func@xxxxxxxxxxxxx wrote:
Here is a patch for certmaster for optionally specifying the name that you wish to use as the minion identifier. If you do nothing, then the original behavior will be preserved (the minion's name will be dynamically derived by the utils.get_hostname() function). If you wish to override this default behavior (which may not be ideal if a server has multiple interfaces and/or aliases) simply add "minion_name = foo.bar" to /etc/certmaster/minion.conf. When funcd is started, it will request a cert as "foo.bar".
eg. if your minion requests a cert as "foo.example.com" and you'd prefer to have it recognized by func as "foo.bar" then edit /etc/certmaster/minion.conf accordingly:
[main]
certmaster = certmaster
...
minion_name = foo.bar
Patch looks good, but I'm curious about the scenario in which it's
needed that the default behaviour or listen_addr set to the
right interface doesn't work.
In the case of the default behaviour, I could see it being odd on a
machine with multiple interfaces/ip's/hostnames as it's
going to pick one of them (in theory, the hostname that the ip of the
interface the connection from minion->certmaster uses) and
that may not be the one want.
If you set listen_addr on the minion, and force the ip, it will still
pick the hostname that ip resolves to on the local machine.
Are you running into a case where the hostname found via the default
method, or by lookup on listen_addr is the hostname you
want to use?
I might change the config file it uses for this though.
/etc/func/minion.conf makes more sense for me. /etc/func/minion.conf
defines the behaviour of the funcd, while /etc/certmaster/minion.conf
defines the certmaster for the minions. Though in this
case, it's a little blurry, especially since get_hostname is already
using the /etc/certmater/minion.conf.
Adrian
_______________________________________________
Func-list mailing list
Func-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/func-list
