On Sat, Feb 26, 2011 at 4:05 PM, Hal Snyder <hal.sny...@orbitz.com> wrote: > Are you specifying certname on puppet master as well as client? That is > working for me as long as I set --server=<master_certname> and > --certname=<client_certname> on the client and --certname=<master_certname> > on the master. You may need to clean out <confdir>/ssl on your AMIs and > start over to get this to work. > > Specifying certname enables using puppet in EC2 with dynamic DNS. Then > master and clients can be stopped and started and still authenticate without > updating certs, even though public DNS name and IP address usually change > between AMI start & stop.
I'd also add that if you're managing machines with changing hostnames, you shouldn't have hostname-style certnames. I know you didn't say that, but I've seen people make this mistake before, and it gets really confusing when the certificate name looks like a hostname, but isn't one. I'm a big fan of UUIDs for certnames in dynamic environments. > It would be nice to expose the node name in puppet master notice statements > for debugging, but I haven't found a way to do that. This is not the same as > hostname, nor is it what you get from internal reverse DNS in EC2, nor is it > the same as name, which seems to be derived from whatever regex matched the > node declaration. It gets exposed as a tag. We have some issues around the tagging of some regular expressions, and I'd love more feedback from those of you using regex nodes about this: http://projects.puppetlabs.com/issues/5898 If you'd like the node name to be exposed more directly, please put a feature request in, as that sounds quite useful. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
