My approach will be like this generate uuid through uuidgen command and put that in certname under puppet.conf start the puppet client on the server allow autosigning of the client machines and a default policy
The issue with this approach is if the puppet agent is not working properly on a host it is difficult to know that exact host without doing ssh onto the server and also, to apply different policies for a particular host. Using nodename as unique will be problem with Onapp cloud as the end user will be setting the hostname and which might not be unique. On Fri, Jun 1, 2012 at 10:01 PM, Jeff McCune <j...@puppetlabs.com> wrote: > On Fri, Jun 1, 2012 at 1:39 AM, Brian Gupta <brian.gu...@brandorr.com> > wrote: >> >> To be clear, unique hostnames are not a must. Unique certnames are, >> which by default are based on hostnames, but they don't have to be. >> You can programmatically generate those using something like UUID >> (Which is what Foreman uses for cloud provisioning). See the following >> for more info on UUIDs: >> http://en.wikipedia.org/wiki/Universally_unique_identifier > > > Actually, it's the other way around. Â Unique node names are a must, unique > cert names are not. > > You can use the same certificate for multiple nodes if you wish, though this > configuration carries a higher security risk than unique cert names. > > You can re-use the same cert name with something like this: > > # puppet.conf > [agent] > certname = shared.cert > node_name_fact = fqdn > > -Jeff > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
