On 2011-04-26, Norvell, Preston <Preston.Norvell@xxxxxxxxxxxxxxxxxxxx> wrote: > Reading through it, I have a couple comments: > - I have found no need to modify anything in /etc/certmaster on either the overlords or minions I use the EPEL packages, and they have certmaster=certmaster in /etc/certmaster/minion.conf, and then the minions fails to start. > - Depending on where you get your RPM (I get mine currently from > RPMForge), it may want to install/run certmaster by default. It should > be disabled. Oh.. I hadnÂt noticed. Thanks! IMHO thatÂs a bug in the packaging... skvidal ? > - There is a nascent puppet module to manage minion and overlord configurations here: http://forge.puppetlabs.com/rodjek/func. I used it as the beginning of my work and hope to push the changes back up stream to the author. It might be good to let folks know it exists. I wrote my own yesterday -> http://blag.tanso.net/2011/04/13-puppet-as-certmaster-for-func/ > - I found that I needed to create an acl file in /etc/minion-acl.d with the hostname-certhash of the overlord/puppetmaster on each minion, because rather than defaulting to "*" it defaults to "foo" (literally) for the acl. I didnÂt need that. My minion-acl.d/ is empty, and I can access the minions from the overlord. Hmm.. guess I need to understand the access control model of func better.. -jf _______________________________________________ Func-list mailing list Func-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/func-list