Off the top of my head I would think that you could either use the 'default' node, which would apply to all clients, or use a regular expression to match the node names. With the regex you'll need to ensure that each VM follows a naming convention and you probably also want to make sure you don't have multiple machines with identical names. You can read more about that here:
http://docs.puppetlabs.com/puppet/latest/reference/lang_node_definitions.html#the-default-node You really don't need to do anything special with the certname -- they can all be different. You'll have to sign the cert for each new node as a developer brings it online, unless you use the autosign option (which has potential security implications). After all, Puppet is meant to manage many nodes with the same configuration. ❧ Brian Mathis @orev On Tue, Jul 15, 2014 at 3:09 PM, randal cobb <rco...@gmail.com> wrote: > Hello, all... > > I have a scenario where all of our developers (spread geographically > around the world) use a VMWare or VirtualBox VM on their local desktop to > develop portions of a single product. I've seemed to inherit this > nightmare of a process and believe I can make it much simpler, quicker, and > cleaner using Puppet. Currently, they have to download an 80Gb VM image > from a single server in the US; so, because of the massive size of the VM, > most developers never upgrade their VMs to the latest image. I know that > Puppet can fix this for me, but I have a few questions I'm hoping y'all can > help answer (I've used puppet for a few months to manage some > infrastructure servers, so concepts aren't alien to me). Here are my > questions: > > Supposed I have 200 different machines (VMs) sitting on each developer's > desktop (rather in their VMware hypervisor)... > 1) can they all have the same certname, so I only have to maintain a > single node.pp manifest? > 2) If so, how are SSL certs maintained, given there would be 200 different > VMs trying to use the same set of certs. Or, does that even matter from a > node perspective? > 3) If not, do I REALLY have to maintain 200 different manifests; all > identical to each other? > > I've been able to put together a single node.pp file that sets up > everything for them, so they only download a 2.8Gb bare VM image and puppet > does the rest. But, when firing up subsequent VMs, of course the client > gets all confused because the generated certs don't match up. > > Any suggestions for a better solution, or workaround to this one? (I've > thought about using NAT and a fixed MAC address, but with so many > developers out there, I'm sure some will re-create MAC addresses at some > point during their initial setup, or change their networking type for the > VM and start flooding the network with duplicated mac errors). > > I'm sure I'm not the first person who's wanted to do something like this, > so I turn to the seasoned puppet veterans for guidance! I HAVE googled > for solutions, but I may just not be using the right terminology to search > with; because I keep coming up blank on how best to tackle this. > > Thanks in advance! > Randy > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/be08e15f-44da-43f4-9f6a-8d10630ebefa%40googlegroups.com > <https://groups.google.com/d/msgid/puppet-users/be08e15f-44da-43f4-9f6a-8d10630ebefa%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CALKwpEw20MY9raz%3D%2BQpNcmdy_Ws4-wo%3D3zRqiCfRGYYbtEEk5g%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
