Hi all, I''m running into some weird problems with a hostname. We have a host with a hostname "mailpop.server.net", and it has NIS configured with the NIS domainname "server.nl". If i clear the nis domainname, and run puppet, it will create a certificate request for mailpop.server.net. After configuring the box, and enabling NIS, setting the domainname, it will create a new certificate, now for mailpop.server.nl. This is kind of strange I think, shouldn''t puppet ignore the NIS domain it is in? I''m running puppet 0.24.5 on a debian lenny machine. Regards, Kai --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
it depends on the version of facter that you have, older version of facter just used the output from domainname. newer try first the dnsdomainname and fallback to the domainname. to be safe, use the cert option in your puppet.conf Ohad On Thu, Aug 6, 2009 at 9:50 PM, Kai <hasheeda@gmail.com> wrote:> > Hi all, > > I''m running into some weird problems with a hostname. > > We have a host with a hostname "mailpop.server.net", and it has NIS > configured with the NIS domainname "server.nl". > > If i clear the nis domainname, and run puppet, it will create a > certificate request for mailpop.server.net. After configuring the box, > and enabling NIS, setting the domainname, it will create a new > certificate, now for mailpop.server.nl. > > This is kind of strange I think, shouldn''t puppet ignore the NIS > domain it is in? > > I''m running puppet 0.24.5 on a debian lenny machine. > > > Regards, > Kai > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Hi Ohad, On Aug 6, 3:52 pm, Ohad Levy <ohadl...@gmail.com> wrote:> it depends on the version of facter that you have, older version of facter > just used the output from domainname. > newer try first the dnsdomainname and fallback to the domainname. >As far as I know the command ''domainname'' doesn''t ever relate to the hostname. Perhaps its the same on a lot of servers in the wild, but the NIS domainname could be ''test''.> to be safe, use the cert option in your puppet.conf >That will be interesting: that file is supplied by puppet. Will the hostname in puppet reflect the real hostname, or will it again formulate its own by putting the NIS domain in it again? :) Kai --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
I''m afraid it does. :( On Aug 6, 4:24 pm, Kai <hashe...@gmail.com> wrote:> > to be safe, use the cert option in your puppet.conf > > That will be interesting: that file is supplied by puppet. Will the > hostname in puppet reflect the real hostname, or will it again > formulate its own by putting the NIS domain in it again? :) > > Kai--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kai wrote:> Hi Ohad, > > On Aug 6, 3:52 pm, Ohad Levy <ohadl...@gmail.com> wrote: >> it depends on the version of facter that you have, older version of facter >> just used the output from domainname. >> newer try first the dnsdomainname and fallback to the domainname. >> > > As far as I know the command ''domainname'' doesn''t ever relate to the > hostname. Perhaps its the same on a lot of servers in the wild, but > the NIS domainname could be ''test''.Try seeing what FActer''s output is - run facter on the command line and see what is returned for hostname and domain. These are usually what Puppet uses to name certs.> >> to be safe, use the cert option in your puppet.conf >> > > That will be interesting: that file is supplied by puppet. Will the > hostname in puppet reflect the real hostname, or will it again > formulate its own by putting the NIS domain in it again? :) >He means the certname option - http://reductivelabs.com/trac/puppet/wiki/ConfigurationReference Regards James Turnbull - -- Author of: * Pro Linux Systems Administration (http://tinyurl.com/linuxadmin) * Pulling Strings with Puppet (http://tinyurl.com/pupbook) * Pro Nagios 2.0 (http://tinyurl.com/pronagios) * Hardening Linux (http://tinyurl.com/hardeninglinux) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFKevDu9hTGvAxC30ARArzcAJ9qG/2Yai9xk+YOcDY6TqdvHQUWIgCeNKu1 KifDWd78+/HmeVsEAxL1j0Y=wULf -----END PGP SIGNATURE----- --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Hi James,
I think I''ve done it correctly.
Installed facter is 1.5.1 from lenny (package revision 0.1).
After one has installed the nis utils, we can set the domainname to a
domain to something thats not even remotely like your real domain (but
does exist in the global DNS).
Running "facter fqdn" will report our hostname with the new nis domain
instead. If I set the domainname to something that doesn''t exist,
facter will do the right thing (what I would expect).
Tried it again on another server:
buildbox2:~/git/facter {50} # domainname google.com
buildbox2:~/git/facter {51} # dnsdomainname
domain.net
buildbox2:~/git/facter {52} # hostname --fqdn
buildbox2.domain.net
buildbox2:~/git/facter {53} # facter fqdn
buildbox2.google.com
buildbox2:~/git/facter {54} # bin/facter fqdn (thats from git, commit
8191322766b19a5e3b2bc01cf6e14112fbd57031)
buildbox2.google.com
buildbox2:~/git/facter {57} # domainname google
buildbox2:~/git/facter {58} # facter fqdn
buildbox2.domain.net
Interesting facts.
