In case someone else sees something similar, this appears to have been my fault. I am not certain how, but I mangled the SNIPPET line for the kickstart_start and kickstart_done lines in my templates.
Somehow I ended up with:
$kickstart_start
...
$kickstart_done
instead of:
$SNIPPET('kickstart_start')
...
$SNIPPET('kickstart_done')
I still have to figure out how to manually trigger the install_post_puppet.py
script, but I believe that will be fixed by a little more reading.
Thanks,
Jim Goddard
Date: Fri, 6 Jan 2012 10:50:46 -0800
From: "Jim Goddard" <jgodd...@gmi-mr.com>
To: <cobbler@lists.fedorahosted.org>
Subject: Cobbler 2.2.1 not removing/signing puppet certs
Message-ID:
<db1915efb5825b46ad2448d173b62a170585a...@corp-msg-01.corp.gmi.lcl>
Content-Type: text/plain; charset="iso-8859-1"
Hello all,
I am not positive that this happened in concurrence with my upgrading cobbler
to 2.2.1 from the el5 2.0.11 version, but I haven't changed that much aside
from that.
I was having problems before in that cobbler seemed to fire off the command to
sign new puppet certs way too late, which I had never successfully figured out
why. Now it is not ever firing that task.
Now, however, cobbler is not removing old certs either. I have the following
puppet related settings in my /etc/cobbler/settings file, and cobbler sync
doesn't generate any warnings.
puppet_auto_setup: 1
sign_puppet_certs_automatically: 1
puppetca_path: "/usr/sbin/puppetca"
remove_old_puppet_certs_automatically: 1
my puppet master is on the same machine as my cobbler server. I don't see
anything in the logs after december 16th indicating that cobbler has kicked off
the puppetca tasks:
Fri Dec 16 15:35:09 2011 - INFO | running: ['/usr/sbin/puppetca', '--clean',
'XXXX']
Fri Dec 16 16:14:07 2011 - INFO | running: ['/usr/sbin/puppetca', '--sign',
'XXXX']
New machines brought online get their puppet cert added to the puppet master.
Any ideas where to look into this further? The only change I have made to the
puppet_register_if_enabled snippet is that I have the snippet load the correct
auth.conf and puppet.conf files. Reverting that change makes no difference in
the cobbler->puppet interactions.
Thanks,
Jim Goddard
<<winmail.dat>>
_______________________________________________ cobbler mailing list cobbler@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/cobbler
