On Feb 5, 2010, at 4:06 AM, Nicolas Szalay wrote: > Le mardi 02 février 2010 à 12:08 -0500, Michael DeHaan a écrit : >> Just one more email and I'll let you go for a few hours :) > > Hello puppeters > > >> One of the things I like to see in apps is that they are immediately >> intuitive and easy to use for new users. I think Puppet is really good >> here, but there's opportunity to make everything better. We want >> everyone to love Puppet from their first few minutes using it, all the >> way through to datacenter nirvana. >> >> With Puppet, if you're just learning it, what were some of your >> stumbling blocks? If you are an existing user, think back to that >> time, or times when you were talking with new users? > > To join Peter : SSL. SSL is just a pain in the a**. As you said, some > don't want to know about ruby webservers in detail, some don't want to > know about SSL. > > Tell more in the beginner's guide about DNS, and the need to have a > clean DNS for puppet to work fine.
While getting started I had some problems. 1) I couldn't find a simple skeleton puppet configuration. I tried the tutorial, but there's lots of things that can go wrong, and figuring out what's wrong can be be a pain if you don't know what you're doing. A sample.tar.gz that has a module that does nothing but create a file in /tmp would be really helpful. Just getting a configuration that works and does something can be rather hard. 2) DNS: My setup was small and simple, so I've been using dnsmasq for DNS and DHCP. Dnsmasq doesn't support cnames so the auto-generated cert name on the puppetmaster doesn't work. I suggest that all autogenerated certificates have an alias of "puppet" to make setup easier. 3.1) SSL: Adding another server to an existing puppet setup is rather difficult if you don't know much about SSL. Here's something that would be helpful although it might be too hard to be feasible: Make it possible to have a new puppetmaster get a signing certificate from an existing puppetmaster. Then you'd use a command on the master server that's something like this "puppetca --sign --puppet-server newservername.localhost". and/or 3.2) Allow the generation of server certificates on the server like this "puppetca --generate --puppet-server newserver.localhost" In either of these cases I'd ask that the default is to give the certificate an alias of "puppet". 4) Something nearly as good as 3 would be a shell script that uses ssh to login to the server as root and does the same thing using the openssl command. 5) Error ambiguity: sometimes it's hard to tell if an error is happening on the client-side or server-side. -Patrick -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
