Sriramu Singaram
2011-Jun-30 00:47 UTC
[Puppet Users] Puppet agent creates certificates for localhost.localdomain and does not pick up the changed hostname
Hi Everyone, I am using Puppet 2.6.5 to configure fresh VMs. These VMs have their hostname set to localhost.localdomain initially at boot-time. There is this script file that runs in rc.local and this is what I do inside it 1. I change the hostname from localhost to xxx.xxxxxx using the hostname command. 2. start the puppet agent as /usr/sbin/puppetd --certname=xxx.xxxxxx --logdest=/var/log/puppet/puppet.log The problem I am facing is that the puppet agent on the VMs creates certificates for localhost.localdomain inspite of me changing the hostname to say xxx.xxxxxxx. I want the puppet agent to pick up the new hostname while creating the certificate, but it doesn''t seem to be doing that. I am not sure where the puppet agent looks to pick up the hostname at certificate creation, is it the /etc/hosts file or the env or /etc/ sysconfig/network? currently when I set the hostname using the hostname command, it doesnt create any entry in these files. Any help is really appreciated!! Thanks, Sriramu -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
brijesh
2011-Jun-30 02:36 UTC
[Puppet Users] Re: Puppet agent creates certificates for localhost.localdomain and does not pick up the changed hostname
on ubuntu you have to change the /etc/hostname file and set hostname there which should do the job. it depends on the distro you are using you need to change the file accordingly. Brijesh On Jun 30, 12:47 pm, Sriramu Singaram <sriramus....@gmail.com> wrote:> Hi Everyone, > > I am using Puppet 2.6.5 to configure fresh VMs. These VMs have their > hostname set to localhost.localdomain initially at boot-time. > > There is this script file that runs in rc.local and this is what I do > inside it > 1. I change the hostname from localhost to xxx.xxxxxx using the > hostname command. > 2. start the puppet agent as /usr/sbin/puppetd --certname=xxx.xxxxxx > --logdest=/var/log/puppet/puppet.log > > The problem I am facing is that the puppet agent on the VMs creates > certificates for localhost.localdomain inspite of me changing the > hostname to say xxx.xxxxxxx. > > I want the puppet agent to pick up the new hostname while creating the > certificate, but it doesn''t seem to be doing that. > > I am not sure where the puppet agent looks to pick up the hostname at > certificate creation, is it the /etc/hosts file or the env or /etc/ > sysconfig/network? currently when I set the hostname using the > hostname command, it doesnt create any entry in these files. > > Any help is really appreciated!! > > Thanks, > Sriramu-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
jcbollinger
2011-Jun-30 13:49 UTC
[Puppet Users] Re: Puppet agent creates certificates for localhost.localdomain and does not pick up the changed hostname
On Jun 29, 7:47 pm, Sriramu Singaram <sriramus....@gmail.com> wrote:> Hi Everyone, > > I am using Puppet 2.6.5 to configure fresh VMs. These VMs have their > hostname set to localhost.localdomain initially at boot-time. > > There is this script file that runs in rc.local and this is what I do > inside it > 1. I change the hostname from localhost to xxx.xxxxxx using the > hostname command. > 2. start the puppet agent as /usr/sbin/puppetd --certname=xxx.xxxxxx > --logdest=/var/log/puppet/puppet.log > > The problem I am facing is that the puppet agent on the VMs creates > certificates for localhost.localdomain inspite of me changing the > hostname to say xxx.xxxxxxx. > > I want the puppet agent to pick up the new hostname while creating the > certificate, but it doesn''t seem to be doing that. > > I am not sure where the puppet agent looks to pick up the hostname at > certificate creation, is it the /etc/hosts file or the env or /etc/ > sysconfig/network? currently when I set the hostname using the > hostname command, it doesnt create any entry in these files. > > Any help is really appreciated!!In all likelihood, the agent uses the node''s name resolver to get its FQDN, either by a command such as ''hostname --fqdn'' or by the direct syscalls. Changing the host name via the hostname command does not affect the FQDN, and also does not persist across reboots . How you can change the FQDN and whether you can do so without restarting the VM will depend on your configuration and resolver library. Among the relevant files for most Linux installations are / etc/nsswitch.conf, /etc/resolv.conf, and /etc/hosts. Other files vary more among distributions, but on RedHat-family distros you probably need to set the FQDN in /etc/sysconfig/network. Whether the node''s name is in fact resolvable in DNS / NIS / whatever-nameservice-is- configured may also be relevant. If you are running a name caching service (e.g. nscd) then that may also factor into the equation. Note that nscd in particular can be configured to be stubbornly ignorant of changes to the authoritative files. Good luck, John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Nigel Kersten
2011-Jun-30 15:57 UTC
Re: [Puppet Users] Re: Puppet agent creates certificates for localhost.localdomain and does not pick up the changed hostname
On Thu, Jun 30, 2011 at 6:49 AM, jcbollinger <John.Bollinger@stjude.org>wrote:> > Note that nscd in particular can be > configured to be stubbornly ignorant of changes to the authoritative > files. >Tell it like it is brother! /me considers forming the nscd-haters club... As an aside that really isn''t that relevant to the OP, I''ve had good success with nsscache in the past. http://code.google.com/p/nsscache/wiki/MotivationBehindNssCache -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
jcbollinger
2011-Jul-01 16:01 UTC
[Puppet Users] Re: Puppet agent creates certificates for localhost.localdomain and does not pick up the changed hostname
