Is there a Best Practices method for doing this? :) I''m trying to configure clients by ssh''ing to them from the puppetmaster. My steps are: ssh $host ''svccfg import ...'' sleep puppetca --sign $host scp namespaceauth.conf $host ssh $host ''svcadm restart puppet'' The problem is that I''d like to stop and log an error if the cert signing fails. Sometimes the client doesn''t respond fast enough and there''s no cert waiting to be signed. Unfortunately, when puppetca has nothing to sign, it still returns success. I''m sleeping for 45 seconds to avoid this, but other things can go wrong too. I''d like to know if something bad happens. Observe:> if puppetca --sign $hostname; then echo success; else echo fail; fiNo certificates to sign success> if puppetca --foo; then echo success; else echo fail; fi/usr/local/bin/puppetca: unrecognized option `--foo'' Try ''/usr/local/bin/puppetca --help'' fail I think puppetca should return 1 if it can''t sign all the certs specified on the command line. Because that''s an error, after all. -Charlie
On Dec 19, 2006, at 12:33 PM, Charlie Schluting wrote:> I think puppetca should return 1 if it can''t sign all the certs > specified on the command line. Because that''s an error, after all.I agree. If you will file this as a bug, I''ll fix it before the next release. Incidentally, you''ll usually only have one important copy of puppetca on your network (the one on your server), so you can pretty easily fix this locally until the fixed version is released. -- We cannot really love anybody with whom we never laugh. --Agnes Repplier --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com
On 12/19/06, Luke Kanies <luke@madstop.com> wrote:> On Dec 19, 2006, at 12:33 PM, Charlie Schluting wrote: > > I think puppetca should return 1 if it can''t sign all the certs > > specified on the command line. Because that''s an error, after all. > > I agree. If you will file this as a bug, I''ll fix it before the next > release.Submitted, thanks! I''ll see about fixing it locally. -Charlie