Puppet users - Aug 2011 - Need some advice: Clients that change name and IP address

The environment I work in has dev, QA, and production divisions.
New machines are built/loaded in dev and then moved, if necessary to QA or
production after they have been configured and verified.  In moving, the machine
in question will change its IP address and hostname.

I have set up a Cobbler server to shortcut this, and I am now tasked with adding
Puppet to the mixture.

Can anyone suggest a maintainable way for Puppet to handle machines that get
moved and renamed as described ?

My first thought is to remove all the files generated by making the machine a
puppet client and then just re-add it as a new client in the new location with
the new name, but that feels like a brute-force solution.

“Sometimes I think the surest sign that intelligent life exists elsewhere in the
universe is that none of it has tried to contact us.”
Bill Waterson (Calvin & Hobbes)

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Tue, Aug 30, 2011 at 9:28 AM, Dan White <ygor@comcast.net> wrote:
> The environment I work in has dev, QA, and production divisions.
> New machines are built/loaded in dev and then moved, if necessary to QA or
> production after they have been configured and verified.  In moving, the
> machine in question will change its IP address and hostname.
>
> I have set up a Cobbler server to shortcut this, and I am now tasked with
> adding Puppet to the mixture.
>
> Can anyone suggest a maintainable way for Puppet to handle machines that
> get moved and renamed as described ?
>
> My first thought is to remove all the files generated by making the machine
> a puppet client and then just re-add it as a new client in the new location
> with the new name, but that feels like a brute-force solution.
>
Don''t use hostnames for your certnames?

I''ve used UUIDs for this sort of deployment in the past.



>
> “Sometimes I think the surest sign that intelligent life exists elsewhere
> in the universe is that none of it has tried to contact us.”
> Bill Waterson (Calvin & Hobbes)
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
Nigel Kersten
Product Manager, Puppet Labs

*Join us for **PuppetConf *
<http://www.bit.ly/puppetconfsig>
Sept 22/23 Portland, Oregon, USA.
*
*

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Aug 30, 2011, at 9:17 PM, Nigel Kersten wrote:
>
>
> On Tue, Aug 30, 2011 at 9:28 AM, Dan White <ygor@comcast.net> wrote:
> The environment I work in has dev, QA, and production divisions.
> New machines are built/loaded in dev and then moved, if necessary to  
> QA or production after they have been configured and verified.  In  
> moving, the machine in question will change its IP address and  
> hostname.
>
> I have set up a Cobbler server to shortcut this, and I am now tasked  
> with adding Puppet to the mixture.
>
> Can anyone suggest a maintainable way for Puppet to handle machines  
> that get moved and renamed as described ?
>
> My first thought is to remove all the files generated by making the  
> machine a puppet client and then just re-add it as a new client in  
> the new location with the new name, but that feels like a brute- 
> force solution.
>
> Don''t use hostnames for your certnames?
>
> I''ve used UUIDs for this sort of deployment in the past.
>
Details, please.

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Tue, Aug 30, 2011 at 8:43 PM, Dan White <ygor@comcast.net> wrote:
>
> On Aug 30, 2011, at 9:17 PM, Nigel Kersten wrote:
>
>
>
> On Tue, Aug 30, 2011 at 9:28 AM, Dan White <ygor@comcast.net> wrote:
>
>> The environment I work in has dev, QA, and production divisions.
>> New machines are built/loaded in dev and then moved, if necessary to QA
or
>> production after they have been configured and verified.  In moving,
the
>> machine in question will change its IP address and hostname.
>>
>> I have set up a Cobbler server to shortcut this, and I am now tasked
with
>> adding Puppet to the mixture.
>>
>> Can anyone suggest a maintainable way for Puppet to handle machines
that
>> get moved and renamed as described ?
>>
>> My first thought is to remove all the files generated by making the
>> machine a puppet client and then just re-add it as a new client in the
new
>> location with the new name, but that feels like a brute-force solution.
>>
>
> Don''t use hostnames for your certnames?
>
> I''ve used UUIDs for this sort of deployment in the past.
>
>
> Details, please.
>
The certname setting can be changed in the agent section of puppet.conf.
 When I managed Puppet down to the desktop, I would typically set the
client''s certname to their serial number (which wouldn''t
change unless the
Motherboard was changed).  Because of this, they could change their Hostname
to their heart''s content and the SSL certs for Puppet wouldn''t
be affected.
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>


-- 

Gary Larizza
Professional Services Engineer
Puppet Labs

Join us for PuppetConf <http://bit.ly/puppetconfsig>, September 22nd and
23rd in Portland, OR!

