Hi all,
till today we had a *.our.doamin in autosign.conf. So any host from
our.domain could get a signed certificate if it contacts our master.
But we've decide to move that "*" to a complet list of hostnames.
So, I've pasted all the names to autosign file, restarted master (not
sure if needed) So far, so good. So, I removed one name from autosign
file, clean its cert, and ran puppet on the host, but it's still able
to contact master and get its catalogue when it's supposed to get any
kind of error.
So, how is it possible? where am I'm missunderstanding autosign
behiavour?
# puppetmasterd --genconfig|grep autosign
# Whether to enable autosign. Valid values are true (which
# autosigns any key request, and is a very bad idea), false (which
# never autosigns any key request), and the path to a file, which
# The default value is '$confdir/autosign.conf'.
autosign = /etc/puppet/autosign.conf
# wc -l /etc/puppet/autosign.conf
660 /etc/puppet/autosign.conf
# grep tditaller027.pic.es /etc/puppet/autosign.conf
#
[root@tditaller027 ~]# puppetd --test --server ser01.pic.es
info: Retrieving plugin
info: Loading facts in odd_ip
info: Loading facts in odd_ip
info: Caching catalog for tditaller027.pic.es
info: Applying configuration version '1305815351'
notice: Finished catalog run in 33.76 seconds
# rpm -qa|grep puppet
puppet-2.6.1-0.6.el5
puppet-server-2.6.1-0.6.el5
same version on client.
TIA,
Arnau
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
