Go decentralized. Instead of signing certificates, make ssh keys. Don’t give the keys to non-admins You can use Git as your transport instead of subversion, and then you can branch for different machines/roles, and then version your changes, as well as allowing for… but you must know the DVCS spiel at this point. It’s faster, … Read more
Concise answer The issue CRL is not yet valid for indicates that the time between the Puppet-agent and the Puppetmaster is out of sync. Sync the time (NTP). Remove the certificate from the Puppet-agent and Puppetmaster as well and run Puppet on the agent. Comprehensive answer CRL is not yet valid for resides in the … Read more
aws ec2 describe-instances –filter Name=ip-address,Values=IP_1,..IP_N Should do what you need. use the filter name of private-ip-address to select using private address in your VPC. Pipe through something like jq -r ‘.Reservations[].Instances[] | .InstanceId, .PublicIpAddress’ if you want the corresponding InstanceID
So… this is a bit embarrassing, but… Environments. Right there in my /etc/puppet.conf file is this: [master] manifest=$confdir/manifests/site.pp modulepath=$confdir/environments/$environment/modules:$confdir/modules After throwing strace at it to figure out where it was hunting for files, I noticed something. It was looking for custommod under /etc/puppet/environments/production/modules, and since there was a directory there (empty), it did not then … Read more