Issue #2128 has been updated by Jeff McCune.
Also, a couple of points about terminology: "node name" or node_name specifically refers to the string value of the client certificate's distinguished name. At no point should we assume this is a hostname or something that looks like an FQDN. We should file bugs for anything we find in the system where node_name must look like a hostname or fully qualified domain name. "node identifier" is a more abstract term we've been using to describe the desired behavior. We do still need a unique way to identify nodes. This ticket is stating that the node identifier and the node name should not be tightly coupled. Specifically, the node identifier should be able to be stored and presented to the master as a custom fact. The node identifier should be used in all situations where a node needs to be identified. e.g. when submitting a report, when asking for a catalog (in all cases, site.pp _and_ custom terminuses), when storing facts, and when retrieving files and plugins. The one final thing to note is that _all_ authorization should continue to be done with the node name and _not_ the node identifier. This is because the node name is the only piece of information digitally signed by the certificat authority and as such is the root of all trust in the Puppet security model. So, in summary: * node_name == cert DN * node_name != hostname * node_name != fqdn * node id = defaults to node_name * node id = could be switched to another fact * node id = used for all API requests * node_name = used for all API authorizations ---------------------------------------- Feature #2128: Allow arbitrary fact as node_name identifier https://projects.puppetlabs.com/issues/2128 Author: Bill Bartlett Status: Accepted Priority: High Assignee: Category: node Target version: 2.6.x Affected Puppet version: 0.24.7 Keywords: Branch: Currently, the only fact available as a node_name identifier is the hostname. I would like to have the capability of having any fact be the node_name identifier. Use Case: The reason this discussion came about is EC2. When an EC2 node is brought up, the hostname is not known. If we were to have a large, auto-scaling infrastructure, it is currently very difficult (impossible?) to automate bringing these EC2 nodes into puppet. One possible solution is to allow any fact as a node_name, and then for each particular EC2 instance type that one would need scaling (apache, memcache, mysql all come to mind among many others), the AMI would be customized with a custom fact. An example could be a fact called "hostclass" that would then be set to "ec2_apache", "ec2_memcache", or similar. This allows the auto-created machine, which we would otherwise be unable to differentiate from any other EC2 node, access to puppet in an automated way. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
