On 02/20/2013 01:28 PM, [email protected] wrote: > And what would be the purpose of that? That still includes using puppet > to create CA, and I want to avoid that completely.
Ah, right. I forgot step 5. Which is replacing the CA with one created using openssl. Of course, all other certs are obsolete after you do that, so you can use your shiny new process of certifying agents to make them new ones. > 1. Puppetmaster's vm's are being booted. No CA nor cert actions taken. > > 2. User goes to web app, click's 'generate CA' - CA gets generated. A simpler alternative might be: 1a. User creates puppetmaster vm for a new pool, that bootstraps itself with a CA certificate 1b. User adds a puppetmaster vm to an existing pool, by cloning another VM That way, you need not even implement a frontend for generating CAs on the fly. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
