I think that is the workflow I am going to use, before I kick off the rebuild run
puppetca --clean <fqdn> and keep the <fqdn> in the autosign.conf so when it rebuilds and kicks off the puppet service the ca just autosigns the cert. It would be nice to be able to set a special key/password that the puppet daemon could send that would tell the ca to revoke previous keys and autosign a new key for that host. On Mon, Jan 17, 2011 at 12:29 PM, Matt <[email protected]> wrote: > one thing to keep in mind is if the server is the same name previously > there will be an issue where you will need to use the puppetca on the > master to clean out the old cert. > > On Jan 14, 3:36 pm, Ohad Levy <[email protected]> wrote: > > One way would be to enable autosign when you request your kickstart... if > > you ks is dynamically generated, that could be easily scripted. > > > > alternatively, you can have a look at Foreman [1] which handle this kind > of > > things for you. > > > > Ohad > > > > [1] -http://theforeman.org > > > > > > > > On Fri, Jan 14, 2011 at 9:04 PM, Derek Tracy <[email protected]> wrote: > > > I am implementing Puppet on a small RHEL 5.3 cluster (~14 machines). > These > > > boxes will be rebuilt via kickstart at least once a month. What would > be > > > the best way to handle the certificate signing, preferably one that has > the > > > least interaction? I want to be able to kick off the rebuild and walk > away > > > knowing that Puppet will startup and take care of the rest of the > config. > > > > > --------------------------------- > > > Derek Tracy > > > [email protected] > > > --------------------------------- > > > > > -- > > > You received this message because you are subscribed to the Google > Groups > > > "Puppet Users" group. > > > To post to this group, send email to [email protected]. > > > To unsubscribe from this group, send email to > > > [email protected]<puppet-users%[email protected]> > <puppet-users%2Bunsubscribe@googlegroups.com> > > > . > > > For more options, visit this group at > > >http://groups.google.com/group/puppet-users?hl=en.- Hide quoted text - > > > > - Show quoted text - > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<puppet-users%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
