Re: [Puppet Users] Re: Puppet Sites. Your thoughts?

On Fri, 2012-05-11 at 09:39 -0700, Daniel Sauble wrote: Another problem is that if you move services around, you have to update puppet.conf on all nodes that use that service. For example, if you migrate your master to a new host, you have to update puppet.conf on every agent that uses that

Re: [Puppet Users] Re: Puppet Sites. Your thoughts?

On Friday, May 18, 2012 6:58:37 AM UTC-7, seanmil wrote: On Fri, 2012-05-11 at 09:39 -0700, Daniel Sauble wrote: Another problem is that if you move services around, you have to update puppet.conf on all nodes that use that service. For example, if you migrate your master to a new

[Puppet Users] Re: Puppet Sites. Your thoughts?

On Saturday, May 12, 2012 6:14:06 AM UTC-7, Timothy Sutton wrote: Just concerning this PSK aspect of Sites, would this also be a similar alternative to using a shared cert (or set of certs) in tandem with the node_name_value or node_name_fact, as was recently suggested by Gary in this

Re: [Puppet Users] Re: Puppet Sites. Your thoughts?

I have no issue with the PSK technique BUT, I do have a couple questions/concerns: 1) Please keep the old syntax in place so that users don't have to run about modifying scripts everywhere. Internal command aliases should work fine. 2) You say that we shouldn't be trusting the network (fine),

Re: [Puppet Users] Re: Puppet Sites. Your thoughts?

On Mon, May 14, 2012 at 1:14 PM, Trevor Vaughan tvaug...@onyxpoint.comwrote: I have no issue with the PSK technique BUT, I do have a couple questions/concerns: 1) Please keep the old syntax in place so that users don't have to run about modifying scripts everywhere. Internal command aliases

Re: [Puppet Users] Re: Puppet Sites. Your thoughts?

Just concerning this PSK aspect of Sites, would this also be a similar alternative to using a shared cert (or set of certs) in tandem with the node_name_value or node_name_fact, as was recently discussed in this thread? https://groups.google.com/d/msg/puppet-users/2s0PJ7p_S7M/jLVUjL34Wz4J In

[Puppet Users] Re: Puppet Sites. Your thoughts?

Just concerning this PSK aspect of Sites, would this also be a similar alternative to using a shared cert (or set of certs) in tandem with the node_name_value or node_name_fact, as was recently suggested by Gary in this thread?

[Puppet Users] Re: Puppet Sites. Your thoughts?

Does this require that a human being has to be in the loop every time a node joins the site? How would one automate 100% the provisioning of new hosts? With the current system, I can turn on auto-sign and have some simple rules for which nodes I will accept, and trust in the knowledge that I

[Puppet Users] Re: Puppet Sites. Your thoughts?

On Thursday, May 10, 2012 3:05:38 PM UTC-7, jcbollinger wrote: On May 10, 2:04 pm, Daniel Sauble djsau...@puppetlabs.com wrote: On Thursday, May 10, 2012 11:37:34 AM UTC-7, ohad wrote: On Thu, May 10, 2012 at 9:34 PM, Daniel Sauble djsau...@puppetlabs.comwrote: On

Re: [Puppet Users] Re: Puppet Sites. Your thoughts?

On Fri, May 11, 2012 at 12:21 PM, Daniel Sauble djsau...@puppetlabs.comwrote: On Thursday, May 10, 2012 3:05:38 PM UTC-7, jcbollinger wrote: On May 10, 2:04 pm, Daniel Sauble djsau...@puppetlabs.com wrote: On Thursday, May 10, 2012 11:37:34 AM UTC-7, ohad wrote: On Thu, May 10, 2012

[Puppet Users] Re: Puppet Sites. Your thoughts?

On Friday, May 11, 2012 5:56:10 AM UTC-7, Marc Zampetti wrote: Does this require that a human being has to be in the loop every time a node joins the site? How would one automate 100% the provisioning of new hosts? With the current system, I can turn on auto-sign and have some simple rules

[Puppet Users] Re: Puppet Sites. Your thoughts?

On May 10, 12:44 pm, Daniel Sauble djsau...@puppetlabs.com wrote:    - Securely add nodes to your deployment without manually signing    certificates on the CA...       - ...so that you can have the advantages of autosigning without its       security problems. I'm about to engage on a

Re: [Puppet Users] Re: Puppet Sites. Your thoughts?

On Thu, May 10, 2012 at 11:39 AM, windowsrefund windowsref...@gmail.comwrote: Personally, I have no interest in logging into my puppet servers and running commands. It seems like this problem is better solved with a real monitoring solution. Our intent is to expose this information via APIs

[Puppet Users] Re: Puppet Sites. Your thoughts?

On Thursday, May 10, 2012 10:39:22 AM UTC-7, windowsrefund wrote: On May 10, 12:44 pm, Daniel Sauble djsau...@puppetlabs.com wrote: - Securely add nodes to your deployment without manually signing certificates on the CA... - ...so that you can have the advantages of

Re: [Puppet Users] Re: Puppet Sites. Your thoughts?

- Original Message - From: Daniel Sauble djsau...@puppetlabs.com To: puppet-users@googlegroups.com Sent: Thursday, May 10, 2012 7:34:14 PM Subject: [Puppet Users] Re: Puppet Sites. Your thoughts? On Thursday, May 10, 2012 10:39:22 AM UTC-7, windowsrefund wrote: On May 10, 12

Re: [Puppet Users] Re: Puppet Sites. Your thoughts?

On Thursday, May 10, 2012 11:37:34 AM UTC-7, ohad wrote: On Thu, May 10, 2012 at 9:34 PM, Daniel Sauble djsau...@puppetlabs.comwrote: On Thursday, May 10, 2012 10:39:22 AM UTC-7, windowsrefund wrote: On May 10, 12:44 pm, Daniel Sauble djsau...@puppetlabs.com wrote: - Securely

[Puppet Users] Re: Puppet Sites. Your thoughts?

On May 10, 2:04 pm, Daniel Sauble djsau...@puppetlabs.com wrote: On Thursday, May 10, 2012 11:37:34 AM UTC-7, ohad wrote: On Thu, May 10, 2012 at 9:34 PM, Daniel Sauble djsau...@puppetlabs.comwrote: On Thursday, May 10, 2012 10:39:22 AM UTC-7, windowsrefund wrote: On May 10, 12:44