Yeah, a simple script which enable autosign for the installed host for example in your kickstart/jumpstart whatever you could do wget http://puppet/install this should contact a simple cgi script which adds the entry of that host to /etc/puppet/autosign.conf than the client runs puppet, which signs the certificate automatically. afterwards, you can either parse the puppet master logs to remove the autosign, or do another wget request which removes the certificate.
you might want to do puppetca --clean before you enable the autosign. Ohad On Wed, Nov 5, 2008 at 7:37 AM, RijilV <[EMAIL PROTECTED]> wrote: > > 2008/11/4 AndrewHolt <[EMAIL PROTECTED]>: > > > > Hi, > > > > If I install the facter & puppet client software via an automated > > process (kickstart, jumpstart, imaging) how can I distribute keys so I > > don't have to do the certificate signing manually ? > > > > You can just turn on autosigning on the puppetmaster. > > In the past I did something a bit more complex because we had a CA > hierarchy and client certs needed to be generated from the correct > signing authority - I did this as a ~20 line php web application that > pulled the reverse DNS of the requester and handed it a tarball of the > certs. > > Honestly I'd probably just try to do something with autosigning on the > puppetmaster - pushing around private keys makes me uncomfortable just > on principle. > > > .r' > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