Regards,
On Aug 6, 5:04 pm, James Turnbull <ja...@lovedthanlost.net>
wrote:> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Kai wrote:
> > Hi Ohad,
>
> > On Aug 6, 3:52 pm, Ohad Levy <ohadl...@gmail.com> wrote:
> >> it depends on the version of facter that you have, older version
of facter
> >> just used the output from domainname.
> >> newer try first the dnsdomainname and fallback to the domainname.
>
> > As far as I know the command ''domainname''
doesn''t ever relate to the
> > hostname. Perhaps its the same on a lot of servers in the wild, but
> > the NIS domainname could be ''test''.
>
> Try seeing what FActer''s output is - run facter on the command
line
> and see what is returned for hostname and domain. These are usually
> what Puppet uses to name certs.
>
>
>
> >> to be safe, use the cert option in your puppet.conf
>
> > That will be interesting: that file is supplied by puppet. Will the
> > hostname in puppet reflect the real hostname, or will it again
> > formulate its own by putting the NIS domain in it again? :)
>
> He means the certname option
-http://reductivelabs.com/trac/puppet/wiki/ConfigurationReference
>
> Regards
>
> James Turnbull
>
> - --
> Author of:
> * Pro Linux Systems Administration
> (http://tinyurl.com/linuxadmin)
> * Pulling Strings with Puppet
> (http://tinyurl.com/pupbook)
> * Pro Nagios 2.0
> (http://tinyurl.com/pronagios)
> * Hardening Linux
> (http://tinyurl.com/hardeninglinux)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (Darwin)
> Comment: Using GnuPG with Mozilla -http://enigmail.mozdev.org/
>
> iD8DBQFKevDu9hTGvAxC30ARArzcAJ9qG/2Yai9xk+YOcDY6TqdvHQUWIgCeNKu1
> KifDWd78+/HmeVsEAxL1j0Y> =wULf
> -----END PGP SIGNATURE-----
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
Hmm. Any nisdomain with a dot does the trick to fool facter it seems. # domainname uncle.wrinkle.puppy.reductivelabs # facter fqdn buildbox2.uncle.wrinkle.puppy.reductivelabs # hostname --fqdn buildbox2.domain.net My point is, a nis domain doesn''t need to be part of a hosts fqdn. On Aug 7, 10:09 am, Kai <hashe...@gmail.com> wrote:> Hi James, > > I think I''ve done it correctly. > > Installed facter is 1.5.1 from lenny (package revision 0.1). > > After one has installed the nis utils, we can set the domainname to a > domain to something thats not even remotely like your real domain (but > does exist in the global DNS). > Running "facter fqdn" will report our hostname with the new nis domain > instead. If I set the domainname to something that doesn''t exist, > facter will do the right thing (what I would expect). > > Tried it again on another server: > buildbox2:~/git/facter {50} # domainname google.com > buildbox2:~/git/facter {51} # dnsdomainname > domain.net > buildbox2:~/git/facter {52} # hostname --fqdn > buildbox2.domain.net > buildbox2:~/git/facter {53} # facter fqdn > buildbox2.google.com > buildbox2:~/git/facter {54} # bin/facter fqdn (thats from git, commit > 8191322766b19a5e3b2bc01cf6e14112fbd57031) > buildbox2.google.com > buildbox2:~/git/facter {57} # domainname google > buildbox2:~/git/facter {58} # facter fqdn > buildbox2.domain.net > > Interesting facts. > > Regards, > > On Aug 6, 5:04 pm, James Turnbull <ja...@lovedthanlost.net> wrote: > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > Kai wrote: > > > Hi Ohad, > > > > On Aug 6, 3:52 pm, Ohad Levy <ohadl...@gmail.com> wrote: > > >> it depends on the version of facter that you have, older version of facter > > >> just used the output from domainname. > > >> newer try first the dnsdomainname and fallback to the domainname. > > > > As far as I know the command ''domainname'' doesn''t ever relate to the > > > hostname. Perhaps its the same on a lot of servers in the wild, but > > > the NIS domainname could be ''test''. > > > Try seeing what FActer''s output is - run facter on the command line > > and see what is returned for hostname and domain. These are usually > > what Puppet uses to name certs. > > > >> to be safe, use the cert option in your puppet.conf > > > > That will be interesting: that file is supplied by puppet. Will the > > > hostname in puppet reflect the real hostname, or will it again > > > formulate its own by putting the NIS domain in it again? :) > > > He means the certname