On Tue, Jul 13, 2010 at 3:59 AM, Trevor Vaughan <[email protected]> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Are you sure?
>
> When I did this patch, and let puppet rebuild, the CN did appear to be
> set to the new name.
>
> Example: CN=puppet-ca.test.net
>
> Oh, and I forgot that you can't use '_' in a proper FQDN for my example
> below.
OK, I understand what's going on now.
So, there is no requirement the CN field should actually look like a
hostname. In fact, it should not look like a hostname to prevent
confusion in my opinion.
I was confused and thought you were appending information to the fqdn
fact, where as you are actually to be modifying the hostname with the
domain appended somewhere else in the code.
In Puppet 2.6.x the --ca_name configuration setting makes all of this
a moot point, though the default should still not use fqdn or hostname
+ domain as the default value as I have filed in . If you need this
to work in 0.25.x, I strong recommend changing your patch to *prepend*
something to the CN field rather than appending something to the
hostname portion of the FQDN.
A CN of "Puppet CA - puppet.test.net" is perfectly valid and
preferable in my opinion to puppet-ca.test.net, which probably isn't a
valid host fqdn.
Please try your fix if you need it in 0.25.x using something like:
name = "Puppet CA - #{Facter["fqdn"].value}"
This will both prevent the issue of the CA CN field matching the SSL
CN field and the issue of confusing FQDN's in the CN field.
I've created issue #4226 to track this change:
http://projects.puppetlabs.com/issues/4226
--
Jeff McCune
http://www.puppetlabs.com/
--
You received this message because you are subscribed to the Google Groups
"Puppet Developers" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-dev?hl=en.
