On Sep 17, 2012, at 2:16 PM, Douglas Garstang wrote:
> I probably should have been clearer with my question. I was more
> interested in how people are managing certificates? Even if you use
> autosign, you still need to clean certificates manually.
>
> Doug.
Doug,
We autosign certs for hosts in our datacenter (based on the subdomain wildcard
*.domain.org) and manually sign certs for desktops. All our datacenterhosts are
set to try network booting first, so it's easy to redeploy any of them at any
time. I wrote a re/deployment script that automates all the necessary
deployment steps for linux hosts in our datacenter:
1. It lists the available PXE configs and links the
host's address to the one you select.
2. It reboots the host using ipmi.
3. It schedules the removal of the PXE link (so the
host doesn't stay in a permanent install cycle.)
4. It cleans the host's existing puppet cert.
I have this script up on github, if you want to see how I'm doing it. It pushes
the limits of bash sanity, but it works well.
https://github.com/pmbuko/misc-scripts/blob/master/deployserv.sh
--
Peter Bukowinski
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
