Thanks for your suggestions, Running masterless is a bit too exotic, since we would like to use all those nice features that make a Puppet installation complete: specially hiera searches and PuppetDB. Modules, too, should be compatible with other clusters, so no big deviations can occur.
Enabling auto-sign, as Jose Luis suggested, may be a possibility. I have just checked myself if autosign works if the same node was already registered in the CA... but according to the documentation it does not look like it, not to mention the security issues that come with it. Does the certificate name need to match the fqdn for puppet to allow connections? Thanks! BR/Pablo On 01/09/2014 12:16 PM, Andrey Kozichev wrote: > > Maybe look into running masterless to avoid problems with certs. Just > run puppet apply on the new server. > > On 9 Jan 2014 09:42, "Pablo Fernandez" <pablo.fernan...@cscs.ch > <mailto:pablo.fernan...@cscs.ch>> wrote: > > Dear all, > > We are thinking about the possibility of using Puppet in an > image-based > cluster. The compute nodes would boot and load the whole image to a > ramdisk, where r/w access is granted afterwards. > > Our idea is to have a sample compute node running puppet where to > create > the image from, and periodically extract a new image from it. > Nodes that > reboot, simply take that image, change the hostname and IP addresses, > and little more (typical in image-based systems). The nice thing about > this is that, since the source image is from a puppetized host, its > clones will be as well! So changes in the puppet configuration will be > applied immediately to the nodes. > > Does it sound right? I currently foresee a problem with the puppet > node > certificates: is it possible to use a generic certificate, to enable > trust between puppet server and clients, but having each node a > different fqdn and be treated by puppet as different hosts (including > PuppetDB entries)? I saw different facts for each: ::clientcert and > ::fqdn, that gave me hopes. > Besides that, do you see any other problem with this type of > deployment? > Does anybody have experience with something similar? > > Thanks! > BR/Pablo > > -- > You received this message because you are subscribed to the Google > Groups "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, > send an email to puppet-users+unsubscr...@googlegroups.com > <mailto:puppet-users%2bunsubscr...@googlegroups.com>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/52CE6F14.7060508%40cscs.ch. > For more options, visit https://groups.google.com/groups/opt_out. > > -- > You received this message because you are subscribed to the Google > Groups "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/CACzr%3DFc4fKWeGA%3Dz%2B0taUdCognf7mjoReqCTj-WHm7mvachBvQ%40mail.gmail.com. > For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/52CE98CA.3070206%40cscs.ch. For more options, visit https://groups.google.com/groups/opt_out.
