Sorry, i didn't mean the db for store configs. My issue with use FQDN is for machines that use dhcp and might not have the same host name, and when building a machine behind a router, in which case more than one machine might have the same host name.
I'm not thinking of using the --fqdn switch (if I cannot use a fact in the certname directive of puppet.conf) to uniquely ID a machine. Still have the issue of cleaning the cert on server though. --- Thanks, Allan Marcus 505-667-5666 On Jul 8, 2009, at 5:54 PM, Allan Marcus wrote: > the more I think about it, the more I am convinced that using the > Mac's serial number is the least worst option for cert name. There is > still the issue of the machine being reimaged that would require the > cert to be cleaned on the server, but using the serial number would > allow the host name to change and not screw up the store config DB. > > --- > Thanks, > > Allan Marcus > 505-667-5666 > > > > On Jul 8, 2009, at 2:18 PM, Kurt Engle wrote: > >> So are you wanting the cert cleaning and creation to happen >> everytime a client contacts the puppetmaster? >> >> What I am looking for is a script that will run on a newly imaged >> client that run at bootup before the puppetd process is started. >> That script would delete any cert on the puppetmaster and then the >> script would delete itself on the client. The issue that I am having >> is with clients that have been using puppet but are then 're- >> imaged'. Once a device is running puppet, it works fine unless it is >> re-imaged. >> >> This seems like a more elegant solution in my environment than >> trying to do this on the puppet server side of things. Besides, >> doesn't the client need to us its cert to talk to the server in the >> first place? If that cert is 'bad' then how would it talk to the >> puppetmaster server and have the server delete its bad key? >> >> Now, anybody have any good resources for writing startup scripts on >> a Mac client? I seem to be having problems getting a script that >> runs fine on the command line to work at startup. >> >> -kurt >> >> On Fri, Jul 3, 2009 at 6:12 AM, Gary Larizza <glari...@mac.com> >> wrote: >> >> I love where this thread is going, I too share in this problem. >> >> Kurt: Puppet is still being run on the client because the client is >> using a cached config (am I right on this guys?). >> >> I love the scripted ssh key, but ALSO love the PHP script that could >> be CURL-ed from the client. Will a PHP script be able to capture the >> hostname of a connecting client? From there, the php script could >> call puppetca to clean the cert and create a new one...would this be >> cleaner than bundling a cert with your base-image? Unfortunately, >> I'm >> not that versed in PHP to hash a script out from scratch. Does >> anyone >> have a rough outline that we could steal? >> >> -Gary >> >> >> >>> > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
