Just to add: The reason I wanted to do this: 1. I want to create the certificates before the VMs are created. The VMs will need to run puppet client 2. However, before a VM is created, I don't know the IP nor the FQDN of the VM. That's why I'm thinking of using an arbitrary name. 3. I want to use the same set of certs to authenticate the communication between the VMs and another APACHE server.
Any comments on how to do this is greatly appreciated. -Yushu On Wed, Aug 11, 2010 at 11:02 AM, Yushu Yao <y...@lbl.gov> wrote: > Thanks Jeff, > > Assuming we will worry about security later. > > Is it possible to use arbitrary name in both client cert's CN and in > nodes.pp? > > E.g. in node.pp we have: > > node "MyMachine1" { xxx } > > In client's cert the CN="MyMachine1" > > Where MyMachine1 is neither the IP address nor the fqdn. > > Then when the client connects the master will look into its CN, and return > the catalog of "MyMachine1". > > Thanks > > -Yushu > > > > > > > > On Fri, Jul 30, 2010 at 5:55 PM, Jeff McCune <j...@puppetlabs.com> wrote: > >> On Fri, Jul 30, 2010 at 10:35 AM, Yushu Yao <yao.yu...@gmail.com> wrote: >> > Hi experts, >> > >> > Is there a way to specify in the nodes.pp sections with the ip address >> of >> > the client? >> > Currently I only saw instructions to use wildcarded hostnames. >> > >> > Thanks a lot >> >> You can configure [1] the master to use facter rather than the >> certificate common name for the node name. Note, however, this poses >> a risk since the fact list is presented by the agent and may be >> forged. If you configure the master to use facter then you would have >> to force the "hostname" to actually be the ipaddress by modifying the >> hostname fact itself. >> >> I in no way recommend this configuration and actively discourage it. >> It should do what you want though. >> >> node_name >> How the puppetmaster determines the client’s identity and sets the >> ‘hostname’, ‘fqdn’ and ‘domain’ facts for use in the manifest, in >> particular for determining which ‘node’ statement applies to the >> client. Possible values are ‘cert’ (use the subject’s CN in the >> client’s certificate) and ‘facter’ (use the hostname that the client >> reported in its facts) >> Default: cert >> >> [1] >> http://docs.puppetlabs.com/references/latest/configuration.html#node_name >> >> Hope this helps, >> -- >> Jeff McCune >> http://www.puppetlabs.com/ >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-us...@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com> >> . >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> >> > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.