On Thu, Sep 16, 2010 at 1:54 PM, Brice Figureau < [email protected]> wrote:
> On 15/09/10 01:32, Paul Berry wrote: > > This proposal adds functionality to the "puppet master" application, > > when used in the default configuration where it doubles as a > > certificate authority. It allows a suitably authenticated client to > > use the REST API to perform all the actions available through "puppet > > cert", except for "--generate". The client need not have access to an > > OpenSSL library to perform these actions. The interface does not > > compromise the security of the certificate authority's private key. > > Access to this feature will be disabled by default, and can be enabled > > using Puppet's standard "authconfig" mechanism. > > Is the reason why generate is not implemented because it generates the > certs on the master host? > If yes, if I want to generate a cert with this REST API, I need to send > a CSR as a normal puppet client, ask for signing and fetch the signed > cert, is that correct? > If it is correct, then the process should be documented, as I think this > will be the primary use case to bootstrap vm or servers. > Yes, I believe this is correct, and I agree that it should be documented. I'm not sure who is in charge of keeping our documentation of these sorts of things up to date (James, perhaps?), but I'll find out and make sure that it happens. -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
