Christian Horn wrote: > On Fri, May 01, 2009 at 08:15:16PM +0200, Fabien Dupont wrote: > >> Wouldn't it be possible to have Cobbler manage Puppet's host certificates >> the way it manages DHCP and DNS. >> > > Nice idea! > > >> As far as the Puppet instance is on the >> same server it wouldn't be difficult to call puppetca and we could think of >> downloading certificates from Cobbler SVC during installation time through a >> snippet. >> > > I wouldnt want the cert including the needed private key beeing trans- > ferred over the net in the clear. > Letting cobbler doing the signing of the cert (with accompanying > private key beeing only on the newly deployed box) sounds fine thou. > > A bit better than autosigning since cobbler will only sign the > certs of cobbler-deployed boxen and not some rogue new box on the > network. > > > Christian > _______________________________________________ > cobbler mailing list > [email protected] > https://fedorahosted.org/mailman/listinfo/cobbler >
If I understand this correctly, this would be something like having cobblerd periodically check puppetca to see if any hostnames it new about where in the list? I'm not sure this is a good job for cobblerd (we don't even do this for Func), but it could be done pretty easily as a Cobbler-XMLRPC-API using script, I think, that you could put on cron. --Michael _______________________________________________ cobbler mailing list [email protected] https://fedorahosted.org/mailman/listinfo/cobbler
