Thanks Jeff,
Assuming we will worry about security later.
Is it possible to use arbitrary name in both client cert's CN and in
nodes.pp?
E.g. in node.pp we have:
node "MyMachine1" { xxx }
In client's cert the CN="MyMachine1"
Where MyMachine1 is neither the IP address nor the fqdn.
Then when the client connects the master will look into its CN, and return
the catalog of "MyMachine1".
Thanks
-Yushu
On Fri, Jul 30, 2010 at 5:55 PM, Jeff McCune <[email protected]> wrote:
> On Fri, Jul 30, 2010 at 10:35 AM, Yushu Yao <[email protected]> wrote:
> > Hi experts,
> >
> > Is there a way to specify in the nodes.pp sections with the ip address of
> > the client?
> > Currently I only saw instructions to use wildcarded hostnames.
> >
> > Thanks a lot
>
> You can configure [1] the master to use facter rather than the
> certificate common name for the node name. Note, however, this poses
> a risk since the fact list is presented by the agent and may be
> forged. If you configure the master to use facter then you would have
> to force the "hostname" to actually be the ipaddress by modifying the
> hostname fact itself.
>
> I in no way recommend this configuration and actively discourage it.
> It should do what you want though.
>
> node_name
> How the puppetmaster determines the client’s identity and sets the
> ‘hostname’, ‘fqdn’ and ‘domain’ facts for use in the manifest, in
> particular for determining which ‘node’ statement applies to the
> client. Possible values are ‘cert’ (use the subject’s CN in the
> client’s certificate) and ‘facter’ (use the hostname that the client
> reported in its facts)
> Default: cert
>
> [1]
> http://docs.puppetlabs.com/references/latest/configuration.html#node_name
>
> Hope this helps,
> --
> Jeff McCune
> http://www.puppetlabs.com/
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to
> [email protected]<puppet-users%[email protected]>
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
