Issue #17198 has been updated by Edwin Starkey.
Status changed from Needs More Information to Closed
I changed
$extlookup_precedence = [ 'hostnames/%{fqdn}', 'hostgroups/%{hostgroup}',
'common' ]
to
$extlookup_precedence = [ 'hostnames/%{clientcert}',
'hostgroups/%{hostgroup}', 'common' ]
Now extlookup accesses the correct file based on hostname. It seems that even
when you override the fqdn by using the --fqdn parameter on the command-line,
the puppetmaster still sees 'fqdn' as the value of the node's 'fqdn' fact.
Maybe this is the intended behavior.
----------------------------------------
Bug #17198: extlookup does not respect certname parameter
https://projects.puppetlabs.com/issues/17198#change-75043
Author: Edwin Starkey
Status: Closed
Priority: High
Assignee: Edwin Starkey
Category: ext
Target version:
Affected Puppet version: 2.7.9
Keywords: extlookup
Branch:
To provide some background info, in my environment there are two teams -
sysadmins and developers.
There many servers which end up having non-unique hostnames (examples:
localhost, app1, node1, etc.). From the developer's perspective, that's how it
should be (they have additional justifications but I won't detail all of them
here). From the sysadmin's perspective, each server should somehow be uniquely
identifiable in order to get the correct set of puppet modules applied to it.
I thought an easy solution would be to simply execute the puppet agent on each
node using an additional parameter specifying the hostname (--fqdn or
--certname). That way, the developers could name the host whatever they
wanted, and the correct puppet configuration would still be applied.
It does work, but with one caveat - extlookups continue to use the fqdn
supplied by facter and not the one specified when executing puppet. I
confirmed this by attaching strace to the puppetmaster.
On the client:
[root@localhost ~]# puppet agent --certname foobar.mydomain.com --test
--noop
info: Retrieving plugin
info: Caching catalog for foobar.mydomain.com
info: Applying configuration version '1351113554'
notice: Finished catalog run in 2.59 seconds
[root@localhost ~]#
It looks good so far - the server's actual hostname is localhost but by using
the --certname parameter, puppet used the specified hostname.
On the puppetmaster:
[pid 19398]
stat("/etc/puppet/environments/production/manifests/extdata/.csv",
0x7fff53ff6ee0) = -1 ENOENT (No such file or directory)
[pid 19398]
stat("/etc/puppet/environments/production/manifests/extdata/hostnames/localhost.mydomain.com.csv",
0x7fff53ff4cc0) = -1 ENOENT (No such file or directory)
[pid 19398]
stat("/etc/puppet/environments/production/manifests/extdata/hostgroups/localhost.csv",
0x7fff53ff4cc0) = -1 ENOENT (No such file or directory)
[pid 19398]
stat("/etc/puppet/environments/production/manifests/extdata/common.csv",
{st_mode=S_IFREG|0644, st_size=1451, ...}) = 0
[pid 19398]
open("/etc/puppet/environments/production/manifests/extdata/common.csv",
O_RDONLY) = 17
As you can see, the puppetmaster is not using the specified certname when
performing the extlookup.
I tried using both --certname and the --fqdn parameters, both returned the same
result. I think this is a bug.
Thanks.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
