Re: [Puppet Users] controlling argument passed to ENC script for AWS
I think I have this resolved. the certname was in fact the solution. I had a permissions problem that looked like things weren't working correctly. Once I got that straightened out the value passed into my ENC script (vpc-id plus hostname) worked fine. Thanks On Thu, Feb 27, 2014 at 4:19 PM, Patrick Kelso patr...@teamkelso.orgwrote: On Fri, Feb 28, 2014 at 8:57 AM, John Pyeatt john.pye...@singlewire.com wrote: I am trying to use one puppetmaster to support multiple AWS VPCs. In other words, I am trying to have one puppetmaster support multiple independent networks. The problem with this is that it is possible for machines on two different VPCs to have the same hostname/ipaddress. I use an ENC script on the puppetmaster to classify what types of classes to load to an agent machine based on the hostname that is passed to the ENC script. But the hostname isn't enough information because as I mentioned above, two different agents might have the same hostname but live in different VPCs. Is there any way to customize the identifier that is passed from the agent to the enc script on the puppetmaster? Ideally, I would like to pass the vpc-id and the hostname. That would guarantee uniqueness. I looked at the puppet inventory service a bit, but I don't think that would solve my problem either. John, Have you had a look at using the Amazon AMI metadata? Set a customer tag for the VPC env and use it with Puppet. This is what I've used to solve a similar issue. http://stackoverflow.com/a/19785580 Regards, Patrick Kelso -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CANf9H4YLNVvJ0iDVKVSMojPpUQGQ5cJoFXq87%3DJ%3DP3JnrvFNgQ%40mail.gmail.com . For more options, visit https://groups.google.com/groups/opt_out. -- John Pyeatt Singlewire Software, LLC www.singlewire.com -- 608.661.1184 john.pye...@singlewire.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAEisTL%3DTEx7CF4iAzeUYVa-yfwJ1z-YxkUKJyRR5FA7RNquAkQ%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] controlling argument passed to ENC script for AWS
I am trying to use one puppetmaster to support multiple AWS VPCs. In other words, I am trying to have one puppetmaster support multiple independent networks. The problem with this is that it is possible for machines on two different VPCs to have the same hostname/ipaddress. I use an ENC script on the puppetmaster to classify what types of classes to load to an agent machine based on the hostname that is passed to the ENC script. But the hostname isn't enough information because as I mentioned above, two different agents might have the same hostname but live in different VPCs. Is there any way to customize the identifier that is passed from the agent to the enc script on the puppetmaster? Ideally, I would like to pass the vpc-id and the hostname. That would guarantee uniqueness. I looked at the puppet inventory service a bit, but I don't think that would solve my problem either. -- John Pyeatt Singlewire Software, LLC www.singlewire.com -- 608.661.1184 john.pye...@singlewire.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAEisTLmNnN7AyfdxgAWvAHrgB3G9O4c_pk1eT%2BPkOh5b7%3Ddv9g%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] controlling argument passed to ENC script for AWS
(inline) On Thu, Feb 27, 2014 at 03:57:21PM -0600, John Pyeatt wrote: I am trying to use one puppetmaster to support multiple AWS VPCs. In other words, I am trying to have one puppetmaster support multiple independent networks. The problem with this is that it is possible for machines on two different VPCs to have the same hostname/ipaddress. If two machines have the same ip address, how does your puppetmaster route to them both? I use an ENC script on the puppetmaster to classify what types of classes to load to an agent machine based on the hostname that is passed to the ENC script. This sounds like you want to use a non-hostname certname, set in the puppet.conf on build. http://docs.puppetlabs.com/references/latest/configuration.html#certname But the hostname isn't enough information because as I mentioned above, two different agents might have the same hostname but live in different VPCs. Is there any way to customize the identifier that is passed from the agent to the enc script on the puppetmaster? Ideally, I would like to pass the vpc-id and the hostname. That would guarantee uniqueness. I looked at the puppet inventory service a bit, but I don't think that would solve my problem either. -- John Pyeatt Singlewire Software, LLC [1]www.singlewire.com -- 608.661.1184 [2]john.pye...@singlewire.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit [3]https://groups.google.com/d/msgid/puppet-users/CAEisTLmNnN7AyfdxgAWvAHrgB3G9O4c_pk1eT%2BPkOh5b7%3Ddv9g%40mail.gmail.com. For more options, visit [4]https://groups.google.com/groups/opt_out. References Visible links 1. http://www.singlewire.com/ 2. mailto:john.pye...@singlewire.com 3. https://groups.google.com/d/msgid/puppet-users/CAEisTLmNnN7AyfdxgAWvAHrgB3G9O4c_pk1eT%2BPkOh5b7%3Ddv9g%40mail.gmail.com 4. https://groups.google.com/groups/opt_out -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20140227224529.GA4547%40iniquitous.heresiarch.ca. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] controlling argument passed to ENC script for AWS
