Issue #2128 has been updated by Jacob Helwig.
Jeff McCune wrote: > Also, a couple of points about terminology: > > "node name" or node_name specifically refers to the string value of the > client certificate's distinguished name. At no point should we assume this > is a hostname or something that looks like an FQDN. We should file bugs for > anything we find in the system where node_name must look like a hostname or > fully qualified domain name. > > "node identifier" is a more abstract term we've been using to describe the > desired behavior. We do still need a unique way to identify nodes. This > ticket is stating that the node identifier and the node name should not be > tightly coupled. Specifically, the node identifier should be able to be > stored and presented to the master as a custom fact. > > The node identifier should be used in all situations where a node needs to be > identified. e.g. when submitting a report, when asking for a catalog (in all > cases, site.pp _and_ custom terminuses), when storing facts, and when > retrieving files and plugins. > > The one final thing to note is that _all_ authorization should continue to be > done with the node name and _not_ the node identifier. This is because the > node name is the only piece of information digitally signed by the certificat > authority and as such is the root of all trust in the Puppet security model. > > So, in summary: > > * node_name == cert DN > * node_name != hostname > * node_name != fqdn > * node id = defaults to node_name > * node id = could be switched to another fact > * node id = used for all API requests > * node_name = used for all API authorizations The changes Nick and I have been working on do introduce a new setting (`node_name_value`) that defaults to the `certname` setting, which is settable via the command line, and config file. This setting is used everywhere we were previously using `certname` in the code to identify the node. There is also another new setting (`node_name_fact`) which will set the `node_name_value` setting from the value of the specified fact. These two new settings cannot both be set at the same time. ---------------------------------------- Feature #2128: Allow arbitrary fact as node_name identifier https://projects.puppetlabs.com/issues/2128 Author: Bill Bartlett Status: Accepted Priority: High Assignee: Category: node Target version: 2.6.x Affected Puppet version: 0.24.7 Keywords: Branch: Currently, the only fact available as a node_name identifier is the hostname. I would like to have the capability of having any fact be the node_name identifier. Use Case: The reason this discussion came about is EC2. When an EC2 node is brought up, the hostname is not known. If we were to have a large, auto-scaling infrastructure, it is currently very difficult (impossible?) to automate bringing these EC2 nodes into puppet. One possible solution is to allow any fact as a node_name, and then for each particular EC2 instance type that one would need scaling (apache, memcache, mysql all come to mind among many others), the AMI would be customized with a custom fact. An example could be a fact called "hostclass" that would then be set to "ec2_apache", "ec2_memcache", or similar. This allows the auto-created machine, which we would otherwise be unable to differentiate from any other EC2 node, access to puppet in an automated way. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