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Aug 30, 2011, at 9:45 PM, Gary Larizza wrote:
>
>
> On Tue, Aug 30, 2011 at 8:43 PM, Dan White <ygor@comcast.net> wrote:
>
> On Aug 30, 2011, at 9:17 PM, Nigel Kersten wrote:
>
>>
>>
>> On Tue, Aug 30, 2011 at 9:28 AM, Dan White <ygor@comcast.net>
wrote:
>> The environment I work in has dev, QA, and production divisions.
>> New machines are built/loaded in dev and then moved, if necessary  
>> to QA or production after they have been configured and verified.   
>> In moving, the machine in question will change its IP address and  
>> hostname.
>>
>> I have set up a Cobbler server to shortcut this, and I am now  
>> tasked with adding Puppet to the mixture.
>>
>> Can anyone suggest a maintainable way for Puppet to handle machines  
>> that get moved and renamed as described ?
>>
>> My first thought is to remove all the files generated by making the  
>> machine a puppet client and then just re-add it as a new client in  
>> the new location with the new name, but that feels like a brute- 
>> force solution.
>>
>> Don''t use hostnames for your certnames?
>>
>> I''ve used UUIDs for this sort of deployment in the past.
>>
>
> Details, please.
>
> The certname setting can be changed in the agent section of  
> puppet.conf.  When I managed Puppet down to the desktop, I would  
> typically set the client''s certname to their serial number (which
> wouldn''t change unless the Motherboard was changed).  Because of  
> this, they could change their Hostname to their heart''s content
and
> the SSL certs for Puppet wouldn''t be affected.
Would an example be possible ?  I think I understand what you are  
saying, but as a N00b PuppetMaster, I cannot quite figure out how to  
make it happen.

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

http://docs.puppetlabs.com/references/stable/configuration.html#certname

On Tue, Aug 30, 2011 at 8:32 PM, Dan White <ygor@comcast.net> wrote:
>
> On Aug 30, 2011, at 9:45 PM, Gary Larizza wrote:
>
>
>
> On Tue, Aug 30, 2011 at 8:43 PM, Dan White <ygor@comcast.net> wrote:
>
>>
>> On Aug 30, 2011, at 9:17 PM, Nigel Kersten wrote:
>>
>>
>>
>> On Tue, Aug 30, 2011 at 9:28 AM, Dan White <ygor@comcast.net>
wrote:
>>
>>> The environment I work in has dev, QA, and production divisions.
>>> New machines are built/loaded in dev and then moved, if necessary
to QA
>>> or production after they have been configured and verified.  In
moving, the
>>> machine in question will change its IP address and hostname.
>>>
>>> I have set up a Cobbler server to shortcut this, and I am now
tasked with
>>> adding Puppet to the mixture.
>>>
>>> Can anyone suggest a maintainable way for Puppet to handle machines
that
>>> get moved and renamed as described ?
>>>
>>> My first thought is to remove all the files generated by making the
>>> machine a puppet client and then just re-add it as a new client in
the new
>>> location with the new name, but that feels like a brute-force
solution.
>>>
>>
>> Don''t use hostnames for your certnames?
>>
>> I''ve used UUIDs for this sort of deployment in the past.
>>
>>
>> Details, please.
>>
>
> The certname setting can be changed in the agent section of puppet.conf.
>  When I managed Puppet down to the desktop, I would typically set the
> client''s certname to their serial number (which wouldn''t
change unless the
> Motherboard was changed).  Because of this, they could change their
Hostname
> to their heart''s content and the SSL certs for Puppet
wouldn''t be affected.
>
>
> Would an example be possible ?  I think I understand what you are saying,
> but as a N00b PuppetMaster, I cannot quite figure out how to make it
happen.
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

OK, let me try to see if I have it.  Please correct any misteaks I make in this
attempt.

The paragraph pointed to by the link says that a certname is "...The name
to use when handling certificates. Defaults to the fully qualified domain
name."

The top of the page also says that configuration settings can be specified in
puppet.conf or on the command line.

So I conclude I need to put "certname=<something unique>" into
/etc/puppet/puppet.conf of the client machine and the same unique name into a
node on the puppetmaster.

It is my hope to generate the client conf as part of the
cobbler/kickstart/puppet setup I am trying to establish.  I am thinking that I
should have access to facter in the kickstart %post section, so I should be able
to make it happen in front of the snippet that generates the puppet certificates
and signing request.

Does that shot hit the target ?

Thanks for your help and pointers.

