Hi all, till today we had a *.our.doamin in autosign.conf. So any host from our.domain could get a signed certificate if it contacts our master. But we've decide to move that "*" to a complet list of hostnames.
So, I've pasted all the names to autosign file, restarted master (not sure if needed) So far, so good. So, I removed one name from autosign file, clean its cert, and ran puppet on the host, but it's still able to contact master and get its catalogue when it's supposed to get any kind of error. So, how is it possible? where am I'm missunderstanding autosign behiavour? # puppetmasterd --genconfig|grep autosign # Whether to enable autosign. Valid values are true (which # autosigns any key request, and is a very bad idea), false (which # never autosigns any key request), and the path to a file, which # The default value is '$confdir/autosign.conf'. autosign = /etc/puppet/autosign.conf # wc -l /etc/puppet/autosign.conf 660 /etc/puppet/autosign.conf # grep tditaller027.pic.es /etc/puppet/autosign.conf # [root@tditaller027 ~]# puppetd --test --server ser01.pic.es info: Retrieving plugin info: Loading facts in odd_ip info: Loading facts in odd_ip info: Caching catalog for tditaller027.pic.es info: Applying configuration version '1305815351' notice: Finished catalog run in 33.76 seconds # rpm -qa|grep puppet puppet-2.6.1-0.6.el5 puppet-server-2.6.1-0.6.el5 same version on client. TIA, Arnau -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.