On 11/20/2014 05:13 AM, Dejan Golja wrote:
> I was wondering if it's possible to change the autosign behavior that
> it will allow to autosign certs with alternative DNS entries.
> Currently the problem is if an auto scaling events create another
> master the autosign on CA will fail, because it ha
On 30 August 2012 14:03, Peter Bukowinski wrote:
> How many nodes is your puppetmaster currently servicing? I have one
> servicing about 700 nodes, splayed over an hour check-in interval, and any
> new nodes I add (that fall into my autosign subdomain) get signed
> immediately on their first pupp
How many nodes is your puppetmaster currently servicing? I have one servicing
about 700 nodes, splayed over an hour check-in interval, and any new nodes I
add (that fall into my autosign subdomain) get signed immediately on their
first puppet run.
-- Peter Bukowinski
On Aug 29, 2012, at 8:50 P
Hi,
Regarding this issue of $1 not working have you made sure that the DNS
reverse for your server are right? Because puppet master seems to identify
the 'allow' from the reverse of the IP resolution...
Regards,
JM
On Tue, Apr 24, 2012 at 11:52 AM, Luke Bigum wrote:
> Not sure about the first
Autosign works, but not as you're expecting: it will sign new
certificates, but not overwrite existing ones. At least, that's my
experience here :)
--
Bill Weiss
Backstop Solutions Group
On 2012/4/24 3:34 AM, "C R Ritson" wrote:
>Does autosign work? I have a scratch workstation that may be r
Having read the scary warnings about autosign, I need to think it through some
more. However the helpful comments about allowing a client to revoke and delete
its OWN certificate will probably useful on their own. Luke said that his
addition to auth.conf was not working. It appears that the inte
PHONE: +44 191 222 8175
Newcastle University, FAX : +44 191 222 8232
Newcastle upon Tyne, UK NE1 7RU. WEB : http://www.cs.ncl.ac.uk/
-Original Message-
From: Luke Bigum [mailto:luke.bi...@lmax.com]
Sent: 24 April 2012 09:42
To: puppet-users@googlegroups.com
Cc: C
Message-
>From: Luke Bigum [mailto:luke.bi...@lmax.com]
>Sent: 24 April 2012 09:42
>To: puppet-users@googlegroups.com
>Cc: C R Ritson
>Subject: Re: [Puppet Users] autosign
>
>Autosigning certificates work, what you're probably running into is that
>autosigning does not
Autosigning certificates work, what you're probably running into is that
autosigning does not clear off an old Agent's certificate, so you're
getting certificate mismatch errors. Puppet's RESTful API allows you to
manage certificates. It's been a long time since I tested this but I
have this in
On Thu, 19 May 2011 23:46:32 +
Nan Liu wrote:
thanks Nan,
with your help and Patrick's I've understood the problem and solved.
Many thanks for you reply!
Cheers,
Arnau
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this gro
On Thu, 19 May 2011 09:10:22 -0700
Patrick Patrick wrote:
Hi,
> Sorry. I ready your whole email backwords. I can only blame being
> tired.
no problem!
> Did you clean using "puppetca --clean hostname" on the server, by
> using "rm" on the client, or both?
clean on the server.
> Are you us
On Thu, May 19, 2011 at 2:37 PM, Arnau Bria wrote:
> Hi all,
>
> till today we had a *.our.doamin in autosign.conf. So any host from
> our.domain could get a signed certificate if it contacts our master.
> But we've decide to move that "*" to a complet list of hostnames.
>
> So, I've pasted all th
On May 19, 2011, at 7:37 AM, Arnau Bria wrote:
> Hi all,
>
> till today we had a *.our.doamin in autosign.conf. So any host from
> our.domain could get a signed certificate if it contacts our master.
> But we've decide to move that "*" to a complet list of hostnames.
>
> So, I've pasted all the
Why not just sign them manually with puppetca --list and if nothing
suspicious shows up, puppetca --sign --all?
I'm not sure it makes sense to autosign a list of hosts instead of
everything from a domain when you can sign things on a host by host basis
and sign requests in bulk.
--
Nathan Clemons
On Thu, 19 May 2011 08:03:38 -0700
Patrick Patrick wrote:
Hi Patrick,
Maybe I haven't explained myself correctly.
> 1) Are you sure you want this? Sounds like a bad idea.
I want to restrict puppet service to a list of known hosts. Is this a
bad idea? I don't want all the nodes in our domain to
On May 19, 2011, at 7:37 AM, Arnau Bria wrote:
> Hi all,
>
> till today we had a *.our.doamin in autosign.conf. So any host from
> our.domain could get a signed certificate if it contacts our master.
> But we've decide to move that "*" to a complet list of hostnames.
>
> So, I've pasted all the
One way would be to enable autosign when you request your kickstart... if
you ks is dynamically generated, that could be easily scripted.
alternatively, you can have a look at Foreman [1] which handle this kind of
things for you.
Ohad
[1] - http://theforeman.org
On Fri, Jan 14, 2011 at 9:04 PM
Thanks Patrick.
I was just gathering information. I had to give an overview of puppet and
our test implementation to our operations manager. Just wanted to make sure
I had an answer. It seems like a non issue from here anyway.
Cheers,
David
On Fri, Oct 22, 2010 at 2:35 PM, Patrick wrote:
On Oct 22, 2010, at 10:39 AM, dagrundy wrote:
> Hello All.
>
> I read in an earlier post at
>
> http://markmail.org/search/?q=autosign+issues#query:autosign%20issues+page:1+mid:we6jrbn7hdjnhrie+state:results
>
> that as of puppet v24.4, autosigning did not support IP addresses. I
> am running
19 matches
Mail list logo
