Puppet "SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B" error

[root@test ~]# puppet agent -t
err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run

If you are running fedora 18 or newer http://fedoraproject.org/wiki/Anaconda/Kickstart#timezone

timezone --ntpservers=ntp.cesnet.cz,tik.nic.cz Europe/Prague

If you have something older

Best practise for Apache Virtual Hosts


As linux consultants we often work on systems that have been configured by someone else. Some of these systems have grown into webservers with a number of websites running as virtual hosts. Depending on the level of skill and insight the original system admin had, the apache configuration files can end up a tangled rats nest. I think this stems from the apache docs for vhost, albeit being very good, not give any guidelines on best practise for managing configuration files. Leading to people editing httpd.conf, to add virtual hosts, which soon gets mangled up. To make your virtual hosts manageable, the best practise is to use configuration files in /etc/httpd/conf.d/ for everything. Do not edit any of the config files in /etc/httpd/conf/ unless you really have to. A good starting point is to use a seperate file for each website. Or if you have specific needs create seperate configuration files to define difference web services. 



${fqdn} not working in puppet manifesto

When using ${fqdn} in your puppet manifestos to specify different config files for your nodes. often they will simply not pick up the correct file. 

  file { "/etc/sysconfig/iptables":
    ensure => "present",
    source => ["puppet:///modules/security/iptables.${fqdn}","puppet:///modules/security/iptables.default"],
    notify  => Service["iptables"], 

The iptables example above always gets the default iptables config file.

Subscribe to RSS - puppet