Puppet decides what config to give to the host by running the following script (puppet 4 path given as an example) on the puppetserver.
/etc/puppetlabs/puppet/node.rb newserver.samplecompany.com You can run this yourself in a shell on someserver.samplecompany.com and also tail /var/log/foreman/production.log as newserver checks in or you run the script manually, to see what's going on. The same script is responsible for delivering facts to foreman too. The certname is created by puppet on the client (defaults to the host's FQDN) before it ever talks to puppetserver or foreman. The reason adding an A record fixes the problem is because a wildcard CNAME only applies to names that aren't otherwise defined in the zonefile. see http://www.ietf.org/rfc/rfc1912.txt section 2.7 So at a guess I'd say the likely scenario is 1. if you ask newserver.samplecompany.com what it's FQDN is it'll say newserver.samplecompany.com, hence the certname being correct (probably due to /etc/hosts) 2. if you ask someserver.samplecompany.com who newserver.samplecompany.com is, It'll ask DNS and get the answer you have told DNS to give which is someserver.samplecompany.com 3. Something in node.rb is doing a DNS query for newserver.samplecompany.com and using the answer to get the config from foreman and deliver the facts. See no. 2. The solution would be to either explicitly add discrete records for any hosts you want to work with puppet/foreman or remove the wildcard CNAME (and then add records for everything). Unless there is a really compelling reason I'd suggest the latter. -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
