Re: stateless client hostnames

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2006-10-27 at 02:25 -0600, Jeffrey Law wrote:
> On Thu, 2006-10-26 at 08:56 +0100, Mark McLoughlin wrote:
> > On Wed, 2006-10-25 at 16:32 -0600, Jeffrey Law wrote:
> > 
> > > This would normally be handled by the standard dhcp client, but
> > > it doesn't appear that NetworkManager sets the client hostname,
> > > even if a hostname is provided by the dhcp server.
> > 
> > I wonder if that's fixable ...
> Possibly.  It may also be intentional.  I haven't investigated much
> yet.
> 
> NetworkManager does have the ability to run scripts when interfaces
> are brought up/down.  We could include a script to set the hostname
> based on the IP address of the link that's being brought up.
> 
> > 
> > > Did we already hash through this, or did we hand-wave it away?
> > 
> > Hand-waved it I think :-)
> :-)
> 
> This does highlight something I don't like about puppet.  If I've
> got a client, myclient.mydomain, the file containing the client's
> cert is myclient.mydomain.someextension.
> 
> Now if my client happens to be a laptop and I hit the road and
> connect to the internet via a hotel's network or something similar,
> I'm going to get a different IP address than normal.
> 
> The different IP address will be associated with a different
> hostname.  Call it roam.roamingnetwork
> 
> When puppet starts, it'll generate a new certificate for
> roam.roamingnetwork rather than using the already generated
> (and signed) certificate myclient.mydomain.
> 
> Odds are this isn't the end of the world, but it's damn
> annoying.

It's also not too hard to fix; puppet uses a small library (facter) to
figure out pesky things like hostname, and facter lets you override how
a certain 'fact' should be determined. To do that,
      * drop the attached file into a file 'facter/stateless.rb' on
        ruby's search path ('.' is on that path, as is any dir in the
        RUBYLIB env var)
      * Create a file '/tmp/stateless' containing a fake FQDN
      * Run 'facter hostname domain fqdn stateless'
That should report the fake FQDN; when the puppet client runs, it will
use that FQDN for finding its cert etc. For stateless, the stateless.rb
file should wind up in the image
(in /usr/lib/ruby/site_ruby/1.8/facter/) so that it's available on all
clients.

Of course, that mechanism could be changed to something else, like
looking at the filename of the private key for the SSL cert ...

David

Attachment: stateless.rb
Description: application/ruby


[Index of Archives]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Linux Media]     [Device Mapper]

  Powered by Linux