Hello all, I am scratching my head currently on a problem. I believe this is not even supposed to work in puppet. But anyway, asking is never wrong.
Here is what I would like to implement: A 'SSL Certificate authority' Much like puppet's ca, but for some reason (please don't ask), I can not use puppetca. I am using the puppetlabs/openssl module, to create certificates and such. Now, here's the workflow: nodeA - the CA. nodeB,C,... - clients So, at setup time, nodeA does not have anything. Thus I create the ca-certs. private and public. The public Cert needs to be exported to all client(s). These will then create their csr, send it to the CA. This will sign it and send the signed cert back to the client. The trouble here is now: * Certificates, CSRs and all that are all created via Exec or X509_cert resources. * These can not be exeported to other nodes via storeconfigs. * Using @@file{"path-to-CSR-OR-CERT": ... } does not work either. If I do not use the "content=> ..." parameter, the collected file will be empty. I am now thinking about these possible solutions: * NFS shared directories, git repositories for CERTs. For some reasons, these obvious solutions are not possible :( * filebucket: I can store CSRs and all CERTs in a remote file-bucket and retrieve them on another client. Problem: I need the file's checksum :( I was thinking of writing a type which is based on filebucket, but can retrieve a file by its path w/o checksum. This would then retrieve the most recent version of that file from the bucket. * puppetdb? I need to explore this one further. I am not really sure about what puppetdb can do. It does more than the old 'storeconfig' functionality. I have the feeling that this could potentially help my endeavour * mcollective? - I never really used this tool, but am somewhat confident that this could solve the problem. given enough time ;) Anyway, it would be great to hear of some solution to this problem. Are there any which I might have missed? I like the filebucket idea. Its simple and would solve the problem at hand easily. If I can somehow make the checksum of my files available to all nodes, this would be the solution. Thanks for your thoughts, udo. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.