On 02/20/2013 01:28 PM, spankthes...@gmail.com wrote: > And what would be the purpose of that? That still includes using puppet > to create CA, and I want to avoid that completely.
Ah, right. I forgot step 5. Which is replacing the CA with one created using openssl. Of course, all other certs are obsolete after you do that, so you can use your shiny new process of certifying agents to make them new ones. > 1. Puppetmaster's vm's are being booted. No CA nor cert actions taken. > > 2. User goes to web app, click's 'generate CA' - CA gets generated. A simpler alternative might be: 1a. User creates puppetmaster vm for a new pool, that bootstraps itself with a CA certificate 1b. User adds a puppetmaster vm to an existing pool, by cloning another VM That way, you need not even implement a frontend for generating CAs on the fly. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
