I probably should have been clearer with my question. I was more interested in how people are managing certificates? Even if you use autosign, you still need to clean certificates manually.
Doug. On Mon, Sep 17, 2012 at 6:25 AM, Keiran Sweet <kei...@gmail.com> wrote: > Hi There, > I manage a relatively large RHEL environment, we handle provisioning as > follows: > > - PXE + Kickstart to bootstrap and install the base OS + Puppet client onto > the platform, be it VMWare or bare metal > - Kickstart post scripts put a basic puppet configuration file in place on > the host, and a number of the values for things such as environment and > puppetmaster come from Foreman's Macro's, this allows values in the ENC to > flow into the kickstart files before your first puppet run. > > We then run in the %post section of the kickstart file the following: > - A Puppet run that bootstraps the puppet client using tags ie, --tags > puppet::client > - A full puppet run via puppet agent -tov which applys the SOE to the > platform > > That provides on first boot a fully configured RHEL server that includes all > our additional software and customisations in about 3-5 minutes (not > including POST) > > In regards to certs, we have a relatively open autosign.conf on our build > networks, so we can provision servers , physical or virtual quite quickly by > just hitting F12 for a network boot. I am sure there are some cleaner/more > secure things we can do provisioning wise, however these have been slightly > hindered by the RHN Satellite server i've been slowly pulling out of the > environment at the same time, as it had the potential to break things if i > wasnt careful. > > ENC wise, I can't recommend Foreman enough, version 1.x is just brilliant, > you can see the macros it can provide here: > http://theforeman.org/projects/foreman/wiki/TemplateWriting > > Hope this helps, > > K > > > > > > > > > > On Sunday, September 16, 2012 7:22:03 AM UTC+1, Douglas wrote: >> >> I'm wondering what people are doing systems provisioning with, ie the >> process that gets puppet installed onto a system, running for the >> first time, and also the handling of certificate signing and so forth. >> I don't see this topic discussed much. >> >> The mc-provision tools at >> https://github.com/ripienaar/mcollective-server-provisioner don't seem >> to be actively developed anymore, or at least I wasn't able to find >> enough documentation to be able to effectively make use of it. >> >> Doug > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/NrKmbHHiaq8J. > > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. -- Regards, Douglas Garstang http://www.linkedin.com/in/garstang Email: doug.garst...@gmail.com Cell: +1-805-340-5627 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
