Puppet Certificates and CNAMEs

Support
1

Hi folks,

When I put my Foreman/Puppet architecture into production the requirement I
am working against is to allow the use of "service names" instead of the
fqdn of the host to access Puppet and Foreman.

In my testing in my lab I have generated a cert against (I'm sanitizing
here) the service name pocpuppet.{fqdn} which went well. I put in the
dns_alternate_names in puppet.conf (where's the right place for that?
main?).

Everything seems to be going smoothly with puppet itself but for whatever
reason the foreman-proxy is looking for the cert with the original fqdn of
the host itself.

I went into every foreman YAML file out there and put the service name in
place of the hostname and it still is looking for the original server.

Anybody else run into this? Any thoughts.

··· --

Peter L. Berghold Salty.Cowdawg@gmail.com

h http://blog.berghold.netttp://science-fiction.berghold.net

2

Sorry, this is a duplicate of what I sent yesterday. I meant to post this
over on the Puppet list, but if anybody out there has a comment feel free.

··· On Thu, Feb 12, 2015 at 11:03 AM, Peter Berghold wrote:

Hi folks,

When I put my Foreman/Puppet architecture into production the requirement
I am working against is to allow the use of “service names” instead of the
fqdn of the host to access Puppet and Foreman.

In my testing in my lab I have generated a cert against (I’m sanitizing
here) the service name pocpuppet.{fqdn} which went well. I put in the
dns_alternate_names in puppet.conf (where’s the right place for that?
main?).

Everything seems to be going smoothly with puppet itself but for whatever
reason the foreman-proxy is looking for the cert with the original fqdn of
the host itself.

I went into every foreman YAML file out there and put the service name in
place of the hostname and it still is looking for the original server.

Anybody else run into this? Any thoughts.

Peter L. Berghold Salty.Cowdawg@gmail.com

h http://blog.berghold.netttp://science-fiction.berghold.net

Peter L. Berghold Salty.Cowdawg@gmail.com

h http://blog.berghold.netttp://science-fiction.berghold.net