On Jun 21, 2010, at 12:04 AM, christopher floess wrote:
>
>
> On 06/20/2010 08:47 PM, Patrick Mohr wrote:
>> You've got some problems that are caused because the packages didn't do
>> things you need done, and other problems that are unrelated.
>>
>> On the clients, puppetd will automatically look for the server at puppet,
>> and should use the search domain. You really want to change DNS so that the
>> puppetmaster has a DNS name of puppet. If it's working, "ping puppet"
>> should ping the puppet master. At this point the server flag should be
>> needed anymore.
>>
> So the certificate would need to be regenerated at this point. Is it just a
> matter of:
>
> Is it a matter of changing:
>
> 1. certname = servercharlie.bestgroup
>
> to
>
> certname = puppet
>
> 2. restart puppetmasterd (does puppetmasterd know to reconfigure the
> certificates?)
>
> 3. change /etc/hosts/ entry on client node (I guess /etc/puppet/ssl/ has to
> be deleted?)
>
> 4. rerun puppetca on the master.
>
> Sorry, this may seem trivial, but I don't feel like breaking the setup at
> this point.
Because you don't want to re-setup the clients, or because you're worried about
breaking it? Actually, the certificate might already have "puppet" and
"puppet.bestgroup" as aliases.
On the other hand, I was assuming you control DNS for all the clients in one or
two central locations. If you aren't going to use DNS to push the puppet
server's ip, it's probably not worth the bother. It's just nice to do that
because that way you can point the clients are a different location if you need
to. Often in this situation, you can't use puppet to do that, because puppet
is broken.
My fault on the logs. You also need this directory in Ubuntu:
Permissions User Group Location
drwxr-x--- puppet puppet /var/log/puppet
I'm guessing that puppet puts the logs there by default, but it might be a
different location since we aren't using the same distro and package.
If the server certificate has the wrong common name, you shouldn't need to
touch the clients. I think you could fix it by following these steps. I have
not tested this. If you attempt it, make sure you have a very good backup. I
only think this *should* work.
service puppetmaster stop
rm /var/lib/puppet/ssl/certs/{Server Name Here}.pem
rm /var/lib/puppet/ssl/private_keys/{Server Name Here}.pem
Change the common name to what ever you need.
service puppetmaster start
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
