On Tue, 2011-04-26 at 21:29 +0200, Jan-Frode Myklebust wrote: > On 2011-04-26, Norvell, Preston <Preston.Norvell@xxxxxxxxxxxxxxxxxxxx> wrote: > > Reading through it, I have a couple comments: > > - I have found no need to modify anything in /etc/certmaster on either the overlords or minions > > I use the EPEL packages, and they have certmaster=certmaster in > /etc/certmaster/minion.conf, and then the minions fails to start. > > > - Depending on where you get your RPM (I get mine currently from > > RPMForge), it may want to install/run certmaster by default. It should > > be disabled. > > Oh.. I hadnÂt noticed. Thanks! > > IMHO thatÂs a bug in the packaging... skvidal ? > > > - There is a nascent puppet module to manage minion and overlord configurations here: http://forge.puppetlabs.com/rodjek/func. I used it as the beginning of my work and hope to push the changes back up stream to the author. It might be good to let folks know it exists. > > I wrote my own yesterday -> > > http://blag.tanso.net/2011/04/13-puppet-as-certmaster-for-func/ > > > - I found that I needed to create an acl file in /etc/minion-acl.d with the hostname-certhash of the overlord/puppetmaster on each minion, because rather than defaulting to "*" it defaults to "foo" (literally) for the acl. > > I didnÂt need that. My minion-acl.d/ is empty, and I can access the minions > from the overlord. Hmm.. guess I need to understand the access control > model of func better.. > > the acls are for minion-to-minion. so you can say 'this minion can run these modules/methods on this other minion' -sv _______________________________________________ Func-list mailing list Func-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/func-list
