On Wednesday, August 11, 2010, Yushu Yao
> Is there a way to change the "ca" to some other name? E.g. foo ?
Yes, there is an option to change the cn field of the ca when puppet
auto generates one. I'm not sure what it is off the top of my head but
please check the configuration reference. I'm gu
Thanks a lot for all of you.
Another question: I saw the CN=ca for the certificate authority.
(e.g. puppetca --list --print --all shows:
...
Issuer: CN=ca
...
Subject: CN=asdf
...
)
Is there a way to change the "ca" to some other name? E.g. foo ?
The reason for this is when I us
Yushu,
This should work...
1. Create the cert with an arbitrary name (puppetca --generate
foo.somethingrandom.bar)
2. You will need some process to sign the cert and copy the private keys to
the client vm because they don't exist at cert creation time. Copying
private keys about is generally fro
Hi,
You may look into how mcollective or foreman[1] handles the certificate
signing processes.
[1] http://theforeman.org
Ohad
On Wed, Aug 11, 2010 at 9:07 PM, Yushu Yao wrote:
> Just to add:
>
> The reason I wanted to do this:
> 1. I want to create the certificates before the VMs are created.
On Wednesday, August 11, 2010, Yushu Yao wrote:
> Thanks Jeff,
>
> Assuming we will worry about security later.
>
> Is it possible to use arbitrary name in both client cert's CN and in nodes.pp?
Yes, this will work.
-Jeff
--
Jeff McCune
http://www.puppetlabs.com/
--
You received this message
Just to add:
The reason I wanted to do this:
1. I want to create the certificates before the VMs are created. The VMs
will need to run puppet client
2. However, before a VM is created, I don't know the IP nor the FQDN of the
VM. That's why I'm thinking of using an arbitrary name.
3. I want to use
Thanks Jeff,
Assuming we will worry about security later.
Is it possible to use arbitrary name in both client cert's CN and in
nodes.pp?
E.g. in node.pp we have:
node "MyMachine1" { xxx }
In client's cert the CN="MyMachine1"
Where MyMachine1 is neither the IP address nor the fqdn.
Then when
On Fri, Jul 30, 2010 at 10:35 AM, Yushu Yao wrote:
> Hi experts,
>
> Is there a way to specify in the nodes.pp sections with the ip address of
> the client?
> Currently I only saw instructions to use wildcarded hostnames.
>
> Thanks a lot
You can configure [1] the master to use facter rather than
Hi experts,
Is there a way to specify in the nodes.pp sections with the ip address of
the client?
Currently I only saw instructions to use wildcarded hostnames.
Thanks a lot
-Yushu
+-+
| Yushu Yao
| Ph:1-510-486-4690
|
| Lawrence Berkeley National
