Just to add:
The reason I wanted to do this:
1. I want to create the certificates before the VMs are created. The VMs
will need to run puppet client
2. However, before a VM is created, I don't know the IP nor the FQDN of the
VM. That's why I'm thinking of using an arbitrary name.
3. I want to use the same set of certs to authenticate the communication
between the VMs and another APACHE server.
Any comments on how to do this is greatly appreciated.
-Yushu
On Wed, Aug 11, 2010 at 11:02 AM, Yushu Yao <y...@lbl.gov> wrote:
> Thanks Jeff,
>
> Assuming we will worry about security later.
>
> Is it possible to use arbitrary name in both client cert's CN and in
> nodes.pp?
>
> E.g. in node.pp we have:
>
> node "MyMachine1" { xxx }
>
> In client's cert the CN="MyMachine1"
>
> Where MyMachine1 is neither the IP address nor the fqdn.
>
> Then when the client connects the master will look into its CN, and return
> the catalog of "MyMachine1".
>
> Thanks
>
> -Yushu
>
>
>
>
>
>
>
> On Fri, Jul 30, 2010 at 5:55 PM, Jeff McCune <j...@puppetlabs.com> wrote:
>
>> On Fri, Jul 30, 2010 at 10:35 AM, Yushu Yao <yao.yu...@gmail.com> wrote:
>> > Hi experts,
>> >
>> > Is there a way to specify in the nodes.pp sections with the ip address
>> of
>> > the client?
>> > Currently I only saw instructions to use wildcarded hostnames.
>> >
>> > Thanks a lot
>>
>> You can configure [1] the master to use facter rather than the
>> certificate common name for the node name. Note, however, this poses
>> a risk since the fact list is presented by the agent and may be
>> forged. If you configure the master to use facter then you would have
>> to force the "hostname" to actually be the ipaddress by modifying the
>> hostname fact itself.
>>
>> I in no way recommend this configuration and actively discourage it.
>> It should do what you want though.
>>
>> node_name
>> How the puppetmaster determines the client’s identity and sets the
>> ‘hostname’, ‘fqdn’ and ‘domain’ facts for use in the manifest, in
>> particular for determining which ‘node’ statement applies to the
>> client. Possible values are ‘cert’ (use the subject’s CN in the
>> client’s certificate) and ‘facter’ (use the hostname that the client
>> reported in its facts)
>> Default: cert
>>
>> [1]
>> http://docs.puppetlabs.com/references/latest/configuration.html#node_name
>>
>> Hope this helps,
>> --
>> Jeff McCune
>> http://www.puppetlabs.com/
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-us...@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com>
>> .
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
