On Wed, Aug 31, 2011 at 7:12 AM, Dan White <y...@comcast.net> wrote:
> OK, let me try to see if I have it. Please correct any misteaks I make in
> this attempt.
>
> The paragraph pointed to by the link says that a certname is "...The name
> to use when handling certificates. Defaults to the fully qualified domain
> name."
>
> The top of the page also says that configuration settings can be specified
> in puppet.conf or on the command line.
>
> So I conclude I need to put "certname=<something unique>" into
> /etc/puppet/puppet.conf of the client machine and the same unique name into
> a node on the puppetmaster.
>
> It is my hope to generate the client conf as part of the
> cobbler/kickstart/puppet setup I am trying to establish. I am thinking that
> I should have access to facter in the kickstart %post section, so I should
> be able to make it happen in front of the snippet that generates the puppet
> certificates and signing request.
>
> Does that shot hit the target ?
>
> Thanks for your help and pointers.
>
Yep, that's it. Whatever UID you use in puppet.conf in the "certname = UID"
setting is how the puppet master will refer to your node. So, if on the
client you do 'certname = 12345' then on the puppet master server your node
declaration should be "node 12345 { include ssh }".
>
> “Sometimes I think the surest sign that intelligent life exists elsewhere
> in the universe is that none of it has tried to contact us.”
> Bill Waterson (Calvin & Hobbes)
>
> ----- Scott Smith <sc...@ohlol.net> wrote:
> > http://docs.puppetlabs.com/references/stable/configuration.html#certname
> >
> > On Tue, Aug 30, 2011 at 8:32 PM, Dan White <y...@comcast.net> wrote:
> >
> > >
> > > On Aug 30, 2011, at 9:45 PM, Gary Larizza wrote:
> > >
> > >
> > >
> > > On Tue, Aug 30, 2011 at 8:43 PM, Dan White <y...@comcast.net> wrote:
> > >
> > >>
> > >> On Aug 30, 2011, at 9:17 PM, Nigel Kersten wrote:
> > >>
> > >>
> > >>
> > >> On Tue, Aug 30, 2011 at 9:28 AM, Dan White <y...@comcast.net> wrote:
> > >>
> > >>> The environment I work in has dev, QA, and production divisions.
> > >>> New machines are built/loaded in dev and then moved, if necessary to
> QA
> > >>> or production after they have been configured and verified. In
> moving, the
> > >>> machine in question will change its IP address and hostname.
> > >>>
> > >>> I have set up a Cobbler server to shortcut this, and I am now tasked
> with
> > >>> adding Puppet to the mixture.
> > >>>
> > >>> Can anyone suggest a maintainable way for Puppet to handle machines
> that
> > >>> get moved and renamed as described ?
> > >>>
> > >>> My first thought is to remove all the files generated by making the
> > >>> machine a puppet client and then just re-add it as a new client in
> the new
> > >>> location with the new name, but that feels like a brute-force
> solution.
> > >>>
> > >>
> > >> Don't use hostnames for your certnames?
> > >>
> > >> I've used UUIDs for this sort of deployment in the past.
> > >>
> > >>
> > >> Details, please.
> > >>
> > >
> > > The certname setting can be changed in the agent section of
> puppet.conf.
> > > When I managed Puppet down to the desktop, I would typically set the
> > > client's certname to their serial number (which wouldn't change unless
> the
> > > Motherboard was changed). Because of this, they could change their
> Hostname
> > > to their heart's content and the SSL certs for Puppet wouldn't be
> affected.
> > >
> > >
> > > Would an example be possible ? I think I understand what you are
> saying,
> > > but as a N00b PuppetMaster, I cannot quite figure out how to make it
> happen.
> > >
> > > --
> > > You received this message because you are subscribed to the Google
> Groups
> > > "Puppet Users" group.
> > > To post to this group, send email to puppet-users@googlegroups.com.
> > > To unsubscribe from this group, send email to
> > > puppet-users+unsubscr...@googlegroups.com.
> > > For more options, visit this group at
> > > http://groups.google.com/group/puppet-users?hl=en.
> > >
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> > To post to this group, send email to puppet-users@googlegroups.com.
> > To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> > For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
> >
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
Gary Larizza
Professional Services Engineer
Puppet Labs
Join us for PuppetConf <http://bit.ly/puppetconfsig>, September 22nd and
23rd in Portland, OR!
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
