Yes, it says "Default: cert" Where do I explicitly set it ? Master or Client ? And in a particular section ?
“Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin & Hobbes) ----- Eric Shamow <e...@puppetlabs.com> wrote: > I should add - this behavior is configurable: > > http://docs.puppetlabs.com/references/stable/configuration.html#nodename > > -Eric > > -- > > Eric Shamow > Professional Services > http://puppetlabs.com/ > (c)631.871.6441 > > > On Friday, October 28, 2011 at 4:03 PM, Eric Shamow wrote: > > > The certname is only used for authentication - it is not part of the node > > lookup process. > > > > You can still use the mac-address-certname model, if you match with regexes > > in your node configuration. > > > > -Eric > > > > -- > > > > Eric Shamow > > Professional Services > > http://puppetlabs.com/ > > (c)631.871.6441 > > > > > > On Friday, October 28, 2011 at 4:01 PM, Dan White wrote: > > > > > Yes, but that is part of the frustration. > > > > > > The certname is unchanged because it derives from the primary MAC address > > > of the machine. > > > My twisted little brain says that i should be able to change the > > > machine's IP and/or hostname and still connect to the PuppetMaster. > > > > > > I am, sadly, mistaken in this. > > > > > > I guess I am hoping that I do not have to abandon my mac-address-certname > > > idea, but it is sorta/kinda looking that way. > > > > > > “Sometimes I think the surest sign that intelligent life exists elsewhere > > > in the universe is that none of it has tried to contact us.” > > > Bill Waterson (Calvin & Hobbes) > > > > > > ----- Christopher Wood <christopher_w...@pobox.com > > > (mailto:christopher_w...@pobox.com)> wrote: > > > > I'm assuming that you have a puppet manifest describing a machine's > > > > function and you want the same function under a new name. Why not set > > > > up a new host with the new name and the same function, and remove the > > > > old machine from service? > > > > > > > > Obviously I have a certain bias, but when puppet can set up my server > > > > in seconds/minutes I don't feel like I should take ten minutes moving a > > > > host. > > > > > > > > On Fri, Oct 28, 2011 at 07:50:19PM +0000, Dan White wrote: > > > > > I started with this as my foundation: > > > > > <http://fedoraproject.org/wiki/Infrastructure_Host_Rename_SOP#Telling_Puppet_about_the_new_host> > > > > > > > > > > and then decided to use a string formed by the primary MAC address as > > > > > my certname like this: > > > > > > > > > > MACADDR=`facter macaddress | tr "[:upper:]" "[:lower:]" | sed > > > > > 's/://g' ` > > > > > MY_NEW_CERTNAME="macaddr${MACADDR}" > > > > > > > > > > I thought I would save myself from the trouble in the referenced > > > > > web-page by using a machine-unique certname rather than something as > > > > > non-unique as the FQDN or IP address. > > > > > > > > > > How wrong I was !! > > > > > > > > > > I had my first occasion to test drive this (faulty) idea. > > > > > > > > > > Set up a machine as described, then it was moved to another sub-net, > > > > > new IP, new hostname, and so I thought it would fly when I ran > > > > > puppetd from the new location. > > > > > > > > > > What I got was a message saying: > > > > > err: Could not retrieve catalog from remote server: Error 400 on > > > > > SERVER: Could not find default node or by name with > > > > > 'macaddr1234567890a, example.foo.bar, example.foo, example' on node > > > > > macaddr1234567890a > > > > > > > > > > example.foo.bar is the new FQDN of the machine. > > > > > > > > > > Now ain't that a kick in the Planters ? > > > > > > > > > > So now I have to ask, how is it looking for the FQDN and the > > > > > not-so-FQDN and just the hostname ? I was under the impression that > > > > > everything keyed from the certname. > > > > > > > > > > Now, to add insult to injury, the above referenced process no longer > > > > > works ! > > > > > > > > > > I went as far as doung rm -frv /var/lib/puppet on the client and > > > > > after doing puppetca --revoke --clean on the master, I found two more > > > > > references to "macaddr1234567890a" -- one in > > > > > /var/lib/puppet/yaml/node and one in /var/lib/puppet/yaml/facts -- > > > > > which I removed. And I even restarted the puppetmaster daemon a few > > > > > times. > > > > > > > > > > The only thing I have NOT yet done is to wipe /var/lib/puppet on the > > > > > Master and re-certify everything. This setup is still in its infancy, > > > > > so doing that is not a big deal, but once things snowball a bit, I > > > > > will not have the luxury of rebuilding the PuppetMaster every time a > > > > > machine moves. > > > > > > > > > > Suggestions, please ! > > > > > > > > > > “Sometimes I think the surest sign that intelligent life exists > > > > > elsewhere in the universe is that none of it has tried to contact us.” > > > > > Bill Waterson (Calvin & Hobbes) > > > > > > > > > > -- > > > > > You received this message because you are subscribed to the Google > > > > > Groups "Puppet Users" group. > > > > > To post to this group, send email to puppet-users@googlegroups.com > > > > > (mailto:puppet-users@googlegroups.com). > > > > > To unsubscribe from this group, send email to > > > > > puppet-users+unsubscr...@googlegroups.com > > > > > (mailto:puppet-users+unsubscr...@googlegroups.com). > > > > > For more options, visit this group at > > > > > http://groups.google.com/group/puppet-users?hl=en. > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > You received this message because you are subscribed to the Google > > > > Groups "Puppet Users" group. > > > > To post to this group, send email to puppet-users@googlegroups.com > > > > (mailto:puppet-users@googlegroups.com). > > > > To unsubscribe from this group, send email to > > > > puppet-users+unsubscr...@googlegroups.com > > > > (mailto:puppet-users+unsubscr...@googlegroups.com). > > > > For more options, visit this group at > > > > http://groups.google.com/group/puppet-users?hl=en. > > > > > > > > > > > > > > > > > > -- > > > You received this message because you are subscribed to the Google Groups > > > "Puppet Users" group. > > > To post to this group, send email to puppet-users@googlegroups.com > > > (mailto:puppet-users@googlegroups.com). > > > To unsubscribe from this group, send email to > > > puppet-users+unsubscr...@googlegroups.com > > > (mailto:puppet-users+unsubscr...@googlegroups.com). > > > For more options, visit this group at > > > http://groups.google.com/group/puppet-users?hl=en. > > > > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
