similar to: alternate hostnames, keys, and certs

I am trying to come up with a workable solution in managing numerous Mac workstations allowing a high degree of flexibility with regards to certs. My puppet environment is setup to application installation on machines that have been ''imaged'' with a base OS and the puppet and facter apps. So, when a Mac is ''imaged'' and subsequently re-booted, puppet is run at

Hi, I am using the cloud provisioner to bootstrap some ec2 nodes, and these clients are signed using a randomly generated certname, which is put in /etc/puppet.conf at the bootstrap time (eg certname = d7bcd693-73fd-495f-0876-ff91ea11111e). But my puppet code repo also manages the puppet.conf file, so the file will be overwritten on the client at the first puppet run. Nevertheless, i should not

Nigel Kersten and I had previously worked on a plist provider spec for Mac OS X. Attached is a PDF of the current state. I would appreciate any input and criticisms. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To

Hello, I created a module for modifying the base network settings on a machine. However no matter what changes I make it keeps giving me the error "has different MAC address than expected, ignoring" when the network tries to startup. I am testing this out on the puppet learning VM. Does anyone see anything wrong with my code: init.pp -------------------------- define basehost

Hello! The FAQ contains an entry about autosigning: http://reductivelabs.com/trac/puppet/wiki/FrequentlyAskedQuestions#why-shouldn-t-i-use-autosign-for-all-my-clients It says: > The certificate itself is stored, so two nodes could not connect with the same CN I tried this (using 0.25.4), and actually, that doesn''t seem to be correct. I was able to run puppetd on two different

I recently upgraded my Puppetmaster to 0.24.4 and it looks like my templates are not working properly. All of my clients use the same certificate, built by my original client "xx". I do this using the certname=blah parameter in the puppet.conf on each client. Up until I upgraded each client would use the "xx" certificate (which I had renamed to "blah") and

Hi Everyone, I am using Puppet 2.6.5 to configure fresh VMs. These VMs have their hostname set to localhost.localdomain initially at boot-time. There is this script file that runs in rc.local and this is what I do inside it 1. I change the hostname from localhost to xxx.xxxxxx using the hostname command. 2. start the puppet agent as /usr/sbin/puppetd --certname=xxx.xxxxxx

Started the discussion in puppet users mailing list based on recommendation from luke. This discussion is to a follow up regarding bug#1955 "Could not find server puppet" - installation/configuration error". jamtur01''s last recommendation: Rather than renaming things try the certname option (see http://reductivelabs.com/trac/puppet/wiki/ConfigurationReference). But

Hello... I wanted to be able to startup an EC2 instance with one command and have a fully functioning server without having to shell into each new instance and configure the bits to allow puppet to finish the configuration. Here are some notes I came up with for bootstrapping an ec2 instance with puppet using Ubuntu 10.04. I left out a lot of things about creating and running custom AIM

Hi, I am seeing a performance degradation while using libvirt to start my vm (kvm). vm is fedora 12 and host is also fedora 12, both with 2.6.32.10-90.fc12.i686. Here are the statistics from iperf : >From VM: [ 3] 0.0-30.0 sec 199 MBytes 55.7 Mbits/sec >From host : [ 3] 0.0-30.0 sec 331 MBytes 92.6 Mbits/sec libvirt command as seen from ps output : /usr/bin/qemu-kvm -S -M

Hi, we use kerberos with keytabs on our clients. We do *not* trust root on the clients! One client should never have access to any other client''s keytab. This is my proposed solution to get the keytabs to the clients, any comments welcome! 1. Use file to get /root/.ssh/authorized_keys 2. Use exported resource to let the client "notify" the server that it wants a keytab 3. On

Hi Everybody, I have a puppet setup working, but run into issue, which couldn''t figure out how to solve. Say I have puppet agent generated certificate and signed it on puppet master. If somehow puppet agent''s hostname has been changed it will stop communication with puppet master. I would like to know if there is a way to be able to change hostname of puppet agent, without

hello, I''ve just added a new client to an existing configuration but cannot get it recognised. Both client and server are running 0.24.5, installed on gentoo linux using portage. This is what I dis: Server: /etc/init.d/puppetmaster start * Starting puppetmaster ... [ ok ] Client: puppetd --test warning: peer certificate won''t be verified in this SSL session notice: Did not

Hello a newbie here. The situation is that: 2 machine one master one client Puppet 0.24.5 This my configuration: Client: /etc/puppet/puppetd.conf [puppetd] server = Asus-Vista-Box logdir = /var/log/puppet vardir = /var/lib/puppet rundir = /var/run master /etc/puppet/manifests/classes/sudo.pp class sudo { file { "/etc/sudoers": owner => "root",

Greetings! As you undoubtedly know, the fixes for CVE 2007-5162 in ruby break installations where puppetca has created certificates with a CommonName different from the server's real hostname. The Puppet clients quite correctly complains about hostname mismatch. A number of better and worse solutions have been suggested for this problem, especially in ticket #896. IMHO, there are two good

Hello puppeters; I want to set/test the PuppetShow "Puppet''s Web Interface" with Ruby on Rails (ROR). If somebody has setup such show, please share your experiece with EXAMPLES...I''m not the programmer.so please share your STEPS....I have setup the ROR environment, currently learning Rails with different frameworks....HOBO (http://hobocentral.net/) is great for starter

hi, i''m trying to set up my puppetmaster infrastructure with multiple puppetservers behind load balancers in each of our datacenters. i''m using 0.24.6. i''ve read the howto on puppet scalability, and i think i''ve got the ssl config working correct, but i''m noticing that when puppetd is used to build a puppetmaster, some of the files in $vardir/ ssl

Hello Gang, I''m working on scaling my puppet solution, and I''m deploying multiple masters w/ passenger that are going sit behind a load balancer. If anyone is using these type of setup, would you share how you deal with the SSL certs? I''ve been following Bode''s Blog (http://bodepd.com/wordpress/?p=7), and it''s not working to good for me.

Hi, I''m having a problem with extlookup not respecting the ''certname'' parameter[1].  When executing a puppet run with either the --certname or --fqdn parameters, it ends up using the specified SSL certificate and gets the correct node definition applied from the puppetmaster.  However, it still retrieves extlookup data using the node''s actual FQDN, not the one

Hello all, Recently I was asked to start using Puppet as part of our Eucalyptus powered internal cloud. I have been able to set up Puppet and a puppet master on various instances, but what I am running into, is that several of the instances have the same hostname or no hostname when they are first launched, so of course when they try to get a cert from puppetmaster I get an error saying that I