thanks! this is what i suspected. but, my core issue then, it would seem, is that the node_aws cloud provisioner does not run the puppet agent in sudo.
i think this is the case, because when i provision a new agent via node_aws and provide a --certname, the autosigning process ignores it and uses the inferred certname instead. meaning whenever i bootstrap a node, i need to log in and reconfigure, which makes no sense. what can i do to work around this? thanks again. On Sun, Jul 8, 2012 at 5:12 PM, Nan Liu <n...@puppetlabs.com> wrote: > On Fri, Jul 6, 2012 at 9:35 AM, catshirt <n...@thefuture.fm> wrote: > > hi all, > > > > just started using puppet and i think it's great. but i'm having a > number of > > problems surrounding the authentication of the servers. > > > > on a fresh master, when i create a new client using the node_aws cloud > > provisioner (using --certname), the agent doesn't respect the generated > > configuration. `certname` is certainly listed under [main] in > puppet.conf, > > so why wouldn't the agent recognize it? > > You are seeing the difference running puppet under root account vs. > the ubuntu account. > > > $ sudo puppet master --configprint certname > > analytics0 > > $ puppet master --configprint certname > > analytics0 > > $ sudo puppet agent --configprint certname > > analytics0 > > $ puppet agent --configprint certname > > domu-x-x-x-x-x-x.compute-1.internal > > When running as root, puppet use the configuration specified in > /etc/puppet/puppet.conf. When running as a normal user such as ubuntu, > puppet use the configuration under ~/.puppet/puppet.conf, so in this > case this file is likely missing and puppet will use the default > certname which is the ec2 instance name as seen above. > > > $ ls -la /etc/puppet/puppet.conf > > -rw-r--r-- 1 root root puppet.conf > > > > this pattern also occurs with the `server` option. i've also other, > > unrelated but similar sudo discrepancies that i think are leading to > other > > problems (for another post...). for instance: > > > > $ sudo puppet agent --configprint ssldir > > /var/lib/puppet/ssl > > $ puppet agent --configprint ssldir > > /home/ubuntu/.puppet/ssl > > So the settings above are correct between root vs. ubuntu user. In > general you need to run sudo puppet to make changes to the system > which should use the correct setting in /etc/puppet/puppet.conf. > > Thanks, > > Nan > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.