“Sometimes I think the surest sign that intelligent life exists elsewhere in the
universe is that none of it has tried to contact us.”
Bill Waterson (Calvin & Hobbes)

----- Scott Smith <scott@ohlol.net> wrote:
> http://docs.puppetlabs.com/references/stable/configuration.html#certname
> 
> On Tue, Aug 30, 2011 at 8:32 PM, Dan White <ygor@comcast.net> wrote:
> 
> >
> > On Aug 30, 2011, at 9:45 PM, Gary Larizza wrote:
> >
> >
> >
> > On Tue, Aug 30, 2011 at 8:43 PM, Dan White <ygor@comcast.net>
wrote:
> >
> >>
> >> On Aug 30, 2011, at 9:17 PM, Nigel Kersten wrote:
> >>
> >>
> >>
> >> On Tue, Aug 30, 2011 at 9:28 AM, Dan White
<ygor@comcast.net> wrote:
> >>
> >>> The environment I work in has dev, QA, and production
divisions.
> >>> New machines are built/loaded in dev and then moved, if
necessary to QA
> >>> or production after they have been configured and verified. 
In moving, the
> >>> machine in question will change its IP address and hostname.
> >>>
> >>> I have set up a Cobbler server to shortcut this, and I am now
tasked with
> >>> adding Puppet to the mixture.
> >>>
> >>> Can anyone suggest a maintainable way for Puppet to handle
machines that
> >>> get moved and renamed as described ?
> >>>
> >>> My first thought is to remove all the files generated by
making the
> >>> machine a puppet client and then just re-add it as a new
client in the new
> >>> location with the new name, but that feels like a brute-force
solution.
> >>>
> >>
> >> Don''t use hostnames for your certnames?
> >>
> >> I''ve used UUIDs for this sort of deployment in the past.
> >>
> >>
> >> Details, please.
> >>
> >
> > The certname setting can be changed in the agent section of
puppet.conf.
> >  When I managed Puppet down to the desktop, I would typically set the
> > client''s certname to their serial number (which
wouldn''t change unless the
> > Motherboard was changed).  Because of this, they could change their
Hostname
> > to their heart''s content and the SSL certs for Puppet
wouldn''t be affected.
> >
> >
> > Would an example be possible ?  I think I understand what you are
saying,
> > but as a N00b PuppetMaster, I cannot quite figure out how to make it
happen.
> >
> >  --
> > You received this message because you are subscribed to the Google
Groups
> > "Puppet Users" group.
> > To post to this group, send email to puppet-users@googlegroups.com.
> > To unsubscribe from this group, send email to
> > puppet-users+unsubscribe@googlegroups.com.
> > For more options, visit this group at
> > http://groups.google.com/group/puppet-users?hl=en.
> >
> 
> -- 
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
> 
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Wed, Aug 31, 2011 at 7:12 AM, Dan White <ygor@comcast.net> wrote:
> OK, let me try to see if I have it.  Please correct any misteaks I make in
> this attempt.
>
> The paragraph pointed to by the link says that a certname is "...The
name
> to use when handling certificates. Defaults to the fully qualified domain
> name."
>
> The top of the page also says that configuration settings can be specified
> in puppet.conf or on the command line.
>
> So I conclude I need to put "certname=<something unique>"
into
> /etc/puppet/puppet.conf of the client machine and the same unique name into
> a node on the puppetmaster.
>
> It is my hope to generate the client conf as part of the
> cobbler/kickstart/puppet setup I am trying to establish.  I am thinking
that
> I should have access to facter in the kickstart %post section, so I should
> be able to make it happen in front of the snippet that generates the puppet
> certificates and signing request.
>
> Does that shot hit the target ?
>
> Thanks for your help and pointers.
>
Yep, that''s it.  Whatever UID you use in puppet.conf in the
"certname = UID"
setting is how the puppet master will refer to your node.  So, if on the
client you do ''certname = 12345'' then on the puppet master
server your node
declaration should be "node 12345 { include ssh }".


