Puppet users - Oct 2010 - Using mac addresses for unique identifier of nodes?

Hello All:

This is my first posting to this group and I hope I am not asking
something that I could have found the answer to myself.  I am trying
to set up a mechanism for quickly provisioning customized virtual
machines (VMs) and looking at puppet as a means to implementing this.
The concept is this.  Take a base VM and offer user packages to choose
for on their custom VM.  Then use puppet to manage configuration of
custom VM.  One challenge I am experiencing is that the base VM is
cloned for each new instance.  Each custom VM then does not have a
unique hostname, its IP address is dynamically allocated at creation
and the IP address may not persist upon reboot.  The one unique
identifier on each VM is the mac address.  Is there some way that
puppet can be configured so that the way it identifies new nodes is by
means of the mac addresses?  I am an absolute newb to puppet so I am
not sure if this question was dealt with in earlier postings.  I am
running 0.22.4 just because that is what was in the yum repository.  I
am certainly willing to upgrade if that is any help.  I am not sure if
I am giving enough info here so please let me know if more is
required.  Any help would be greatly appreciated.

Cheers,

David

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Am a noob too.... but this is how I understand Puppet:

Some mechanism will build a new VM with puppet installed and
configured on it. right?
At first run, puppet daemon will contact the puppetmaster submitting a
cert request
Master will sign request (automatically or manually by admin)
From that point on:
- Puppet daemon will connect to master, and say my name is, my ip is,
my fact1 is, my fact2 is....
- Puppet master will say: here is you config.

the facts include MAC addresses.

I''d recommend looking at what foreman has to offer: 
http://theforeman.org/

Mohamed.


On Wed, Oct 6, 2010 at 7:32 PM, dagrundy <dagrundy@gmail.com>
wrote:
> Hello All:
>
> This is my first posting to this group and I hope I am not asking
> something that I could have found the answer to myself.  I am trying
> to set up a mechanism for quickly provisioning customized virtual
> machines (VMs) and looking at puppet as a means to implementing this.
> The concept is this.  Take a base VM and offer user packages to choose
> for on their custom VM.  Then use puppet to manage configuration of
> custom VM.  One challenge I am experiencing is that the base VM is
> cloned for each new instance.  Each custom VM then does not have a
> unique hostname, its IP address is dynamically allocated at creation
> and the IP address may not persist upon reboot.  The one unique
> identifier on each VM is the mac address.  Is there some way that
> puppet can be configured so that the way it identifies new nodes is by
> means of the mac addresses?  I am an absolute newb to puppet so I am
> not sure if this question was dealt with in earlier postings.  I am
> running 0.22.4 just because that is what was in the yum repository.  I
> am certainly willing to upgrade if that is any help.  I am not sure if
> I am giving enough info here so please let me know if more is
> required.  Any help would be greatly appreciated.
>
> Cheers,
>
> David
>
> --
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
>
>


-- 
" Logic merely sanctions the conquests of the intuition."
Jacques Hadamard

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Thanks for your reply.  To answer your question, yes the new VM will be
built with puppet installed and configured.  Since I posted this I have
found out that the mac address will not persist upon reboot so I need to
find another way of naming each new VM uniquely before it can be configured
by puppet.  Thanks again.

Cheers,

David

On Thu, Oct 7, 2010 at 1:42 PM, Mohamed Lrhazi <lrhazi@gmail.com> wrote:
> Am a noob too.... but this is how I understand Puppet:
>
> Some mechanism will build a new VM with puppet installed and
> configured on it. right?
> At first run, puppet daemon will contact the puppetmaster submitting a
> cert request
> Master will sign request (automatically or manually by admin)
> From that point on:
> - Puppet daemon will connect to master, and say my name is, my ip is,
> my fact1 is, my fact2 is....
> - Puppet master will say: here is you config.
>
> the facts include MAC addresses.
>
> I''d recommend looking at what foreman has to offer:
> http://theforeman.org/
>
> Mohamed.
>
>
> On Wed, Oct 6, 2010 at 7:32 PM, dagrundy <dagrundy@gmail.com> wrote:
> > Hello All:
> >
> > This is my first posting to this group and I hope I am not asking
> > something that I could have found the answer to myself.  I am trying
> > to set up a mechanism for quickly provisioning customized virtual
> > machines (VMs) and looking at puppet as a means to implementing this.
> > The concept is this.  Take a base VM and offer user packages to choose
> > for on their custom VM.  Then use puppet to manage configuration of
> > custom VM.  One challenge I am experiencing is that the base VM is
> > cloned for each new instance.  Each custom VM then does not have a
> > unique hostname, its IP address is dynamically allocated at creation
> > and the IP address may not persist upon reboot.  The one unique
> > identifier on each VM is the mac address.  Is there some way that
> > puppet can be configured so that the way it identifies new nodes is by
> > means of the mac addresses?  I am an absolute newb to puppet so I am
> > not sure if this question was dealt with in earlier postings.  I am
> > running 0.22.4 just because that is what was in the yum repository.  I
> > am certainly willing to upgrade if that is any help.  I am not sure if
> > I am giving enough info here so please let me know if more is
> > required.  Any help would be greatly appreciated.
> >
> > Cheers,
> >
> > David
> >
> > --
> > You received this message because you are subscribed to the Google
Groups
> "Puppet Users" group.
> > To post to this group, send email to puppet-users@googlegroups.com.
> > To unsubscribe from this group, send email to
>
puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com>
> .
> > For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
> >
> >
>
>
>
> --
> " Logic merely sanctions the conquests of the intuition."
> Jacques Hadamard
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
>
puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com>
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Wed, Oct 6, 2010 at 4:32 PM, dagrundy <dagrundy@gmail.com>
wrote:
> This is my first posting to this group and I hope I am not asking
> something that I could have found the answer to myself.  I am trying
> to set up a mechanism for quickly provisioning customized virtual
> machines (VMs) and looking at puppet as a means to implementing this.
> The concept is this.  Take a base VM and offer user packages to choose
> for on their custom VM.  Then use puppet to manage configuration of
> custom VM.  One challenge I am experiencing is that the base VM is
> cloned for each new instance.  Each custom VM then does not have a
> unique hostname, its IP address is dynamically allocated at creation
> and the IP address may not persist upon reboot.  The one unique
> identifier on each VM is the mac address.  Is there some way that
> puppet can be configured so that the way it identifies new nodes is by
> means of the mac addresses?  I am an absolute newb to puppet so I am
> not sure if this question was dealt with in earlier postings.  I am
> running 0.22.4 just because that is what was in the yum repository.  I
> am certainly willing to upgrade if that is any help.  I am not sure if
> I am giving enough info here so please let me know if more is
> required.  Any help would be greatly appreciated.
Yes, it would be much better to upgrade to a later version. Would it
be better to configure a sensible hostname before connecting to puppet
master?

