On Fri, May 01, 2009 at 08:15:16PM +0200, Fabien Dupont wrote: > > Wouldn't it be possible to have Cobbler manage Puppet's host certificates > the way it manages DHCP and DNS.
Nice idea! > As far as the Puppet instance is on the > same server it wouldn't be difficult to call puppetca and we could think of > downloading certificates from Cobbler SVC during installation time through a > snippet. I wouldnt want the cert including the needed private key beeing trans- ferred over the net in the clear. Letting cobbler doing the signing of the cert (with accompanying private key beeing only on the newly deployed box) sounds fine thou. A bit better than autosigning since cobbler will only sign the certs of cobbler-deployed boxen and not some rogue new box on the network. Christian _______________________________________________ cobbler mailing list [email protected] https://fedorahosted.org/mailman/listinfo/cobbler
