Hello I often configure a new node that I want to be the same as an existing one. However I''d like to run puppetd with --noop just the once to double check the changes (I''m still responsible for them after all) Trouble is on a new node the keys etc aren''t there and running as noop they don''t get made and I get nowhere. Unless someone knows a different way to do this I think I''m requesting a new feature/option... Perhaps I''d like a relaxed version of noop perhaps noopexceptkeys. Or maybe a firstrun option, which could do the keys and match a magic node like default does rather than the one the node would normally match. This would perhaps be more handy as I could use it to register the node with other systems, send an email to alert other admins to its creation etc. At present I have to but the node in my default configuration run puppetd then move it to where it belongs and run noop. This is a pain. Neil Please access the attached hyperlink for an important electronic communications disclaimer: http://www.lse.ac.uk/collections/planningAndCorporatePolicy/legalandComplianceTeam/legal/disclaimer.htm -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On 2/3/10 12:11 AM, Neil Prockter wrote:> Hello > > I often configure a new node that I want to be the same as an existing one. > > However I''d like to run puppetd with --noop just the once to double > check the changes (I''m still responsible for them after all) > > Trouble is on a new node the keys etc aren''t there and running as noop > they don''t get made and I get nowhere. >Do you mean certs? The CA signs the cert, not the key. :) You could create a stub environment that does nothing, and pass it as an argument for a CSR submission pass. -scott -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Why not create a class or define containing your keys and run puppetd only with the related tag? This would only install your certificates but it requires you pre-generate the keys and certs on the puppetmaster. On Wed, Feb 3, 2010 at 9:11 AM, Neil Prockter <n.prockter@lse.ac.uk> wrote:> Hello > > I often configure a new node that I want to be the same as an existing one. > > However I''d like to run puppetd with --noop just the once to double > check the changes (I''m still responsible for them after all) > > Trouble is on a new node the keys etc aren''t there and running as noop > they don''t get made and I get nowhere. > > Unless someone knows a different way to do this I think I''m requesting a > new feature/option... > > Perhaps I''d like a relaxed version of noop perhaps noopexceptkeys. Or > maybe a firstrun option, which could do the keys and match a magic node > like default does rather than the one the node would normally match. > This would perhaps be more handy as I could use it to register the node > with other systems, send an email to alert other admins to its creation etc. > > At present I have to but the node in my default configuration run > puppetd then move it to where it belongs and run noop. This is a pain. > > > Neil > > Please access the attached hyperlink for an important electronic communications disclaimer: http://www.lse.ac.uk/collections/planningAndCorporatePolicy/legalandComplianceTeam/legal/disclaimer.htm > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. > >-- Cheers, Daniel -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Daniel wrote:> Why not create a class or define containing your keys and run puppetd > only with the related tag? This would only install your certificates > but it requires you pre-generate the keys and certs on the > puppetmaster. >Without the private key, a certificate is useless. :( Also, how will the client get the manifest without authenticating itself? -scott -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
You''re right. Should have spent some more minutes thinking about it. It''s been a long day... On Wed, Feb 3, 2010 at 8:26 PM, Scott Smith <scott@ohlol.net> wrote:> Daniel wrote: >> >> Why not create a class or define containing your keys and run puppetd >> only with the related tag? This would only install your certificates >> but it requires you pre-generate the keys and certs on the >> puppetmaster. >> > > Without the private key, a certificate is useless. :( Also, how will the > client get the manifest without authenticating itself? > > -scott > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > >-- Cheers, Daniel -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
If this is a new node being created through some sort of automation procedure (kickstart, etc..) I''d look into generating your certs. You can then, as part of the procedure, simply copy them to your puppet client & server. This is how we do it within kickstart, which was actually pretty easy to setup. Regards, Bill On Wed, Feb 3, 2010 at 12:05 PM, Daniel <daniel@linuxaddicted.de> wrote:> You''re right. Should have spent some more minutes thinking about it. > It''s been a long day... > > On Wed, Feb 3, 2010 at 8:26 PM, Scott Smith <scott@ohlol.net> wrote: >> Daniel wrote: >>> >>> Why not create a class or define containing your keys and run puppetd >>> only with the related tag? This would only install your certificates >>> but it requires you pre-generate the keys and certs on the >>> puppetmaster. >>> >> >> Without the private key, a certificate is useless. :( Also, how will the >> client get the manifest without authenticating itself? >> >> -scott >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscribe@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> >> > > > > -- > > Cheers, > > Daniel > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.