Anyhow back to your question, by default puppet will use the host fqdn
to identify itself in the certificate subject CN. if you want the
nodes to be identified by mac address so you get unique certs and can
identify them as separate nodes despite having the same hostname,
specify certname option (must be lower case):

# puppet agent --certname=`facter macaddress|tr [A-Z] [a-z]|tr -d :` -t -v
info: Creating a new SSL key for 000c298834fb
warning: peer certificate won''t be verified in this SSL session
warning: peer certificate won''t be verified in this SSL session
info: Creating a new SSL certificate request for 000c298834fb
info: Certificate Request fingerprint (md5):
53:54:E0:9B:53:04:B2:29:B8:24:FB:C3:BB:49:FF:83
warning: peer certificate won''t be verified in this SSL session
warning: peer certificate won''t be verified in this SSL session
warning: peer certificate won''t be verified in this SSL session
Exiting; no certificate found and waitforcert is disabled

In the puppet manifest, this host will be
node 000c298834fb {
}

Thanks,

Nan

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Thanks.  This was the answer I was originally looking for.  If you
didn''t
notice my last post, I have since found out that the mac addresses
won''t
persist upon reboot so I will have to configure a sensible hostname for each
VM before connecting to puppetmaster.

Cheers,

David

On Thu, Oct 7, 2010 at 2:16 PM, Nan Liu <nan@puppetlabs.com> wrote:
> On Wed, Oct 6, 2010 at 4:32 PM, dagrundy <dagrundy@gmail.com> wrote:
> > This is my first posting to this group and I hope I am not asking
> > something that I could have found the answer to myself.  I am trying
> > to set up a mechanism for quickly provisioning customized virtual
> > machines (VMs) and looking at puppet as a means to implementing this.
> > The concept is this.  Take a base VM and offer user packages to choose
> > for on their custom VM.  Then use puppet to manage configuration of
> > custom VM.  One challenge I am experiencing is that the base VM is
> > cloned for each new instance.  Each custom VM then does not have a
> > unique hostname, its IP address is dynamically allocated at creation
> > and the IP address may not persist upon reboot.  The one unique
> > identifier on each VM is the mac address.  Is there some way that
> > puppet can be configured so that the way it identifies new nodes is by
> > means of the mac addresses?  I am an absolute newb to puppet so I am
> > not sure if this question was dealt with in earlier postings.  I am
> > running 0.22.4 just because that is what was in the yum repository.  I
> > am certainly willing to upgrade if that is any help.  I am not sure if
> > I am giving enough info here so please let me know if more is
> > required.  Any help would be greatly appreciated.
>
> Yes, it would be much better to upgrade to a later version. Would it
> be better to configure a sensible hostname before connecting to puppet
> master?
>
> Anyhow back to your question, by default puppet will use the host fqdn
> to identify itself in the certificate subject CN. if you want the
> nodes to be identified by mac address so you get unique certs and can
> identify them as separate nodes despite having the same hostname,
> specify certname option (must be lower case):
>
> # puppet agent --certname=`facter macaddress|tr [A-Z] [a-z]|tr -d :` -t -v
> info: Creating a new SSL key for 000c298834fb
> warning: peer certificate won''t be verified in this SSL session
> warning: peer certificate won''t be verified in this SSL session
> info: Creating a new SSL certificate request for 000c298834fb
> info: Certificate Request fingerprint (md5):
> 53:54:E0:9B:53:04:B2:29:B8:24:FB:C3:BB:49:FF:83
> warning: peer certificate won''t be verified in this SSL session
> warning: peer certificate won''t be verified in this SSL session
> warning: peer certificate won''t be verified in this SSL session
> Exiting; no certificate found and waitforcert is disabled
>
> In the puppet manifest, this host will be
> node 000c298834fb {
> }
>
> Thanks,
>
> Nan
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
>
puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com>
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.