On 05/21/2012 05:16 PM, Erinn Looney-Triggs wrote:
> On 05/21/2012 01:00 PM, Jan-Frode Myklebust wrote:
>> If joining a machine to IPA automatically gives it a SSL keyset, it
>> seems silly to also join the puppetca for config management.
>> Has anybody looked into using IPA-dogtag as CA for puppet and func?
>> Freeipa-users mailing list
> This has been something of a project for me, but it has been on the back
> burner whilst I deal with other things (the usual story right).
> There shouldn't be any technical reason why this can't be done, it is
> just a matter of getting the certs in the right format, I expect a
> bridge between puppet, func, and certmonger is on order and then you
> would be good to go.
> In my mind there are too many CAs running around and I like one to rule
> them all. I, like you I suspect, run func and puppet as well as IPA
> giving me three CAs. Now func can rely on puppet as the CA if you
> configure it to, but I want just one :).
> Anyway just my thoughts, no real progress in that direction though yet,
> Freeipa-users mailing list
Most likely we will be working with Foreman community  to try to
solve this and other problems.
It might make sense to consolidate the effort.
Sr. Engineering Manager IPA project,
Red Hat Inc.
Looking to carve out IT costs?
Freeipa-users mailing list