>
> “Sometimes I think the surest sign that intelligent life exists elsewhere
> in the universe is that none of it has tried to contact us.”
> Bill Waterson (Calvin & Hobbes)
>
> ----- Scott Smith <scott@ohlol.net> wrote:
> >
http://docs.puppetlabs.com/references/stable/configuration.html#certname
> >
> > On Tue, Aug 30, 2011 at 8:32 PM, Dan White <ygor@comcast.net>
wrote:
> >
> > >
> > > On Aug 30, 2011, at 9:45 PM, Gary Larizza wrote:
> > >
> > >
> > >
> > > On Tue, Aug 30, 2011 at 8:43 PM, Dan White
<ygor@comcast.net> wrote:
> > >
> > >>
> > >> On Aug 30, 2011, at 9:17 PM, Nigel Kersten wrote:
> > >>
> > >>
> > >>
> > >> On Tue, Aug 30, 2011 at 9:28 AM, Dan White
<ygor@comcast.net> wrote:
> > >>
> > >>> The environment I work in has dev, QA, and production
divisions.
> > >>> New machines are built/loaded in dev and then moved, if
necessary to
> QA
> > >>> or production after they have been configured and
verified.  In
> moving, the
> > >>> machine in question will change its IP address and
hostname.
> > >>>
> > >>> I have set up a Cobbler server to shortcut this, and I am
now tasked
> with
> > >>> adding Puppet to the mixture.
> > >>>
> > >>> Can anyone suggest a maintainable way for Puppet to
handle machines
> that
> > >>> get moved and renamed as described ?
> > >>>
> > >>> My first thought is to remove all the files generated by
making the
> > >>> machine a puppet client and then just re-add it as a new
client in
> the new
> > >>> location with the new name, but that feels like a
brute-force
> solution.
> > >>>
> > >>
> > >> Don''t use hostnames for your certnames?
> > >>
> > >> I''ve used UUIDs for this sort of deployment in the
past.
> > >>
> > >>
> > >> Details, please.
> > >>
> > >
> > > The certname setting can be changed in the agent section of
> puppet.conf.
> > >  When I managed Puppet down to the desktop, I would typically set
the
> > > client''s certname to their serial number (which
wouldn''t change unless
> the
> > > Motherboard was changed).  Because of this, they could change
their
> Hostname
> > > to their heart''s content and the SSL certs for Puppet
wouldn''t be
> affected.
> > >
> > >
> > > Would an example be possible ?  I think I understand what you are
> saying,
> > > but as a N00b PuppetMaster, I cannot quite figure out how to make
it
> happen.
> > >
> > >  --
> > > You received this message because you are subscribed to the
Google
> Groups
> > > "Puppet Users" group.
> > > To post to this group, send email to
puppet-users@googlegroups.com.
> > > To unsubscribe from this group, send email to
> > > puppet-users+unsubscribe@googlegroups.com.
> > > For more options, visit this group at
> > > http://groups.google.com/group/puppet-users?hl=en.
> > >
> >
> > --
> > You received this message because you are subscribed to the Google
Groups
> "Puppet Users" group.
> > To post to this group, send email to puppet-users@googlegroups.com.
> > To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> > For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
> >
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 

Gary Larizza
Professional Services Engineer
Puppet Labs

Join us for PuppetConf <http://bit.ly/puppetconfsig>, September 22nd and
23rd in Portland, OR!

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

I believe I got it working !
I''m using the mac address instead of uuid as the mac address is a
machine-unique value I can easily access.

I will post details of my implementation (cobbler snippet tweaks and all) once I
am confident I have all the details covered.  "Pay it forward !!"

Thanks for the pointers.

“Sometimes I think the surest sign that intelligent life exists elsewhere in the
universe is that none of it has tried to contact us.”
Bill Waterson (Calvin & Hobbes)

----- Gary Larizza <gary@puppetlabs.com> wrote:
> On Wed, Aug 31, 2011 at 7:12 AM, Dan White <ygor@comcast.net> wrote:
> 
> > OK, let me try to see if I have it.  Please correct any misteaks I
make in
> > this attempt.
> >
> > The paragraph pointed to by the link says that a certname is
"...The name
> > to use when handling certificates. Defaults to the fully qualified
domain
> > name."
> >
> > The top of the page also says that configuration settings can be
specified
> > in puppet.conf or on the command line.
> >
> > So I conclude I need to put "certname=<something
unique>" into
> > /etc/puppet/puppet.conf of the client machine and the same unique name
into
> > a node on the puppetmaster.
> >
> > It is my hope to generate the client conf as part of the
> > cobbler/kickstart/puppet setup I am trying to establish.  I am
thinking that
> > I should have access to facter in the kickstart %post section, so I
should
> > be able to make it happen in front of the snippet that generates the
puppet
> > certificates and signing request.
> >
> > Does that shot hit the target ?
> >
> > Thanks for your help and pointers.
> >
> 
> Yep, that''s it.  Whatever UID you use in puppet.conf in the
"certname = UID"
> setting is how the puppet master will refer to your node.  So, if on the
> client you do ''certname = 12345'' then on the puppet
master server your node
> declaration should be "node 12345 { include ssh }".
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.