Loading...

puppet-users@googlegroups.com

[Prev] Thread [Next]  |  [Prev] Date [Next]

Re: [Puppet Users] Need some advice: Clients that change name and IP address Dan White Wed Aug 31 21:00:19 2011

OK, let me try to see if I have it.  Please correct any misteaks I make in this 
attempt.

The paragraph pointed to by the link says that a certname is "...The name to 
use when handling certificates. Defaults to the fully qualified domain name."

The top of the page also says that configuration settings can be specified in 
puppet.conf or on the command line.

So I conclude I need to put "certname=<something unique>" into 
/etc/puppet/puppet.conf of the client machine and the same unique name into a 
node on the puppetmaster.

It is my hope to generate the client conf as part of the 
cobbler/kickstart/puppet setup I am trying to establish.  I am thinking that I 
should have access to facter in the kickstart %post section, so I should be 
able to make it happen in front of the snippet that generates the puppet 
certificates and signing request.

Does that shot hit the target ?

Thanks for your help and pointers.

“Sometimes I think the surest sign that intelligent life exists elsewhere in 
the universe is that none of it has tried to contact us.”
Bill Waterson (Calvin & Hobbes)

----- Scott Smith <[EMAIL PROTECTED]> wrote:
> http://docs.puppetlabs.com/references/stable/configuration.html#certname
> 
> On Tue, Aug 30, 2011 at 8:32 PM, Dan White <[EMAIL PROTECTED]> wrote:
> 
> >
> > On Aug 30, 2011, at 9:45 PM, Gary Larizza wrote:
> >
> >
> >
> > On Tue, Aug 30, 2011 at 8:43 PM, Dan White <[EMAIL PROTECTED]> wrote:
> >
> >>
> >> On Aug 30, 2011, at 9:17 PM, Nigel Kersten wrote:
> >>
> >>
> >>
> >> On Tue, Aug 30, 2011 at 9:28 AM, Dan White <[EMAIL PROTECTED]> wrote:
> >>
> >>> The environment I work in has dev, QA, and production divisions.
> >>> New machines are built/loaded in dev and then moved, if necessary to QA
> >>> or production after they have been configured and verified.  In moving, 
> >>> the
> >>> machine in question will change its IP address and hostname.
> >>>
> >>> I have set up a Cobbler server to shortcut this, and I am now tasked with
> >>> adding Puppet to the mixture.
> >>>
> >>> Can anyone suggest a maintainable way for Puppet to handle machines that
> >>> get moved and renamed as described ?
> >>>
> >>> My first thought is to remove all the files generated by making the
> >>> machine a puppet client and then just re-add it as a new client in the new
> >>> location with the new name, but that feels like a brute-force solution.
> >>>
> >>
> >> Don't use hostnames for your certnames?
> >>
> >> I've used UUIDs for this sort of deployment in the past.
> >>
> >>
> >> Details, please.
> >>
> >
> > The certname setting can be changed in the agent section of puppet.conf.
> >  When I managed Puppet down to the desktop, I would typically set the
> > client's certname to their serial number (which wouldn't change unless the
> > Motherboard was changed).  Because of this, they could change their Hostname
> > to their heart's content and the SSL certs for Puppet wouldn't be affected.
> >
> >
> > Would an example be possible ?  I think I understand what you are saying,
> > but as a N00b PuppetMaster, I cannot quite figure out how to make it happen.
> >
> >  --
> > You received this message because you are subscribed to the Google Groups
> > "Puppet Users" group.
> > To post to this group, send email to [EMAIL PROTECTED]
> > To unsubscribe from this group, send email to
> > [EMAIL PROTECTED]
> > For more options, visit this group at
> > http://groups.google.com/group/puppet-users?hl=en.
> >
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to [EMAIL PROTECTED]
> To unsubscribe from this group, send email to [EMAIL PROTECTED]
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
> 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to [EMAIL PROTECTED]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.