3

I'm running puppet 2.7.9 on a Debian Squeeze system. The box I'm targeting is named 'puppet'

# hostname
puppet

# facter | grep hostname
hostname => puppet

# cat /etc/hosts | head -n2
127.0.0.1   localhost
127.0.1.1   puppet.example.com  puppet

My node definition looks like so:

node puppet {
    include base, puppet
}

Despite the node documentation asserting that

Node names can be the short host name, or the fully qualified domain name (FQDN).

the above node definition only fires if I substitute the short host name for the FQDN or use a regular expression match, like: "/^puppet..*/". Using the short host name definition:

# puppet agent -vt
info: Caching catalog for puppet.example.com
info: Applying configuration version '1327898040'
notice: Finished catalog run in 0.64 seconds

This run should have had more output. What's going on here; what am I missing?

troutwine
  • 1,452
  • 5
  • 18
  • 33

2 Answers2

1

I understood that the dns hostname "puppet" in the puppet world was reserved for the puppetmaster machine, if you want to target the master machine via it's own puppet server, give it a different hostname and use a dns cname as an alias. That should work, at least, it's what i do.

Sirex
  • 5,499
  • 2
  • 33
  • 54
  • You're quite correct, 'puppet' is generally reserved for the puppet master and I am working on the central puppet machine. Using a CNAME alias sounds like a hack, counter to the assertions of the documentation; surely there's a better way. – troutwine Jan 30 '12 at 13:48
  • well, i kind of assumed that's how its meant to be done, as my puppet server doesn't just serve puppet, and it makes moving the service to another machine easier. Maybe i'm wrong, but i think using a cname of puppet is the way it's actually meant to be done. – Sirex Jan 30 '12 at 14:12
  • 1
    Of course the puppet server doesn't just serve puppet. That said, maybe you are correct? I can't find any documentation to suggest that you are correct, though. The node definition should key off short host name, according to documentation, but I've always made use of the FQDN. – troutwine Jan 30 '12 at 17:05
  • maybe its an undocumented, not sure. I just use the machine's real hostname though, which avoids the issue. Can only suggest trying that. – Sirex Jan 31 '12 at 07:48
  • Real hostname? Do you mean the short host name? The output of `$ hostname` on the box in question is `puppet`, which I've added to the text of the question. – troutwine Jan 31 '12 at 15:28
  • 1
    to clarify (as this question just wen't back to the top of SF), the node should be called anything else, myserver01 or such, and use that for matching the node name, not 'puppet' (which would be the cname) – Sirex Aug 13 '13 at 20:57
0

Since puppet 7 (way after the question was posted), this changed...

see this "bug" link

the decision was to change the default for strict_hostname_checking from false to true in the next release and to remove the option entirely (and only allow strict hostname checking) in Puppet 7

Now there is no strict_hostname_checking variable to configure this, and it works like it's true now, so you can only match fqdn by the raw node name, eg.

node somemachineX {
    include somemodule
}
node default {
    notify {"using default node": }
}

is going to say "using default node", and not going to include somemodule for your host somemachineX.yourdomain.com ...but either of these would work:

node /^somemachineY/ {
    include somemodule
}
node 'somemachineZ.yourdomain.com' {
    include somemodule
}

But of course that regex isn't very good and will also match things like:

somemachineYYY.yourdomain.com
somemachineY.wrongdomain.com

And see docs about it and see it's not up to date... (the following quote is no longer true)

If strict_hostname_checking is set to false and the node's name looks like a fully qualified domain name (it has multiple period-separated groups of letters, numbers, underscores, and dashes), Puppet chops off the final group

Peter
  • 2,756
  • 1
  • 20
  • 26