How to seperate the CA server from Master (basic setup)?

Question

I followed Centralize the Certificate Authority guide to seperate my ca from the master however I'm running into trouble.

My Setup

Hosts file

I have the following in the /etc/hosts file on all hosts:

192.168.33.11 puppetcaserver
192.168.33.10 puppet

Puppet Master config

[main]

    ca_server = puppetcaserver

[master]
    ca = false

Puppet CA config

[master]
    ca         = true

Agent

 [master]
    ca_server = puppetcaserver
    server    = puppet

I can successfully start the CA. The puppet master fails with:

Error: Could not run: Could not retrieve certificate for centos65-box-1 and not running on a valid certificate authority

Full debug logs here

Puppet version used: 3.7.3

Can someone please highlight what the issue is? Thanks.

score 0 · Answer 1 · answered Nov 17 '14 at 17:45

0

On the agent machine, it does not make sense to specify options in the [master] section of puppet.conf. The [agent] section is eligible, but to keep it simple, just stick to the [main] section.

[main]
ca_server = puppetcaserver
server    = puppet

answered Nov 17 '14 at 17:45

Felix Frank

3,093
1
16
22