controlling argument passed to ENC script for AWS
113 views
Skip to first unread message
John Pyeatt
Feb 27, 2014, 4:57:21 PM2/27/14
to puppet...@googlegroups.com
I am trying to use one puppetmaster to support multiple AWS VPCs. In other words, I am trying to have one puppetmaster support multiple independent networks.
The problem with this is that it is possible for machines on two different VPCs to have the same hostname/ipaddress.
I use an ENC script on the puppetmaster to classify what types of classes to load to an agent machine based on the hostname that is passed to the ENC script.
But the hostname isn't enough information because as I mentioned above, two different agents might have the same hostname but live in different VPCs.The problem with this is that it is possible for machines on two different VPCs to have the same hostname/ipaddress.
I use an ENC script on the puppetmaster to classify what types of classes to load to an agent machine based on the hostname that is passed to the ENC script.
--
John Pyeatt
Singlewire Software, LLC
www.singlewire.com
------------------
608.661.1184
john....@singlewire.com
Christopher Wood
Feb 27, 2014, 5:45:29 PM2/27/14
to puppet...@googlegroups.com
(inline)
On Thu, Feb 27, 2014 at 03:57:21PM -0600, John Pyeatt wrote:
> I am trying to use one puppetmaster to support multiple AWS VPCs. In other
> words, I am trying to have one puppetmaster support multiple independent
> networks.
>
> The problem with this is that it is possible for machines on two different
> VPCs to have the same hostname/ipaddress.
If two machines have the same ip address, how does your puppetmaster route to them both?
> I use an ENC script on the puppetmaster to classify what types of classes
> to load to an agent machine based on the hostname that is passed to the
> ENC script.
This sounds like you want to use a non-hostname certname, set in the puppet.conf on build.
http://docs.puppetlabs.com/references/latest/configuration.html#certname
> But the hostname isn't enough information because as I mentioned above,
> two different agents might have the same hostname but live in different
> VPCs.
>
> Is there any way to customize the identifier that is passed from the agent
> to the enc script on the puppetmaster? Ideally, I would like to pass the
> vpc-id and the hostname. That would guarantee uniqueness.
>
> I looked at the puppet inventory service a bit, but I don't think that
> would solve my problem either.
> --
> John Pyeatt
> Singlewire Software, LLC
> [1]www.singlewire.com
> ------------------
> 608.661.1184
> [2]john....@singlewire.com
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users...@googlegroups.com.
> To view this discussion on the web visit
> [3]https://groups.google.com/d/msgid/puppet-users/CAEisTLmNnN7AyfdxgAWvAHrgB3G9O4c_pk1eT%2BPkOh5b7%3Ddv9g%40mail.gmail.com.
> For more options, visit [4]https://groups.google.com/groups/opt_out.
>
> References
>
> Visible links
> 1. http://www.singlewire.com/
> 2. mailto:john....@singlewire.com
> 3. https://groups.google.com/d/msgid/puppet-users/CAEisTLmNnN7AyfdxgAWvAHrgB3G9O4c_pk1eT%2BPkOh5b7%3Ddv9g%40mail.gmail.com
> 4. https://groups.google.com/groups/opt_out
On Thu, Feb 27, 2014 at 03:57:21PM -0600, John Pyeatt wrote:
> I am trying to use one puppetmaster to support multiple AWS VPCs. In other
> words, I am trying to have one puppetmaster support multiple independent
> networks.
>
> The problem with this is that it is possible for machines on two different
> VPCs to have the same hostname/ipaddress.
> I use an ENC script on the puppetmaster to classify what types of classes
> to load to an agent machine based on the hostname that is passed to the
> ENC script.
http://docs.puppetlabs.com/references/latest/configuration.html#certname
> But the hostname isn't enough information because as I mentioned above,
> two different agents might have the same hostname but live in different
> VPCs.
>
> Is there any way to customize the identifier that is passed from the agent
> to the enc script on the puppetmaster? Ideally, I would like to pass the
> vpc-id and the hostname. That would guarantee uniqueness.
>
> I looked at the puppet inventory service a bit, but I don't think that
> would solve my problem either.
> --
> John Pyeatt
> Singlewire Software, LLC
> ------------------
> 608.661.1184
> [2]john....@singlewire.com
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users...@googlegroups.com.
> To view this discussion on the web visit
> [3]https://groups.google.com/d/msgid/puppet-users/CAEisTLmNnN7AyfdxgAWvAHrgB3G9O4c_pk1eT%2BPkOh5b7%3Ddv9g%40mail.gmail.com.
