On 2011-04-26, Norvell, Preston <[email protected]> wrote: > Reading through it, I have a couple comments: > - I have found no need to modify anything in /etc/certmaster on either the > overlords or minions
I use the EPEL packages, and they have certmaster=certmaster in /etc/certmaster/minion.conf, and then the minions fails to start. > - Depending on where you get your RPM (I get mine currently from > RPMForge), it may want to install/run certmaster by default. It should > be disabled. Oh.. I hadn´t noticed. Thanks! IMHO that´s a bug in the packaging... skvidal ? > - There is a nascent puppet module to manage minion and overlord > configurations here: http://forge.puppetlabs.com/rodjek/func. I used it as > the beginning of my work and hope to push the changes back up stream to the > author. It might be good to let folks know it exists. I wrote my own yesterday -> http://blag.tanso.net/2011/04/13-puppet-as-certmaster-for-func/ > - I found that I needed to create an acl file in /etc/minion-acl.d with the > hostname-certhash of the overlord/puppetmaster on each minion, because rather > than defaulting to "*" it defaults to "foo" (literally) for the acl. I didn´t need that. My minion-acl.d/ is empty, and I can access the minions from the overlord. Hmm.. guess I need to understand the access control model of func better.. -jf _______________________________________________ Func-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/func-list
