On Fri, Mar 11, 2011 at 10:38 AM, Patrick < [email protected]> wrote:
> > > On 8 Mrz., 14:54, Disconnect <[email protected]> wrote: > > Alternately, running the puppetca clean before starting the new client > will > > result in the standard unsigned behavior. > > Maybe, but it would be nice to save this extra afford. In our case, > we do not want the security features of puppet. > > > (I do think its pretty broken that trying once with the wrong cert > poisons > > the client - if it is an attack, they can just wipe the client cert > again, > > and if it isn't - eg in your case - then it breaks..) > > We know, but we are using build servers in a trusted network.. The > buildservers are often reinstalled and we do not want to manage the > certificates. > > You can use a tool like foreman which automates this whole process. Ohad -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
