Hello. I'm using the standard puppetmaster package under Debian etch
(which seems to be 0.20.1). I'm wondering if the behavior I'm seeing
is standard for puppetmaster, or if it's specific to the Debian
package (so I know who to complain to).
The problem is that puppetmaster uses a cert based on the machine's
hostname. I would like the cert to contain the machine's FQDN instead,
since this is how the clients will connect and the names need to match
for SSL negotiation to succeed.
I thought I had gotten around this by temporarily setting the
machine's hostname to its FQDN and starting puppetmaster, then
changing the hostname back, but it seems that puppetmaster re-
evaluates the name every time it starts and generates/uses a new cert
based on hostname if it doesn't already have one, so it's still using
just the hostname in the cert.
The clients could just use the hostname in theory, but the cert
created based on hostname ends up containing "foo." instead of "foo",
and there's no way that will ever resolve on the client.
Also, I've tried setting this in puppet.conf:
[puppetmasterd]
certname=foo.domain.tld
But it doesn't seem to do anything. So, how can I get puppetmaster to
use the FQDN instead of the hostname? Thanks.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
