True" under the [main] section.
ÂÂÂÂÂ b: set ca_file, cert_file, key_file based on where puppet places its files
ÂÂÂÂÂ c: If the following is not true for you environment you need to set how your system is configured in /etc/func/overlord.conf:
    Â puppet_inventory = /var/lib/puppet/ssl/ca/inventory.txt
    Â puppet_signed_certs_dir = /var/lib/puppet/ssl/ca/ca_crl.pem
3: On minion in /etc/func/minion.conf:
ÂÂÂÂÂ a: set "use_certmaster = False"
ÂÂÂÂÂ b: set ca_file, cert_file, key_file, and crl_location paths based on where puppet places its files
ÂÂÂÂÂ c: start daemon
4: Back on overlord try running 'func "*" ping'
If that doesn't work then 2b might need to be augmented with the previous "passphrase/key removal" steps from the wiki.
Cleanup help on the wiki is always appreciated :)
-greg/xaeth
_______________________________________________
Func-list mailing list
Func-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/func-list
_______________________________________________ Func-list mailing list Func-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/func-list