I need to use certnames as we are an IDC and need to handle large number of instances and have a unique naming convention for each device. We cannot force hostnames on servers(belonging to customers) so our unique device name is forced on the certname.
Anyways.. Can you also shed some light on the mysql error that I am getting... On Thu, Jun 12, 2014 at 6:22 PM, Ken Barber <[email protected]> wrote: > > The files above are my current master and agent configs, I have updated > the > > agent config after your suggestion and it seems to be working great... > > > > But now I will need to update my puppet agent config(for the above change > > and to include postrun_command for "puppet facts upload") on almost 2000 > > agents.. I understand that I can do it via puppet itself but each server > has > > a different certname > > Weird that the certname default doesn't match what you expect. This is > normally a combination of the facter outputs for 'hostname' and > 'domain'. There are ways to adjust the box (like ensuring the > search/domain fields in resolv.conf return the correct domain for > example) to return the correct certname, and its often better to do it > this way, but it might affect other things in strange ways. Its a > complex-ish topic ... if you wanted to go down this route instead of > changing your certname in puppet.conf we can probably help. What > surprises me is that the agent doesn't need this ... > > Otherwise yeah, it can be changed with templates, I'm less of a fan of > forcing the certname in most cases, better to fix it so the defaults > are correct if possible. Ideally the box after provisioning (eg. > razor/foreman/cobbler) should have all the correct settings on it so > certname is always correct straight after provisioning, that way you > avoid chicken-and-egg scenarios with trying to adjust 'certname' > post-provisioning. > > > I guess.. I will need to use templates... but is it correct that any > change > > to puppet.conf is parsed immediately and does not require a restart. > > I believe this to be true? But I'm no puppet expert these days so > things might have changed :-). > > > Thanks a lot for your help once again.. > > Your welcome. > > ken. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/CAE4bNTnu2bU3X2uu6PJbAn8vEpqB7D7Ht4KDAqpLF6nLPU-TRw%40mail.gmail.com > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAEJrXMUEN2uHKu-Q6beW5h-0g%3DtcZpz_YkhHPp%3DW3CnQ9eG9-w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