> For more options, visit [4]https://groups.google.com/groups/opt_out.
>
> References
>
> Visible links
> 1. http://www.singlewire.com/
> 2. mailto:john....@singlewire.com
> 3. https://groups.google.com/d/msgid/puppet-users/CAEisTLmNnN7AyfdxgAWvAHrgB3G9O4c_pk1eT%2BPkOh5b7%3Ddv9g%40mail.gmail.com
> 4. https://groups.google.com/groups/opt_out
John Pyeatt
Feb 27, 2014, 7:02:35 PM2/27/14
to puppet...@googlegroups.com
See comments below.
On Thu, Feb 27, 2014 at 4:45 PM, Christopher Wood <christop...@pobox.com> wrote:
(inline)
If two machines have the same ip address, how does your puppetmaster route to them both?
On Thu, Feb 27, 2014 at 03:57:21PM -0600, John Pyeatt wrote:
> I am trying to use one puppetmaster to support multiple AWS VPCs. In other
> words, I am trying to have one puppetmaster support multiple independent
> networks.
>
> The problem with this is that it is possible for machines on two different
> VPCs to have the same hostname/ipaddress.
(I thought it was the agent that was initiating the connection, not the puppetmaster, so in that context the ip address of the agent doesn't matter. In the ENC processing it does).
This sounds like you want to use a non-hostname certname, set in the puppet.conf on build.
> I use an ENC script on the puppetmaster to classify what types of classes
> to load to an agent machine based on the hostname that is passed to the
> ENC script.
http://docs.puppetlabs.com/references/latest/configuration.html#certname
(That's different. That's the name of the certificate as it is stored in /etc/puppet/ssl/cert/signed.) What I need to control is the value for the first, and only argument that is passed to the ENC.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20140227224529.GA4547%40iniquitous.heresiarch.ca.
For more options, visit https://groups.google.com/groups/opt_out.
--
John Pyeatt
Singlewire Software, LLC
Patrick Kelso
Feb 27, 2014, 5:19:08 PM2/27/14
to puppet...@googlegroups.com
On Fri, Feb 28, 2014 at 8:57 AM, John Pyeatt <john....@singlewire.com> wrote:
> I am trying to use one puppetmaster to support multiple AWS VPCs. In other
> words, I am trying to have one puppetmaster support multiple independent
> networks.
>
> The problem with this is that it is possible for machines on two different
> VPCs to have the same hostname/ipaddress.
>
> I use an ENC script on the puppetmaster to classify what types of classes to
> load to an agent machine based on the hostname that is passed to the ENC
> script.
>
> But the hostname isn't enough information because as I mentioned above, two
> different agents might have the same hostname but live in different VPCs.
>
> Is there any way to customize the identifier that is passed from the agent
> to the enc script on the puppetmaster? Ideally, I would like to pass the
> vpc-id and the hostname. That would guarantee uniqueness.
>
> I looked at the puppet inventory service a bit, but I don't think that would
> solve my problem either.
John,
> I am trying to use one puppetmaster to support multiple AWS VPCs. In other
> words, I am trying to have one puppetmaster support multiple independent
> networks.
>
> The problem with this is that it is possible for machines on two different
> VPCs to have the same hostname/ipaddress.
>
> I use an ENC script on the puppetmaster to classify what types of classes to
> load to an agent machine based on the hostname that is passed to the ENC
> script.
>
> But the hostname isn't enough information because as I mentioned above, two
> different agents might have the same hostname but live in different VPCs.
>
> Is there any way to customize the identifier that is passed from the agent
> to the enc script on the puppetmaster? Ideally, I would like to pass the
> vpc-id and the hostname. That would guarantee uniqueness.
>
> I looked at the puppet inventory service a bit, but I don't think that would
> solve my problem either.
Have you had a look at using the Amazon AMI metadata? Set a
customer tag for the VPC env and use it with Puppet.
This is what I've used to solve a similar issue.
http://stackoverflow.com/a/19785580
Regards,
Patrick Kelso
John Pyeatt
Feb 28, 2014, 11:23:11 AM2/28/14
to puppet...@googlegroups.com
I think I have this resolved.
the certname was in fact the solution. I had a permissions problem that looked like things weren't working correctly. Once I got that straightened out the value passed into my ENC script (vpc-id plus hostname) worked fine.Thanks
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CANf9H4YLNVvJ0iDVKVSMojPpUQGQ5cJoFXq87%3DJ%3DP3JnrvFNgQ%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.
Reply all
Reply to author
Forward
0 new messages