On Tue, 2011-04-26 at 21:29 +0200, Jan-Frode Myklebust wrote: > On 2011-04-26, Norvell, Preston <[email protected]> wrote: > > Reading through it, I have a couple comments: > > - I have found no need to modify anything in /etc/certmaster on either the > > overlords or minions > > I use the EPEL packages, and they have certmaster=certmaster in > /etc/certmaster/minion.conf, and then the minions fails to start. > > > - Depending on where you get your RPM (I get mine currently from > > RPMForge), it may want to install/run certmaster by default. It should > > be disabled. > > Oh.. I hadn´t noticed. Thanks! > > IMHO that´s a bug in the packaging... skvidal ? > > > - There is a nascent puppet module to manage minion and overlord > > configurations here: http://forge.puppetlabs.com/rodjek/func. I used it as > > the beginning of my work and hope to push the changes back up stream to the > > author. It might be good to let folks know it exists. > > I wrote my own yesterday -> > > http://blag.tanso.net/2011/04/13-puppet-as-certmaster-for-func/ > > > - I found that I needed to create an acl file in /etc/minion-acl.d with the > > hostname-certhash of the overlord/puppetmaster on each minion, because > > rather than defaulting to "*" it defaults to "foo" (literally) for the acl. > > I didn´t need that. My minion-acl.d/ is empty, and I can access the minions > from the overlord. Hmm.. guess I need to understand the access control > model of func better.. > >
the acls are for minion-to-minion. so you can say 'this minion can run these modules/methods on this other minion' -sv _______________________________________________ Func-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/func-list