See comments below. On Thu, Feb 27, 2014 at 4:45 PM, Christopher Wood christopher_w...@pobox.com wrote: (inline) On Thu, Feb 27, 2014 at 03:57:21PM -0600, John Pyeatt wrote: I am trying to use one puppetmaster to support multiple AWS VPCs. In other words, I am trying to have one puppetmaster support multiple independent networks. The problem with this is that it is possible for machines on two different VPCs to have the same hostname/ipaddress. If two machines have the same ip address, how does your puppetmaster route to them both? (I thought it was the agent that was initiating the connection, not the puppetmaster, so in that context the ip address of the agent doesn't matter. In the ENC processing it does). I use an ENC script on the puppetmaster to classify what types of classes to load to an agent machine based on the hostname that is passed to the ENC script. This sounds like you want to use a non-hostname certname, set in the puppet.conf on build. http://docs.puppetlabs.com/references/latest/configuration.html#certname (That's different. That's the name of the certificate as it is stored in /etc/puppet/ssl/cert/signed.) What I need to control is the value for the first, and only argument that is passed to the ENC. But the hostname isn't enough information because as I mentioned above, two different agents might have the same hostname but live in different VPCs. Is there any way to customize the identifier that is passed from the agent to the enc script on the puppetmaster? Ideally, I would like to pass the vpc-id and the hostname. That would guarantee uniqueness. I looked at the puppet inventory service a bit, but I don't think that would solve my problem either. -- John Pyeatt Singlewire Software, LLC [1]www.singlewire.com -- 608.661.1184 [2]john.pye...@singlewire.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit [3] https://groups.google.com/d/msgid/puppet-users/CAEisTLmNnN7AyfdxgAWvAHrgB3G9O4c_pk1eT%2BPkOh5b7%3Ddv9g%40mail.gmail.com . For more options, visit [4]https://groups.google.com/groups/opt_out. References Visible links 1. http://www.singlewire.com/ 2. mailto:john.pye...@singlewire.com 3. https://groups.google.com/d/msgid/puppet-users/CAEisTLmNnN7AyfdxgAWvAHrgB3G9O4c_pk1eT%2BPkOh5b7%3Ddv9g%40mail.gmail.com 4. https://groups.google.com/groups/opt_out -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20140227224529.GA4547%40iniquitous.heresiarch.ca . For more options, visit https://groups.google.com/groups/opt_out. -- John Pyeatt Singlewire Software, LLC www.singlewire.com -- 608.661.1184 john.pye...@singlewire.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAEisTLmTEoO-wtSQpkQND20Dw%3DtksedaZZyCngte-d8hr%3DQSZw%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] controlling argument passed to ENC script for AWS
On Fri, Feb 28, 2014 at 8:57 AM, John Pyeatt john.pye...@singlewire.com wrote: I am trying to use one puppetmaster to support multiple AWS VPCs. In other words, I am trying to have one puppetmaster support multiple independent networks. The problem with this is that it is possible for machines on two different VPCs to have the same hostname/ipaddress. I use an ENC script on the puppetmaster to classify what types of classes to load to an agent machine based on the hostname that is passed to the ENC script. But the hostname isn't enough information because as I mentioned above, two different agents might have the same hostname but live in different VPCs. Is there any way to customize the identifier that is passed from the agent to the enc script on the puppetmaster? Ideally, I would like to pass the vpc-id and the hostname. That would guarantee uniqueness. I looked at the puppet inventory service a bit, but I don't think that would solve my problem either. John, Have you had a look at using the Amazon AMI metadata? Set a customer tag for the VPC env and use it with Puppet. This is what I've used to solve a similar issue. http://stackoverflow.com/a/19785580 Regards, Patrick Kelso -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CANf9H4YLNVvJ0iDVKVSMojPpUQGQ5cJoFXq87%3DJ%3DP3JnrvFNgQ%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
