Hello All, TL;DR: what's the best way to grab a SSL cert and key during kickstart?
(this is all using CentOS 7.2 latest) I'm using Foreman to manage my kickstart and Puppet services, and its built-in FreeIPA client enrollment works just fine. However I'd like to also request a certificate and key for a Puppet client to use to authenticate to the Foreman-controlled Puppet server. If I manually set up a puppet client then it works just fine. I use something like this: # ipa-getcert request -w -r -f /var/lib/puppet/ssl/certs/<%= @host.name %>.pem -k /var/lib/puppet/ssl/private_keys/<%= @host.name %>.pem # cp /etc/ipa/ca.crt /var/lib/puppet/ssl/certs/ca.pem (then setting the correct paths and settings in /etc/puppet/puppet.conf) I tried to make that work inside the Kickstart process, but as those commands are running inside a kickstart chroot the certmonger service won't start. Is there a better method to grab a SSL cert and key for the host during kickstart? Or should I just wait until firstboot and perform the steps at that point? Many Thanks and FreeIPA is really amazing! Anthony Clark
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project