certname in puppet have to be lowercase, that was probably your issue.

Here's the script I'm going to use to execute puppet on my macs. I  
will have a launchd job that executes the script every hour. You might  
be able to extract what you need from this script

---
Thanks,

Allan Marcus
505-667-5666



#!/bin/sh

# Script to run puppet and use the "correct" certname
# we need the certname to be unique, so hostname is not great

# by Allan Marcus of LANL

# Version History
# 2009-07-08: initial version

# this script is run from a launchd job

# this suffix is added to the value to make it look like a FQDN.
# This allows for auto sign to work on the server with a simply wildcard
SUFFIX=mycompany.com

# see if the MAC_UID is in nvram already
MAC_UID=`nvram MAC_UID 2>/dev/null | awk '{print $2}'`
if [ -z "$MAC_UID" ]; then
        # flag that nothing is in nvram yet
        NVRAM="no"
fi

# get the serial number for this Mac
if [ -z "$MAC_UID" ]; then
        MAC_UID=`facter | grep sp_serial_number | awk '{print $3}'`
fi

# if the MAC_UID is still null
# get the primary MAC address
if [ -z "$MAC_UID" ]; then
        MAC_UID=`facter | grep 'macaddress =>' | awk '{print $3}'`
fi

# if all the above fails, get the hostname
if [ -z "$MAC_UID" ]; then
        MAC_UID=`hostname`
fi      

# assuming we have something, write it to nvram
# getting it from nvram is much faster and is limited to this
# specific computer
if [ '$NVRAM' == 'no' ]; then
        # cert names must be lowercase
        MAC_UID=`echo $MAC_UID | tr "[:upper:]" "[:lower:]"`
        MAC_UID=${MAC_UID}.${SUFFIX}
        nvram MAC_UID=${MAC_UID}
fi

RESULTS=`puppetd -o --no-daemonize -v --certname=$MAC_UID 2>&1`
RESULTS=`echo $RESULTS | grep 'Certificate request does not match  
existing certificate'`

if [ -z "$RESULTS" ]; then
        exit 0  
else
        echo "Need to clean the cert $MAC_UID"
         #eventually this will be a curl call to a CGI to clean the cert
fi

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to 
[email protected]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to