On Jun 30, 10:57 am, Nigel Kersten <ni...@puppetlabs.com> wrote:> As an aside that really isn''t that relevant to the OP, I''ve had good success > with nsscache in the past. > > http://code.google.com/p/nsscache/wiki/MotivationBehindNssCacheThat''s cool. I''ll have to study it is a possible solution for some of my current problems, such as laptops that can''t reach our name services when they''re off our internal network. Thanks! John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Sriramu Singaram
2011-Jul-02 01:02 UTC
[Puppet Users] Re: Puppet agent creates certificates for localhost.localdomain and does not pick up the changed hostname
Thank you very much for the reply Guyz. I really appreciate it. I am working on CentOS and as suggested I tried turning off the nscd service with no success. I am curently working setting the hostname in the different configuration files, hope it works. will keep you guys posted. Thanks, Sriramu On Jul 1, 9:01 am, jcbollinger <John.Bollin...@stJude.org> wrote:> On Jun 30, 10:57 am, Nigel Kersten <ni...@puppetlabs.com> wrote: > > > As an aside that really isn''t that relevant to the OP, I''ve had good success > > with nsscache in the past. > > >http://code.google.com/p/nsscache/wiki/MotivationBehindNssCache > > That''s cool. I''ll have to study it is a possible solution for some of > my current problems, such as laptops that can''t reach our name > services when they''re off our internal network. Thanks! > > John-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Sriramu Singaram
2011-Jul-15 00:47 UTC
[Puppet Users] Re: Puppet agent creates certificates for localhost.localdomain and does not pick up the changed hostname
Hi Guyz, After lot of changes, I finally found out the solution for the problem, it was the /etc/sysconfig/puppet and /etc/logrotate.d/puppet file. Once I removed this file everything works perfectly. Apparently this file I guess overrides the commandline flags I give to puppetd when starting it up like this usr/sbin/puppetd --certname=xxx.xxxxxx -- logdest=/var/log/cloud/puppet/puppet.log when I did a ps aux | grep puppet, I found that the puppet process eventually ran with different settings: /usr/bin/ruby usr/sbin/puppetd -logdest=/var/log/puppet/puppet.log the certname option was totally ignored here also note that the log is actually stored under /log/puppet. I still do not understand how this file could affect the hostname for certificate creation strangely things are working perfectly now even when I do not force the puppetd with the --certname flag. Thanks, Sriramu On Jul 1, 9:02 pm, Sriramu Singaram <sriramus....@gmail.com> wrote:> Thank you very much for the reply Guyz. I really appreciate it. I am > working on CentOS and as suggested I tried turning off the nscd > service with no success. > > I am curently working setting the hostname in the different > configuration files, hope it works. > > will keep you guys posted. > > Thanks,Sriramu > > On Jul 1, 9:01 am, jcbollinger <John.Bollin...@stJude.org> wrote: > > > > > On Jun 30, 10:57 am, Nigel Kersten <ni...@puppetlabs.com> wrote: > > > > As an aside that really isn''t that relevant to the OP, I''ve had good success > > > with nsscache in the past. > > > >http://code.google.com/p/nsscache/wiki/MotivationBehindNssCache > > > That''s cool. I''ll have to study it is a possible solution for some of > > my current problems, such as laptops that can''t reach our name > > services when they''re off our internal network. Thanks! > > > John-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Sriramu Singaram
2011-Jul-15 00:49 UTC
[Puppet Users] Re: Puppet agent creates certificates for localhost.localdomain and does not pick up the changed hostname
Also, I did not have to modify any of the other files like /etc/hosts or /etc/sysconfig/network. Thanks, Sriramu On Jul 14, 5:47 pm, Sriramu Singaram <sriramus....@gmail.com> wrote:> Hi Guyz, > > After lot of changes, I finally found out the solution for the > problem, it was the /etc/sysconfig/puppet and /etc/logrotate.d/puppet > file. > > Once I removed this file everything works perfectly. Apparently this > file I guess overrides the commandline flags I give to puppetd when > starting it up like this usr/sbin/puppetd --certname=xxx.xxxxxx -- > logdest=/var/log/cloud/puppet/puppet.log > > when I did a ps aux | grep puppet, I found that the puppet process > eventually ran with different settings: /usr/bin/ruby usr/sbin/puppetd > -logdest=/var/log/puppet/puppet.log > > the certname option was totally ignored here also note that the log is > actually stored under /log/puppet. I still do not understand how this > file could affect the hostname for certificate creation strangely > things are working perfectly now even when I do not force the puppetd > with the --certname flag. > > Thanks,Sriramu > > On Jul 1, 9:02 pm,SriramuSingaram <sriramus....@gmail.com> wrote: > > > > > Thank you very much for the reply Guyz. I really appreciate it. I am > > working on CentOS and as suggested I tried turning off the nscd > > service with no success. > > > I am curently working setting the hostname in the different > > configuration files, hope it works. > > > will keep you guys posted. > > > Thanks,Sriramu > > > On Jul 1, 9:01 am, jcbollinger <John.Bollin...@stJude.org> wrote: > > > > On Jun 30, 10:57 am, Nigel Kersten <ni...@puppetlabs.com> wrote: > > > > > As an aside that really isn''t that relevant to the OP, I''ve had good success > > > > with nsscache in the past. > > > > >http://code.google.com/p/nsscache/wiki/MotivationBehindNssCache > > > > That''s cool. I''ll have to study it is a possible solution for some of > > > my current problems, such as laptops that can''t reach our name > > > services when they''re off our internal network. Thanks! > > > > John-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.