Re: re: certmaster 0.24 patch

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



func@xxxxxxxxxxxxx wrote:
Thanks for the reply Adrian.  I believe it's necessary because the listen_addr only seems to apply to the certmaster server.  In my case, the certmaster server has only one interface.

One of the other servers that I wish to control (a minion) has 3 interfaces and multiple names (it has several virtual hosts and such as well). When it requests to be signed by the overlord, it is asking for the overlord to sign as the FQDN rather than the desired alias.  If I set the listen_addr in func/minion.conf and/or certmaster/minion_conf it has no noticeable effect.  If I set "minion_name= myalias" then it works perfectly from my perspective-- when funcd starts it requests to be signed as "myalias" rather than as it's FQDN.

Hmm, func/minion.conf:listen_addr should be doing something. Wonder if it's just broken. certmaster/minion.conf:listen_addr should be ignored though.

I'll check the minion listen_addr and make sure it's doing what it's supposed to. If it is, it should handle most cases, though there are certainly cases where specifying the hostname to use would be useful, so I'll merge the minion_name into the tree.

Most of the minions asking to be signed only have one ip address so things work fine for them.  Although one minion didn't have domainname set so it requested as just the host.  To solve that I could either set the domainname -or- set the minion_name in the minion.conf file (using the patch).

Adrian

_______________________________________________
Func-list mailing list
Func-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/func-list

[Index of Archives]     [Fedora Users]     [Linux Networking]     [Fedora Legacy List]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]

  Powered by Linux