[Pkg-puppet-devel] Bug#514550: Bug#514550: cannot use different certnames for puppetmaster/puppet on the same host

Micah Anderson micah at riseup.net
Sun Feb 8 22:33:05 UTC 2009 

* Matthew Palmer <mpalmer at debian.org> [2009-02-08 16:54-0500]:
> On Sun, Feb 08, 2009 at 10:16:57PM +0100, martin f krafft wrote:
> > also sprach Matthew Palmer <mpalmer at debian.org> [2009.02.08.2203 +0100]:
> > > That's how I do it (puppetmaster SSL in a separate directory),
> > 
> > I'd like that to be default!
> 
> And I'd like a pony.

I'll take a unicorn!

> I'm not the package maintainer, so exclaiming at me isn't going to help your
> case any.  I'm merely stating that this configuration *can* work, and has
> worked for me in production environments, so you can use that argument if
> anyone says "that's not possible", or wants a reference implementation.

One's default preferences, is another's pain in the ass to migrate
everyone who has it setup the way it is now. Since I find the defaults
perfectly fine, I'm happy to entertain that as a default, if you wanna
come up with how to handle the migration of everyone has things setup
the way things are now.

> > > but you could also set an altName on the cert (there's an option
> > > for it somewhere in the Great Pile, but I can't remember what it
> > > is), so that your Puppetmaster's cert was for both vera and
> > > puppetmaster.
> > 
> > Why use one cert when you can use two though?
> 
> Why use two when you can use three though?

Why use two when you can just have one? For some more is better, for
others less is more. There is no preference that will satisfy all, there
is just the endless task of the maintainer to switch back and forth at
the whim of the users who prefer it one way or the other.

There probably is one thing that we can all agree on, this should be
installed right away: http://cornify.com/

micah
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-puppet-devel/attachments/20090208/77b92840/attachment.pgp

More information about the Pkg-puppet-devel mailing list