I think that is the workflow I am going to use, before I kick off the rebuild run
puppetca --clean <fqdn> and keep the <fqdn> in the autosign.conf so when it rebuilds and kicks off the puppet service the ca just autosigns the cert. It would be nice to be able to set a special key/password that the puppet daemon could send that would tell the ca to revoke previous keys and autosign a new key for that host. On Mon, Jan 17, 2011 at 12:29 PM, Matt <mjbl...@gmail.com> wrote: > one thing to keep in mind is if the server is the same name previously > there will be an issue where you will need to use the puppetca on the > master to clean out the old cert. > > On Jan 14, 3:36 pm, Ohad Levy <ohadl...@gmail.com> wrote: > > One way would be to enable autosign when you request your kickstart... if > > you ks is dynamically generated, that could be easily scripted. > > > > alternatively, you can have a look at Foreman [1] which handle this kind > of > > things for you. > > > > Ohad > > > > [1] -http://theforeman.org > > > > > > > > On Fri, Jan 14, 2011 at 9:04 PM, Derek Tracy <trac...@gmail.com> wrote: > > > I am implementing Puppet on a small RHEL 5.3 cluster (~14 machines). > These > > > boxes will be rebuilt via kickstart at least once a month. What would > be > > > the best way to handle the certificate signing, preferably one that has > the > > > least interaction? I want to be able to kick off the rebuild and walk > away > > > knowing that Puppet will startup and take care of the rest of the > config. > > > > > --------------------------------- > > > Derek Tracy > > > trac...@gmail.com > > > --------------------------------- > > > > > -- > > > You received this message because you are subscribed to the Google > Groups > > > "Puppet Users" group. > > > To post to this group, send email to puppet-users@googlegroups.com. > > > To unsubscribe from this group, send email to > > > puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com> > <puppet-users%2Bunsubscribe@googlegroups.com> > > > . > > > For more options, visit this group at > > >http://groups.google.com/group/puppet-users?hl=en.- Hide quoted text - > > > > - Show quoted text - > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
