2009/6/26 Allan Marcus <allan@lanl.gov>:>
> hello,
>
> from what I understand, certs are assigned based on FQDN. We build all
> our machines behind a NAT router and then when fully ready, we add the
> machine to the main network, or might be used on a daily basis behind
> a different NAT router - it all depends on the security requirements
> of the group (the really classified stuff in on a air gapped network).
>
> My question concerns the creation of certs and how puppetmasterd
> uniquely identifies machines. if FQDN is always used, how do I work
> around the NAT issue?
>
> Also, if a we change a FQDN, will a new cert be generated and a new
> entry be make in the store_config database?
>
> Any other gotchas I need to be aware of with regards to cert creation,
> NAT, building new machines and the like?
>
> ---
> Thanks,
>
> Allan Marcus
> 505-667-5666
>
So puppet only defaults to using the FQDN of the host. If you want to
change it, just set "certname" either on the command line or in the
configuration file[0].
My understanding is that if you change the certname you''ll get new
certs and new entries in the stored config database, as the certname
is what puppet uses to uniquely identify the host.
.r''
[0]: from puppetd --genconfig:
# The name to use when handling certificates. Defaults
# to the fully qualified domain name.
# The default value is ''host.domain''.
# certname = host.domain
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---