I came across these two posts
http://www.md3v.com/blocking-bittorrent
and
http://serverfault.com/questions/27088/using-linux-iptables-how-to-block-torrents-or-any-p2p-protocols
Whats interesting is that both use different algorithms (http://en.wikipedia.org/wiki/Boyer%E2%80%93Moore_string_search_algorithm vs http://en.wikipedia.org/wiki/Knuth%E2%80%93Morris%E2%80%93Pratt_algorithm )
HTH
Brent
Wednesday, August 15, 2012
Monday, August 13, 2012
Puppet client cert clash
Im starting to add Puppet to my skillset.
I made a mistake on my test vm, so I rebuilt it, and I thought, just doing a :
puppetca --revoke puppetclient1.test.com
Would suffice ... I was wrong.
For I got
root@puppetclient1:~# puppetd --waitforcert 60 -t --server puppetmaster.test.com
err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key
err: Could not retrieve catalog from remote server: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
I found out that you actually need to
a) On the client, cd to '/var/lib/puppet/ssl/'. Just run 'find .', and then rm only those certs that are applicable to your client (Dont rm ca.pem).
b) On the puppetmaster, run, 'puppetca clean puppetclient1.test.com'
c) On the puppet client run 'puppetd --waitforcert 60 -t --server puppetmaster.test.com'
d) On the puppet master, puppetca --sign puppetclient1.test.com
HTH
Brent
I made a mistake on my test vm, so I rebuilt it, and I thought, just doing a :
puppetca --revoke puppetclient1.test.com
Would suffice ... I was wrong.
For I got
root@puppetclient1:~# puppetd --waitforcert 60 -t --server puppetmaster.test.com
err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key
err: Could not retrieve catalog from remote server: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
I found out that you actually need to
a) On the client, cd to '/var/lib/puppet/ssl/'. Just run 'find .', and then rm only those certs that are applicable to your client (Dont rm ca.pem).
b) On the puppetmaster, run, 'puppetca clean puppetclient1.test.com'
c) On the puppet client run 'puppetd --waitforcert 60 -t --server puppetmaster.test.com'
d) On the puppet master, puppetca --sign puppetclient1.test.com
HTH
Brent
Subscribe to:
Comments (Atom)