option -http://reductivelabs.com/trac/puppet/wiki/ConfigurationReference > > > Regards > > > James Turnbull > > > - -- > > Author of: > > * Pro Linux Systems Administration > > (http://tinyurl.com/linuxadmin) > > * Pulling Strings with Puppet > > (http://tinyurl.com/pupbook) > > * Pro Nagios 2.0 > > (http://tinyurl.com/pronagios) > > * Hardening Linux > > (http://tinyurl.com/hardeninglinux) > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.4.7 (Darwin) > > Comment: Using GnuPG with Mozilla -http://enigmail.mozdev.org/ > > > iD8DBQFKevDu9hTGvAxC30ARArzcAJ9qG/2Yai9xk+YOcDY6TqdvHQUWIgCeNKu1 > > KifDWd78+/HmeVsEAxL1j0Y> > =wULf > > -----END PGP SIGNATURE-------~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Right™. The new facter from git does work correctly. I''ll just upgrade. Sorry for the noise. On Aug 7, 10:18 am, Kai <hashe...@gmail.com> wrote:> Hmm. Any nisdomain with a dot does the trick to fool facter it seems. > > # domainname uncle.wrinkle.puppy.reductivelabs > # facter fqdn > buildbox2.uncle.wrinkle.puppy.reductivelabs > # hostname --fqdn > buildbox2.domain.net > > My point is, a nis domain doesn''t need to be part of a hosts fqdn. > > On Aug 7, 10:09 am, Kai <hashe...@gmail.com> wrote: > > > > > Hi James, > > > I think I''ve done it correctly. > > > Installed facter is 1.5.1 from lenny (package revision 0.1). > > > After one has installed the nis utils, we can set the domainname to a > > domain to something thats not even remotely like your real domain (but > > does exist in the global DNS). > > Running "facter fqdn" will report our hostname with the new nis domain > > instead. If I set the domainname to something that doesn''t exist, > > facter will do the right thing (what I would expect). > > > Tried it again on another server: > > buildbox2:~/git/facter {50} # domainname google.com > > buildbox2:~/git/facter {51} # dnsdomainname > > domain.net > > buildbox2:~/git/facter {52} # hostname --fqdn > > buildbox2.domain.net > > buildbox2:~/git/facter {53} # facter fqdn > > buildbox2.google.com > > buildbox2:~/git/facter {54} # bin/facter fqdn (thats from git, commit > > 8191322766b19a5e3b2bc01cf6e14112fbd57031) > > buildbox2.google.com > > buildbox2:~/git/facter {57} # domainname google > > buildbox2:~/git/facter {58} # facter fqdn > > buildbox2.domain.net > > > Interesting facts. > > > Regards, > > > On Aug 6, 5:04 pm, James Turnbull <ja...@lovedthanlost.net> wrote: > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA1 > > > > Kai wrote: > > > > Hi Ohad, > > > > > On Aug 6, 3:52 pm, Ohad Levy <ohadl...@gmail.com> wrote: > > > >> it depends on the version of facter that you have, older version of facter > > > >> just used the output from domainname. > > > >> newer try first the dnsdomainname and fallback to the domainname. > > > > > As far as I know the command ''domainname'' doesn''t ever relate to the > > > > hostname. Perhaps its the same on a lot of servers in the wild, but > > > > the NIS domainname could be ''test''. > > > > Try seeing what FActer''s output is - run facter on the command line > > > and see what is returned for hostname and domain. These are usually > > > what Puppet uses to name certs. > > > > >> to be safe, use the cert option in your puppet.conf > > > > > That will be interesting: that file is supplied by puppet. Will the > > > > hostname in puppet reflect the real hostname, or will it again > > > > formulate its own by putting the NIS domain in it again? :) > > > > He means the certname option -http://reductivelabs.com/trac/puppet/wiki/ConfigurationReference > > > > Regards > > > > James Turnbull > > > > - -- > > > Author of: > > > * Pro Linux Systems Administration > > > (http://tinyurl.com/linuxadmin) > > > * Pulling Strings with Puppet > > > (http://tinyurl.com/pupbook) > > > * Pro Nagios 2.0 > > > (http://tinyurl.com/pronagios) > > > * Hardening Linux > > > (http://tinyurl.com/hardeninglinux) > > > -----BEGIN PGP SIGNATURE----- > > > Version: GnuPG v1.4.7 (Darwin) > > > Comment: Using GnuPG with Mozilla -http://enigmail.mozdev.org/ > > > > iD8DBQFKevDu9hTGvAxC30ARArzcAJ9qG/2Yai9xk+YOcDY6TqdvHQUWIgCeNKu1 > > > KifDWd78+/HmeVsEAxL1j0Y> > > =wULf > > > -----END PGP SIGNATURE-------~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---