On Monday, November 25, 2013 11:16:25 PM UTC-6, Peter Bukowinski wrote: > > No. An agent need not be aware of what classes are assigned to it before > it contacts the puppetmaster. As long as your agent is configured to run on > a regular interval, it will automatically get the latest configuration on > the very next run. If you want to manually run the agent to apply those > latest changes immediately, you can use 'puppet agent -t' instead of > restarting the service. > >
And there does not need to be any node block at all for an authenticated node in order for it to sync with the master. If there isn't one, and if there is no other way that any resources are declared for that node, then it will receive an empty catalog. Node blocks associate declarations with specific clients (nodes) or groups thereof. They are not a security mechanism -- that's the role of cryptographic certificates and SSL. Supposing the usual case in which nodes' certificate requests are handled through the master, the certificate signing process must be completed, once, for each node before that node can successfully retrieve catalogs from the master. Even that does not require the agent to be restarted if it is running in daemon mode, however. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/35016337-096d-40c7-92d3-fd416c9f48c1%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
