On Monday, October 20, 2014 8:12:30 PM UTC-5, Richard wrote: > > thanks, i want to use the ip address as the hostname in kick command,like > kick -p 10 --host 192.168.1.101, but this ssl verify failed. the ip of > every computer probable be changed at any time , so i can't use the ip as > the cert name. >
This objective has nothing to do with what you asked, then. Kick requests are separate from catalog requests already. Have you configured your nodes as described in the documentation <https://docs.puppetlabs.com/references/3.6.1/man/kick.html#USAGE-NOTES>? In particular, have you configured the node's auth.conf as described? Perhaps you have, because it sounds like its the master that is complaining about authentication. If that's the case -- though I don't know why it should be if the node permits unauthenticated kicks -- then you are probably out of luck. Generically speaking, the SSL verification is trying to check that the certificate received belongs to the machine to which you thought you were connecting, by matching a known machine identifier to one of the names recorded in its certificate. If the only machine identifier you have is a transient one, then such verification cannot work. Perhaps you do have a persistent ID you could use, though. For example, you could use MAC address for your certnames. Supposing that you have a mapping between MAC addresses and IP numbers (e.g. from your DHCP server), then I suspect you could patch something together. Not so easily though -- the kinds of things I have in mind probably would require writing a custom name service plugin for use on the master. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/0ea92371-4758-4922-b75b-4a2fe4e3fa45%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.