You should just be able to get the certificate signed on one of them and
then put the whole /var/lib/puppet directory in the image. Remember
that with this method, any computer that can access the PXE server can
pretend to be one of those servers to the puppetmaster.
It'll also be annoying to set different configurations on those servers
because they have the same cert name. I don't know if this is a
problem.
Why not just not launch puppet in the PXE image, but add it to
/etc/rc.conf and/or /sbin/chkconfig, so when the PXE image servers boot
for the first time, they'll generate a certificate request and you can
just sign it on the puppetmaster?
I would keep individual certificate signing as a manual process - it's
your final checkpoint to make sure the server really is who you think it
is :)
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
