pwan's questions

I have a cert that include an X509v3 Subject Alternative setting, but Chrome 67.0.3396.99 is saying the Subject Alternative Name is missing even though it looks like it's included in the cert.

Here's the X509v3 portion of the cert as per openssl s_client -showcerts -connect www.mysite.org:443 </dev/null 2> /dev/null | openssl x509 -noout -text

    X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: 
                Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment
            X509v3 Subject Alternative Name: 
                DNS:www.mysite.org
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
               <redacted>

The Subject of the cert is Subject: CN = www.mysite.org.

Am I missing some additional X509v3 setting that that Chrome's expecting so it'll accept the SAN ?

I have a puppet client 'my-client' where the certificate name is 'my-clients-certname' instead of the being the same as the hostname. The puppet client and puppetmaster server have been working fine like this for a while. However, now I'd like to start using puppetrun on the client as well, and it's giving an unexpected error.

From the server, here's what I'm seeing if I try to run puppetrun:

[root@puppetmaster ~]$ puppetrun --debug --host my-client
Triggering my-client
Host my-client failed: Server hostname 'my-client' did not match server certificate; expected my-clients-certname
my-client finished with exit code 2
Failed: my-client

I figured if I added the --certname=my-clients-certname argument, that should work, but I get the same 'did not match server certificate output.

[root@puppetmaster ~]$ puppetrun --debug --certname=my-clients-certname my-client
Triggering my-client
Host my-client failed: Server hostname 'my-client' did not match server certificate; expected my-clients-certname
my-client finished with exit code 2
Failed: my-client

Is there some other way I should be telling puppetrun about the client's certname ?

Is there an easy way to return the top level classes applied to a node. By this I mean the classes included in a node definition or ENC equivalent For example with the sample node below, I'd like to return 'return::me' and 'return::me2' for somehost, but not 'dontreturn::me'

class return::me {
   include dontreturn::me
}
node "somehost" {
   include return::me
   include return::me2
}

I see that /var/lib/puppet/state/classes.txt includes the full list of classes applied to the node, but that includes any additional classes included by to the top level classes.

Is there some way to get at this data with a puppet faces command ? I suspect 'puppet nodes' might be useful, but I haven't been able to get it return what I what.

When I set up a review in Atlassian Crucible, and I set a date, it displays it in DD/MM/YYYY I'd like to switch that over to MM/DD/YYYY, but I don't see anywhere in the configuration to switch that. The closest setting I see is for the timezone, which I have set to EST.

I have Crucible running on a CentOS 6.2 machine that's set to UTC I'm using Crucible version 2.7.14 Build:20120612060728 2012-06-12

My locale is currently set to en_US.UTF-8

> locale | grep LC_TIME
LC_TIME="en_US.UTF-8"

Can someone point out how I can switch the date format in Crucible ?

I have a CentOS machine running rabbitmq-server v2.2.0-1.el5, and rabbitmq is outputting it's log messages to various files under /var/log/rabbitmq.

If there anyway to configure rabbitmq to tell it to redirect its messages to syslog instead ?

I'm hosting some KVM virtual machines on a server with two NICs, eth0 and eth1. I have two networks 192.168.100/24 and 192.168.200/24.

I have set up bridges as per http://www.linux-kvm.com/content/using-bridged-networking-virt-manager so that the 192.168.100/24 hosts use eth0 and the other network uses eth1. This looks to be working OK.

There's a default gateway on the server routing everything to the 192.168.100.1

Each network also has its own Cobbler server on 192.168.100.222 and 192.168.200.222 handling PXE boots and DHCP.

My problem is when I PXE boot machines on the 192.168.200/24 network, I want it to reach the Cobbler server at 192.168.200.222, but it looks like it's always reaching the 192.168.100.222 server instead, probably because of the default gateway setting.

How can I configure the server so that DHCP requests coming off the eth1 bridge go to the 192.168.200.1 gateway instead of the default gateway ?

It doesn't look like I can use policy routing since there VM doesn't have an IP address yet, so what could I be overlooking?