On Fri, Oct 15, 2010 at 11:57 AM, Nigel Kersten <nig...@google.com> wrote:
> On Thu, Oct 14, 2010 at 10:23 PM, Don Jackson
> <puppet-us...@clark-communications.com> wrote:
>>
>> I'd like to extend my use of puppet to manage my desktop/notebook macs.
>>
>> As others have noted, the hostname of the mobile machines tends to change
>> frequently, so basing the node name (in my site.pp) and the corresponding
>> cert and private key names seems to be an issue.
>>
>> I seem to recall somewhat talking about this at Puppet Camp last week…..
>>
>> Generally my signing strategy is always to generate new certs and private
>> keys on the puppetmaster, and install them on the client machine as part of
>> the initial install (hopefully automated).
>>
>> Can I generate a cert based on the macaddress of the new machine?
>
> You're better off using UUIDs in my opinion.
>
> man uuidgen
I should have also mentioned that for Mac clients, there's a system
hardware UUID that persists across reinstalls, and that may be useful.
system_profiler SPHardwareDataType
or
facter sp_platform_uuid
This is the same UUID used to composite ByHost preferences on OS X,
and any recent vintage Mac should have it.
>
>
>> I tried this, and puppetca --generate made the certs and key without
>> complaining.
>>
>> Presumably I can install these on my client machine.
>>
>> If so, would I then run puppetd with a the --fqdn argument, and give the mac
>> address there?
>
> no, you want to use 'certname', not fqdn.
>
>
>
>>
>> And what would the name of this machine be in a node specification in the
>> manifest?
>>
>> I put
>> node '00:1f:5b:f8:23:f8' { }
>>
>> in my manifest, and it was very unhappy.
>>
>> Any advice about how I can accomplish what I am trying to do?
>>
>> Thanks,
>>
>> Don
>>
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-us...@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>>
>
>
>
> --
> nigel
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
