On Wed, Aug 15, 2012 at 5:53 AM, jerome <jerome.steunenb...@gmail.com> wrote: > Hello, > > I'm new to Puppet and evaluating it against Cfengine and Chef for the > management of multiple thousands of Ubuntu desktops. > The desktops can be reinstalled at any time by technical site operators and > they may or may not change the computer name. > This happens fairly often and if the name stays the same, I get: > > err: Could not request certificate: The certificate retrieved from the master > does not match the agent's private key > > because the desktop's SSL certificate changes when the desktop is rebuilt. > To solve this problem I need to go on the server and do a: > > puppet cert clean <fqdn of client> > > But this is not practical in an environment where many computers can be > reinstalled at any time. > Is there a solution to this ? Can the agent tell the master to clean the key > for its hostname ?
I think the certs should be tied with the lifecycle of the system (i.e. new cert with new os). I would suggest changing the certname option to use an uuid instead of the hostname as default. If you still want to use the hostname as the node identifier change node_name option to use the hostname fact. Nan -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
