On 05/21/2012 05:16 PM, Erinn Looney-Triggs wrote: > On 05/21/2012 01:00 PM, Jan-Frode Myklebust wrote: >> If joining a machine to IPA automatically gives it a SSL keyset, it >> seems silly to also join the puppetca for config management. >> >> Has anybody looked into using IPA-dogtag as CA for puppet and func? >> >> >> -jf >> >> _______________________________________________ >> Freeipa-users mailing list >> Freeipa-users@redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-users > This has been something of a project for me, but it has been on the back > burner whilst I deal with other things (the usual story right). > > There shouldn't be any technical reason why this can't be done, it is > just a matter of getting the certs in the right format, I expect a > bridge between puppet, func, and certmonger is on order and then you > would be good to go. > > In my mind there are too many CAs running around and I like one to rule > them all. I, like you I suspect, run func and puppet as well as IPA > giving me three CAs. Now func can rely on puppet as the CA if you > configure it to, but I want just one :). > > Anyway just my thoughts, no real progress in that direction though yet, > > -Erinn > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users Most likely we will be working with Foreman community [1] to try to solve this and other problems. It might make sense to consolidate the effort.
[1] http://theforeman.org/projects/foreman -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users