Hello Daniel, In my previous email I asked for two different things, so sorry for the confusion. Basically the first issue is the about certificates, and the second issue is scaling the dashboard report when a lot of clients try sending reports. Anyways, let's focus in the certificate issue:
As catch up, the problem I had was a invalid "host:" value in YAML reports that made me see all the reports from my staging network in behalf of the same hostname. I was digging a bit, and I found the problem in the puppet agent. The issue is how the puppet agent is generating the YAML report for sending it to the puppet master. As I mentioned in the first email of this thread, my puppet setup is basically a PXE environment in a 50%, so in the meantime, I decided to use a shared SSL certificate in my servers. In order to force the client using the shared SSL certificate I'm using the option "certname = client.domain.com", so at runtime the puppet agent looks for /var/lib/puppet/ssl/(provate_keys|public_keys)/client.domain.com.pem and use it for authenticating against the puppet master. The problem is when puppet agent is generating the YAML report and sending it to the puppet master, that agent identify itself as client.domain.com instead of frontend1.domain.com and the YAML report is not useful at all (we ended up in multiple reports, from different physical servers, reported as in behalf of client.domain.com). I was digging in the puppet agent code and I've seen in file transaction/report.rb, line 54 how the report is generated using the value of the "certname" option of the agent instead of a facter value. I created a tricky solution, that relies in creating a new default option into puppet/defaults.rb called "reportname" automatically generated like "certname". Basically I copied code and renamed the option, and then in line 54 of previous file I called this new option for getting the hostname. Now my YAML reports have a correct hostname (based in facter fqdn fact, as certname does by default) instead of the certificate name (that in my case is harcoded) and I get really relevant information into our Puppet Dashboard. I don't know if somebody had this issue before, but I'll send a feature request in order to support this if the developers consider necessary (I consider it is, even I think you'd get a better solution for this, like report_name = fqdn as we have node_name or so). I think it's a necessary feature if you are using puppet and puppet reports within a PXE infrastructure. Why? Because even I use autosigned certificates in Puppet CA I'd hit this problem [1] reusing hostnames. Can somebody suggest me a cleaner solution for this issue? [1] http://groups.google.com/group/puppet-users/browse_thread/thread/01dfd40d29714c50 Regards, -----Mensaje original----- De: Daniel Pittman [mailto:dan...@puppetlabs.com] Enviado el: miércoles, 09 de marzo de 2011 21:41 Para: puppet-users@googlegroups.com CC: Ricardo Bartolome Mendez Asunto: Re: [Puppet Users] Issues with hostname using Puppet reports On Wed, Mar 9, 2011 at 10:31, Ricardo Bartolome Mendez <rica...@tuenti.com> wrote: Hey. I can't answer most of your questions, but… > On the other hand, shall I hit this problem when start using stored > configs? > Is there any plan of integrating reports using queues as stored configs > do, > in order to avoid blocking by the dashboard/database system? …this isn't on our roadmap in a way that would meaningfully help you at this point. We are certainly aware of issues in the area, and working on scaling up the tools, but we don't have any dates that can help you out. Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ✉ Daniel Pittman <dan...@puppetlabs.com> ✆ Contact me via gtalk, email, or phone: +1 (877) 575-9775 ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
puppet_reportname_support.diff
Description: Binary data
