Hi folks Back again with another head-scratcher... I''m trying to get autosigning to work, and am partially succeeding, but not really... Running puppet v24.4, and not yet ready to upgrade unless I have to On puppetmaster, I have autosign.conf (and puppet.conf indicates autosign = /etc/puppet/autosign.conf, which should be redundant, but, covering that base as I can) In autosign.conf, I have: *.valhalla 192.168.0.0/24 On the puppet box, if it is named nidal, and has an IP of 192.168.0.151 (which should match at least one of the above rules), it does not get an autosigned cert. If I change the hostname to nidal.valhalla, it perks up and autosigns no problem. I''d prefer not to have to go through and update hostname on all my real boxes, so..... I tried adding "nidal" to autosign The puppetmaster then gripes that nidal is a bad pattern Is there a way that I can simply use the hostname, without the domain, to get an autosigned cert? Alternatively, can I grant access to a block of IPs and have those certs autosigned? Do I need to add IP/name relations to the hosts file on the pupetmaster to get it to recognize that they are one and the same? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
On Oct 10, 2008, at 4:05 PM, zoniguana wrote:> > Is there a way that I can simply use the hostname, without the domain, > to get an autosigned cert? > Alternatively, can I grant access to a block of IPs and have those > certs autosigned? > Do I need to add IP/name relations to the hosts file on the > pupetmaster to get it to recognize that they are one and the same?Autosigning does not currently support IP addresses, and you must use fully qualified names. -- The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Thanks, Luke That confirms what I was thinking. Not a huge issue, I suspect; for more immediate purposes, I probably would rather force myself to sign manually anyway, for now. By the time I am ready to enable autosigning, we''ll probably be umpteen versions newer... Thanks again! On Oct 13, 11:12 am, Luke Kanies <l...@madstop.com> wrote:> On Oct 10, 2008, at 4:05 PM, zoniguana wrote: > > > > > Is there a way that I can simply use the hostname, without the domain, > > to get an autosigned cert? > > Alternatively, can I grant access to a block of IPs and have those > > certs autosigned? > > Do I need to add IP/name relations to the hosts file on the > > pupetmaster to get it to recognize that they are one and the same? > > Autosigning does not currently support IP addresses, and you must use > fully qualified names. > > -- > The reasonable man adapts himself to the world; the unreasonable one > persists in trying to adapt the world to himself. Therefore all > progress depends on the unreasonable man. -- George Bernard Shaw > --------------------------------------------------------------------- > Luke Kanies |http://reductivelabs.com|http://madstop.com--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---