On Wednesday, August 28, 2013 12:00:21 PM UTC-5, Martin Langhoff wrote: > > On Wed, Aug 28, 2013 at 9:31 AM, jcbollinger > <[email protected]<javascript:>> > wrote: > > If the objective is to render it into a small number of words, > > Just to double-check my understanding is right. If the client-reported > $::hostname does not match the certname, _and_ I am only using 'node > "fqdn"' entries in my Puppet manifests, puppet will use... certname or > client-reported $::hostname? > > The master will always choose the node block to use based on the client's SSL certname (spelled $::clientcert in Puppet DSL). Likewise, if you use an ENC then it is the certname that the master passes to it when requesting a node classification. It is common for $::hostname to have the same value as the certname, but the master itself in no way depends on such a coincidence.
Indeed, some sites intentionally assign certnames that do not match hostnames. For example, they may use MAC addresses instead. That has considerable advantages when machines do not have stable hostnames. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
